The Cyber Angle
The start of Russia’s war in Ukraine included some of the most ambitious cyber operations in history, targeting satellites and power plants in an effort to shock and awe.
Now, Ukrainian officials say, some of Moscow’s most notorious hackers are focusing on moves like knocking out a local information agency’s web page — a more modest approach that belies Vladimir Putin’s claim that everything is going according to plan.
From January to June, the number of cyberattacks in Ukraine rose to 762, more than double the second half of 2022, according to a new report by the country’s cybersecurity service and backed by US Agency for International Development and the European Union. But the number of incidents they labelled as “critical” over that period decreased by 81% to 27 — a sign of improved defenses as well as Russia’s more restrained ambitions, Ukrainian officials say.
Bloomberg didn’t independently confirm the claims made in the report, and generally, verifying alleged cyberattacks in both Ukraine and Russia has been challenging during the conflict. The Kremlin and Russian military regularly denies any role in hacking operations.
At the start of the war, the Kremlin expected a quick victory. Its hackers went after Viasat Inc.’s commercial satellite network, causing major disruptions in Ukrainian communications, and also attempted to strike the country’s energy grid in a failed attack. But even then, Russia’s overstretched forces had a hard enough time coordinating their own moves without integrating cyber operations, and prospects of a full-scale cyberwar soon faded. Now, the alleged cyber goals appear to be more modest.
The new marks include those that tend to have softer defenses, including sectors like media and telecommunications. Local law enforcement and government offices collecting evidence of war crimes are also among the primary targets. Some hacks have collected data on captured Russians who could face war crimes trials, with the goal of helping them avoid prosecution and return to Russia, according to the report.
State-linked hackers have largely avoided targets that could be used to support military operations, according to the report. Instead, Sandworm, a group affiliated with the GRU military intelligence agency that has been linked to some of Russia’s most aggressive attacks around the world, hit a Ukrainian state-run news agency in January in an attempt to knock out its website, the report found.
Despite the shift, Ukrainian cybersecurity experts warn attacks on critical infrastructure will continue. Private energy company DTEK has reported repeated attacks against its IT infrastructure, both from hackers and from missile strikes. Russian hackers have also tried to collect information about Ukraine’s Zaporizhzhia nuclear power plant.
In other words, don’t write off Russia’s hacking forces just yet.
What We Learned This Week
For some time now, cybersecurity experts have been warning that text-based multifactor authentication is not secure. Now Microsoft has joined in, encouraging users of its Azure cloud to ditch text and phone two-factor authentication.
The advisory comes amid a surge of social engineering attacks, a low-tech method in which hackers gain initial entry onto a corporate network by tricking IT help desks by pretending to be an employer, or an employee. Social engineering attacks were behind recent cyberattacks on MGM Resorts International, Caesars Entertainment and Coinbase Global.
The group suspected to be behind the attacks, known as Scattered Spider, has exploited Azure in some of its attacks, according to the cybersecurity firm Mandiant.
In May, as Scattered Spider was running amok through corporate networks, Microsoft researchers published a study claiming that SMS and voice-based authentication is 40% less secure than push notifications through a cellphone app.
Alex Weinert, Microsoft’s vice president of identity security, said in a statement to Bloomberg News that the company is “strongly encouraging” use of Microsoft Authenticator. --Margi Murphy