The other day, an unprecedented event took place that shook the Internet in many countries: the Council of the European Union for the first time applied a new regime of cyber sanctions against Russia, China and North Korea. Prior to that, the EU issued only warnings. The current sanctions against organizations and cybercriminals prohibit entry into the territory of the European Union and seize their accounts in the EU banking systems, writes “Armyinform”.
It should be noted that NATO has been working on the cyber component for a long time, and in 2018 cyberspace was generally recognized as an operating environment and thus equated to military threats. The reason for this was primarily Russia.
The fact is that current technology in many cases allows you to perform various actions and operations around the world without requiring the physical presence of performers. Where the Kremlin’s paw could not reach before, many doors are now open.
Of course, the tasks set by the Russian Federation remain unchanged – destabilizing the situation wherever possible. This is especially true of Russia’s neighbors – NATO member states, the Middle East and Latin America. However, cyberattacks can often be far more threatening than physical combat and inflict enormous economic and political damage.
Russia is mostly trying to make cyber attacks on energy networks, process control systems, infrastructure, financial institutions, information systems. As the experience of modern wars and conflicts shows, the hot phase of hostilities is preceded by cyberattacks, the spread of fakes, misinformation, and so on.
Cyberwar in Tallinn – an experiment of the Kremlin
Apparently, the first cyber war (not to be confused with cyber espionage, which the Kremlin has been involved in before), unleashed by Russia, was directed against Estonia in 2007. At that time, the attacks were aimed at the national security of the state and took place during the shaking of the socio-political situation in the country by the Russian special services with the help of the local Russian-speaking population.
The artificial protests were prompted by the relocation of the Bronze Soldier monument in Tallinn. Attackers have been able to modify, distort, or even delete the home pages of some sites. In addition, government and banking servers failed due to massive attacks.
Apparently, the Kremlin was waging a cyber war against Estonia as an experiment, because a physical attack on NATO would have terrible results, especially for the Russians. To prevent this from happening in the future, NATO has established the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, which is the flagship of European cybersecurity.
First a cyber attack, then an attack by Russian troops on Georgia
After conducting an experiment in Estonia a year earlier, the Kremlin was finally convinced of the effectiveness of waging war in cyberspace. Therefore, cyberattacks against Georgia in 2008 took place simultaneously with the armed aggression of the Russian Federation.
The first cyberattacks began on August 7, the day before the hot phase of the war against Georgia. They were carried out by refusing to service government websites and the media. During the second wave of attacks, there were defenses of various sites, as well as DoS-attacks against large private enterprises and so on.
For reference. Deface (from the English. Deface – distort, distort) – a type of hacker attack, when a page of the website is replaced by another (usually the main page), and access to the rest of the site is blocked or its former content is removed – it can be advertising, warning, threat or just hooliganism. Some hackers make a site interface to gain recognition in hacker circles, increase popularity, or to point out vulnerabilities to a site administrator.
Ukraine is like a cyber range for Russian attacks
The first attacks on information systems of enterprises and government agencies of Ukraine were recorded long ago. However, they became especially active at the beginning of the Revolution of Dignity in 2013. One of the most notorious cases was the theft of the e-mail database of the then opposition Ukrainian party in late November 2013, as well as access to the leader’s social media accounts. Subsequently, the seized information was used to discredit this political force. Most likely, this was done at the request of the then government, which tried to maintain its position by all available methods.
By the way, the Russian-Ukrainian cyber war was the first conflict in cyberspace, when the enemy managed to carry out a successful attack on our energy system. As a result of the cyber attack, part of it was disabled. Thus, at the end of 2015, consumers of Prykarpattiaoblenerho suffered the most: about 30 substations were shut down, and 230,000 residents waited for the power supply to be restored for one to six hours. At the same time, Chernivtsioblenerho and Kyivoblenerho were attacked. Then the electricity was cut off in the northern part of Kyiv on the right bank and part of the adjacent districts of Kyiv region for more than one hour.
Russia has also carried out attacks in Ukraine against the “Elections” information system during the presidential election, numerous denial-of-service attacks, defenses, cyber espionage, and more. And at the end of 2016, a cyber attack on our government websites and internal networks led to large-scale delays in budget payments.
In 2017, there were also several large-scale cyberattacks on Ukraine. For example, the family of Petya malware, which has affected a significant part of our businesses and even gone beyond the state. That same year, a ransomware virus from the same cohort damaged critical infrastructure for nearly half a billion dollars. Among the victims: Oschadbank and Ukrgasbank, Ukrzaliznytsia, Kyiv and Boryspil International Airports, Ukrposhta, Kyiv Metro and others.
Countries that have recorded such viruses have repeatedly claimed responsibility for the attack on Russian authorities. Of course, the Kremlin has “disappeared” and continues to do so today.
Last month, Ukrainian Foreign Minister Dmytro Kuleba expressed concern about Russia’s cyberattacks against COVID-19 vaccine developers, stressing that Ukraine has been suffering from Russian cyberattacks for years and insists that international law can be fully applied to cyberspace.
PS: Russia’s cyber threat to the world, especially in the context of the coronavirus pandemic, proves that Russia is a terrorist federation that is trying to harm everyone. Unfortunately, there is no doubt that Moscow will intensify cyber attacks not only in Ukraine but also in other countries. The only way out of this situation is to increase the level of cybersecurity, strengthen EU and US sanctions and completely isolate Russia from the Internet. Otherwise, any country can become Russia’s goal, and the consequences can be catastrophic.