Tag: Cyber Security

What the Ukraine Crisis Means for Cyber Warfare

What the Ukraine Crisis Means for Cyber Warfare.

While Russia’s invasion of Ukraine rapidly unfolds, we sat down with Omree Wechsler, a senior researcher in TAU’s Yuval Ne’eman Workshop for Science, Technology and Security, to discuss the cyber security aspects of the conflict in Ukraine.

Omree, Ukraine’s vice prime minister recently said the country had launched an ‘IT army’ to combat Russia in cyberspace. How would you assess Ukraine’s cyber capabilities? 

Several attempts were actually made to assess the national cyber power of states, however, Ukraine was not among them due to the lack of data. While the research community is still in the dark about Ukraine’s cyberspace capabilities, we can assume that due to the fact that Ukraine was targeted by Russian cyberattacks ever since the annexation of Crimea, their cyber defense teams should be highly experienced.

The Ukrainian government has called upon the country’s hacking community to help protect their infrastructure, conduct espionage and disruptive activities against Russian forces. In addition, certain international hacking collectives (such as Anonymous) declared that they would act against Russian targets.

Screenshot from a popular St. Petersburg news outlet (https://www.fontanka.ru/): On February 28, several Russian news sites were attacked, warning readers not to "send their sons and husbands to certain death.” Anonymous claimed responsibility

 

Screenshot from a popular St. Petersburg news outlet (https://www.fontanka.ru/): On February 28, several Russian news sites were attacked, warning readers against “sending their sons and husbands to certain death.” Anonymous claimed responsibility

The official website of the Kremlin, the office of Russian President Vladimir Putin, kremlin.ru, crashed a few days ago (it is still down at the time of writing). Who is behind this attack?

The kind of attack we see on Russian official websites is called a ‘Denial of Service’ cyberattack (or DDoS). It’s a relatively easy task, and does not require sophisticated cyber expertise. Looking at past cyberattacks that were attributed to Western governments, mostly the U.S. Cyber Command, it does not seem that this is an instance of Western retaliation (Western cyberattacks would in theory look more like disabling military systems and so on), but rather the work of “hacktivists” – hackers who employ their capabilities as part of their social/political agenda. It could also be the work of Ukrainian hackers who took advantage of the opportunity to hit some symbolic target.

The power is no longer reserved for the state, then?

That’s correct. There are many other actors with access to cyber capabilities of varying complexity. However, advanced capabilities require means, such as money and expertise. Therefore, the most capable threat actor in this regard remains the state. It is also important to mention that cyber capabilities render factors such as population and geographic size, that are essential for conventional military might, obsolete.

I think that in the current conflict, international hackers or hacktivists could mostly embarrass the Russian government and cause some disruptions. One way that international hackers could cause damage to Russian targets is by ransomware attacks that encrypt data thus making it unreadable to the systems that use it. Another may include leaking highly sensitive or classified data that will be used by more sophisticated groups for more sophisticated attacks. However, the damage they can cause is usually limited compared to the capabilities of Western governments. 

 

The Russian invasion disrupted Ukraine’s internet connectivity, but the country has successfully mobilized public opinion with the help of social networks, and its Vice Prime Minister Mykhailo Fedorov asked billionaire Elon Musk through Twitter to make available his company’s Starlink satellite broadband service in Ukraine. Musk delivered.

What type of cyber operations have been employed in this conflict? 

Before the military attacks, the Russians also used DDoS attacks and flooded Ukrainian government and banking websites. Other attacks employed so-called ‘wipers’, a malware that deletes data and renders computers unusable. There are plenty of tools in the cyber toolbox.

What were the Russian objectives of the cyberattacks? 

In January, some experts argued that the attacks’ objective was to steal information relevant to an upcoming invasion. DDoS attacks may have been used for diversion, while the wiper attacks prevented the Ukrainian government from quickly recovering by deleting data and preventing machines from booting.

The Russians also did their best to wreak fear and doubt among Ukrainian citizens and to embarrass the Ukrainian government. These attacks were accompanied with a constant disinformation campaign including reports on Ukrainian aggression in Eastern Ukraine.

Did it work?

There is no evidence that the attacks destabilized the public support for the Ukrainian government, inside Ukraine or abroad. It may seem that some of the Russian disinformation was also directed at local Russian citizens in order to increase support for the attack. There is still no indication that it worked, as reports on Russian soldiers that have been compelled to invade Ukraine are coming in.

