The war launched by Vladimir Putin in order to annex Ukraine is going to become the first in which the battle in the cyberspace It will become an essential element. Experience is not lacking. It has some of the best cybercriminals in the world, organized groups of cyberterrorists, and extensive funding by the post-Soviet regime. Already last January, numerous Ukrainian banks and institutions were attacked and in which cybercriminals left warning messages: “Prepare for the worst”. Yesterday, at the beginning of the invasion by Russian troops, numerous cyberattacks were reported. For example, the manufacturer ESET discovered a new malware a windshield type that is intended to destroy information stored on an infected system and has been detected on hundreds of computers in Ukraine. The scale and impact of data wipe attacks are still unknown, as is the identity of the group behind the infections. This discovery comes just hours after the country suffered major denial-of-service attacks against several national websites.
Already last January, numerous Ukrainian banks and institutions were attacked by Russian cyber-terrorists
In addition, Symantec has detected data destruction malware in Ukraine and adds that they have also detected similar infections in Latvia and Lithuania. In addition, the Ukrainian Defense Ministry, Foreign Ministry and Parliament have suffered denial-of-service attacks, which are clearly blamed on the state intelligence agency (GRU) of the Putin government. The cyberattacks suffered by Ukraine have been going on for months. Thus, at the beginning of the month, Ukrainian institutions suffered attacks from Gamaredon using phishing techniques that install a custom remote access Trojan called Pterodo. The multinational Symantec has already revealed that, already between July 14, 2021 and August 18, 2021, several variants of the backdoor were installed and additional scripts and tools were implemented. The cyber attacks They will continue to occur and it is not ruled out that organizations and companies from other countries will be attacked in response to the sanctions that are going to be imposed on the Russian regime. In this regard, US President Joe Biden has warned US companies and organizations to “prepare for Russian cyberattacks in retaliation for these sanctions and the White House’s opposition to the Russian president’s intrusion.”
The problem of cyber defenses
There is a problem to protect against these cyberattacks and that has to do with the four years of legislature of donald trump. The former president, possibly grateful for the favors he owed Putin that made it possible for him to reach the White House, abandoned the cyber defense strategy altogether, allowing Putin to grow further. Biden was able to verify this during the first six months of his arrival in the presidency, where he had to deal with the largest wave of cyberattacks that his country, its official agencies, and its main multinationals have suffered. The main problem of all is that the US is not capable of defending itself against all these attacks because cyber defense took second place in the Trump strategy. However, after a year, Biden has strengthened the cyber defense strategy, although, of course, it is not at the level of Russian cybercrime. It can be said that the United States has a very bad cyber defense, but, on the other hand, its attack tools are known to be good. In fact, it is known that after these cyberattacks, the US carried out a series of clandestine actionss on Russian networks with the aim of making them evident to Putin and his intelligence and military services and demonstrating the power of the US attack. Some of those actions targeted (and succeeded in) elite Russian cybercriminal groups in the last month. The danger of Putin’s cyberwar is real. Along with China, Russia has the world’s most savvy cybercriminals. And they don’t hide. Its cybercriminals are known and known to act under the orders of Putin. Their attackers also have a predilection for accessing their targets by compromising devices and network services accessible via the Internet, and in particular those that support virtual private network (VPN) connections. With this, your access attempts can go relatively unnoticed if the attempts fail, however, when successful, they can provide extensive access to the system. On the other hand, and according to the CrowdStrike firm, Russian organized groups are changing their “modus operandi”. Until recently, they were known for investing in the development and deployment of custom malware to facilitate their intelligence gathering activities. With this, they drew the attention of the cyber defense lines therefore, attackers had to invest more and more resources in updating the tools that allowed them to evade detection. So, they are now moving to directly collect information from external services by directly accessing network resources that are in the cloud, such as email servers. Moscow knows its forces in cyberspace and knows that the four years of the Trump presidency have given them a considerable advantage. That is why Russia has long targeted Western political and military targets, as well as key sectors related to the energy, defense and technology industries, for cyber espionage.
