The United States has committed more than $19.3 billion in security assistance to Ukraine since the beginning of the Biden Administration, and even as support for indefinite aid to Kyiv has slipped slightly in recent weeks, a strong majority of Americans continue to support sending arms and economic aid.
However, while military hardware – including the M142 HIMARS light multiple rocket launcher – has allowed Ukrainian forces to liberate large swaths of territory, Russia has changed its tactics. This has included missile strikes at Ukraine’s population centers, while the Kremlin has also targeted the country’s critical infrastructure, notably its energy grid.
This has left millions in the dark and without heat as winter sets in.
The missile strikes are likely to continue, but it is also likely that Russia will launch a major cyber offensive, one that could be as devastating as the kinetic strikes – and ominously even harder to stop. Russian hackers have been known to conduct denial of service attacks, while agents working for the Kremlin have also employed disinformation campaigns.
Russian Cyber Warfare
Tech giant Microsoft warned earlier this month that cyber threat actors affiliated with the Russian military intelligence (GRU) have already launched destructive wiper attacks against Ukrainian computer networks. In fact, the recent missile strikes have been coordinated to strike while Russian threat groups launch cyberattacks on the same sectors.
One particular threat group believed to work at the behest of the GRU – known as IRIDIUM – has likely been behind many of the recent attacks. A concern is that while Ukraine is in the crosshairs, the attacks could spread to other Western nations, notably those supporting financial and military aid to Kyiv.
“This isn’t just an attack on Ukraine. This is an attack on Microsoft and all its customers,” warned Jim McGregor, principal analyst at TIRIAS Research.
“Microsoft is doing what it must to provide a secure environment while protecting all of its customers globally,” McGregor told ClearanceJobs. “As we have seen, Russia’s aggression extends well beyond Ukraine and threatens to disrupt lives and businesses globally.”
Defending the Digital Domain
Microsoft has provided a methodology for combating digital threats, noting that multidimensional threats require multidimensional defenses. In June, the company explained that it built its approach around “Four Ds” to counter malicious cyber and influence activity.
Detect
The company will collectively identify those cyber actors that may strike at supply chains supporting Ukraine and the energy industry keeping Europe warm this winter. It will also preemptively evaluate and assess potential risks to those that may be targets of Russia or other nation-state threat actors.
Disrupt
Microsoft’s Threat Intelligence Center (MSTIC) will further alert customers and the public to emerging cyber methods enabling the entire ecosystem to rapidly employ sensors, patches, and mitigations.
Defend
The tech giant will increase the collective defenses of the broader cyber ecosystem through increased information sharing and improved technology to defend against Russian threats and address vulnerabilities. Its teams will also continue to support nonprofits, journalists, and academics both within Ukraine and across its allies, allowing those partners to broaden their defense of the information ecosystem.
Deter
The firm’s Digital Diplomacy and Democracy Forward teams will work with affected customers and their representative governments to push for unified action to protect it customers’ supply chains against nation-state attacks.
Microsoft Steps Up
Last month, Microsoft announced it would provide Kyiv with additional technology aid of around $100 million, in addition to the support package that has exceeded $400 million.
“Microsoft has been a close partner to Ukraine during this escalating conflict as shown by their recent commitment to extend technology support for the country through June 2023,” said Chris Vaughan, AVP of technical account management at cybersecurity research firm Tanium.
“Together they collect intelligence from the battlefield vital to businesses and organizations that could potentially be targeted in winter months ahead as retaliation for providing assistance to Ukraine and its operations,” Vaughan told ClearanceJobs.
The war in Ukraine already has had an impact on global supply chains and logistics, and any cyber attacks could make the situation much worse.
“Technology companies must continue to remain vigilant in the face of these threats and ensure the right safeguards are in place as these cyberattack dangers become more common,” said Dylan Border, director of cybersecurity at Hyland, maker of enterprise software. “We applaud Microsoft for proactively stepping in to attempt to mitigate the impact of these threats, and drive awareness in the security community of the increasingly heightened risk.”
A Global Cyber War?
Cyber efforts at the beginning of the conflict were primarily aimed at Ukrainian infrastructure, yet increasingly there have been destructive efforts expanded to Poland, where transportation and logistics industries were recently the targets of a ransomware attack.
“With this change in the war, it’s potentially signaling what’s to come,” Vaughan warned. “If this was in the land, air, and space domain we would expect kinetic attacks. However, we are living in a digital age where cyber warfare can be just as crippling when aimed at supply chains, critical infrastructure, and battlefield logistics. With Russia now cut off, they will need to plug holes, resulting in increased attacks on businesses and rising acts of espionage.”
It is necessary for companies to remain vigilant throughout the remainder of the year, a time when staff is limited, cyber attacks surge, and remote work environments continue to challenge IT teams, suggested Vaughan.
“The practice of good cyber hygiene – patching, vulnerability management, asset discovery – is vital for their protection and business continuity,” he added.
Microsoft is taking a leading role, but it isn’t alone.
“Because of its products and services, Microsoft is very close to the primary entities being targeted and is reacting to the threat, but be assured that most tech companies are taking steps to identify and prevent future Russian cyber attacks,” McGregor continued. “Unlike many other companies that do business in Russia, most of the tech companies are taking a harder stance against Russian aggression than many non-tech companies.”
