Kaspersky’s experts examine cyberspace actions related to the Ukrainian crisis in the most recent study, examining their significance in light of the ongoing conflict and their influence on the cybersecurity industry. This article is a part of the Kaspersky Security Bulletin (KSB), a yearly collection of forecasts and investigative reports on significant changes in the cybersecurity industry.
2022 was marked by a 20th-century-style military conflict – that brought uncertainty and some serious risks. Several cyber events that took place during the conflict turned out to be very significant.
Prepared by Kaspersky researchers within the annual Kaspersky Security Bulletin, tracks every stage of the armed conflict in Ukraine, the events that have taken place in cyberspace and how they correlated with on-the-ground operations.
Before the military conflict began, major spikes and signs were seen in cyber warfare. On February 24, 2022, a large wave of wiper and pseudo-ransomware attacks hit Ukrainian entities without discrimination. After the initial wave, the wiper and ransomware attacks reduced significantly with a few being reported. Groups who were ideologically motivated and showed themselves in the attack now are inactive.
On February 24, Europeans relying on the ViaSat-owned satellite faced major internet access disruptions. This “cyber-event” started around 4h UTC, less than two hours after the Russian Federation publicly announced the beginning of a “special military operation” in Ukraine. The ViaSat sabotage once again demonstrates cyberattacks are a basic building block for modern armed conflicts and may directly support key milestones in military operations.
There is no proof that the cyberattacks were a part of planned military operations on either side as the conflict has progressed.
However, some main characteristics defined the 2022 cyber confrontation:
Costin Raiu, Director of Global Research & Analysis Team at Kaspersky said “From February 24, 2022, onwards, we’ve been puzzled with a question, if cyberspace is a true reflection of the conflict in Ukraine, it represents the pinnacle of a real, modern “cyberwar”. By going through all the events that followed military operations in cyberspace, we witnessed an absence of coordination between cyber and kinetic means, and in many ways downgraded cyber-offence to a subordinate role. Ransomware attacks observed in the first weeks of the conflict qualify as distractions at best. Kinetic attacks using missiles and unmanned aerial vehicles have once again proven to be a more effective method of targeting infrastructure than cyberattacks. Nevertheless, collateral damage and cyber risks have grown for organizations in nearby countries due to the conflict, requiring advanced defensive measures more than ever.”