 

Omree Wechsler

Should we expect more cyberattacks from Russia? 

I believe Russian aggression in cyberspace will continue, in order to support its military operations. Cyberattacks that cripple the electric grid, water systems and other critical infrastructure are even more possible, given the fact that many critical systems in Ukraine use Russian technologies and software. A prime example, is Ukraine’s electrical grid which was built during Soviet times. It is very likely that many more malware infections are lying dormant in Ukrainian systems, ready to be deployed.

Russian threat actors will likely direct their cyber efforts against NATO and EU member states as well, in retaliation for supporting Ukraine and announcing sanctions. In fact, banks, critical infrastructure operators, government and public administration agencies in Europe and in the U.S. have been on alert for a while. Earlier this month, oil and fuel supply companies in Germany, the Netherlands and Belgium were hit by ransomware and forced to work in limited capacity. These attacks were attributed to a Russian-speaking group named ‘BlackCat,’ and, given that all these countries have in common that they are NATO member states that agreed to send troops and aircraft to countries surrounding Ukraine, it is difficult to decouple the attacks from the crisis in Ukraine.

Will the West remain idle? 

Apart from sanctions, it is possible that the West will employ cyberattacks. According to reports, U.S. President Joe Biden was presented with various options to carry out cyberattacks aimed at disrupting the Russian invasion. The UK Defense Secretary, Ben Wallace, stated that the UK may launch cyberattacks on Russia if it targets the UK networks. However, given their sensitive position, Western responses in cyberspace are likely to be limited and reactive. It really depends on the purposes and gains they wish to achieve.

Theoreticians have long tried to define how cyberattack operations can be utilized amid political and military conflicts, and whether they stand on their own or support conventional military operations. The Russian invasion of Ukraine and the months preceding, therefore, are bound to be investigated as case studies necessary to understand the nature of cyberwarfare operations.

What to Do When Everything is Vulnerable and Under Attack

Highlights from Cyber Week 2021.

 

 

Israel’s 11th Annual Cyber Week Conference, this year hosted in a hybrid in-person and online format, was attended last week by 2,500 in-person and 3,700 online, among them top Israeli politicians, global cyber policymakers and executives from multinational companies and cutting-edge startups from more than 80 countries.

TAU Professor behind Israel’s ‘Magic Circle’ and Cyber Week

Prof. Isaac Ben-Israel, Conference Chairman of Cyber Week, submitted a plan to the government in 2011 after his appointment by the Prime Minister to head a multidisciplinary task force in order to prepare Israel for future cyber threats. The plan outlined a solution whereby an entire ecosystem, or ‘magic circle’ was built (combining the forces of defense and government, industry and academia) to handle new and unpredicted cyber threats on a continuous basis. Ever since, the annual Cyber Week Conference at Tel Aviv University has been an important meeting point for experts from industry, government and academia across the globe.

Participants at Cyber Week 2021

Will The Iron Dome be Joined by A “Cyber Dome”?

In his speech at this year’s event, Israel’s Prime Minister Naftali Bennett stressed the need for further cooperation and invited other nations to join a global “Cybernet Shield” initiative to jointly coordinate the fight against cyber threats globally, stressing that “(…) if you fight alone you will lose, but if we fight together we will win.”

2020 was a rough year, with more than 300M ransomware attacks worldwide. Cyber warfare continues its rapidly growing military importance and global cyber security investment is skyrocketing, 80% of which went to US and Israeli companies. “Everything is vulnerable and everything is under attack” Bennett warned. 

Israel’s Defense Minister, Benny Gantz, expressed similar sentiments and called for a cyber-version of Israel’s famous anti-missile defense system, the Iron Dome, “Cyber is now a vulnerable space that must be protected like the sea, space, air, and ground”. He called for a no-tolerance policy by the Israeli government when it comes to cyberattacks, “Our message is very clear – be it a rocket, or a keyboard, we will not tolerate anyone to threaten our people.”

And the Winner of This Year’s Cyber Shield Award… 

True to tradition, also this year the Cyber Week Committee nominated a winner of the Cyber Shield Award, based on contributions to Israel’s cyber ecosystem. This year’s prize was awarded the Israeli Defense Forces (IDF) for their longstanding, inspiring and groundbreaking achievements in promoting the Israeli cyber scene and bringing Israel to the status of a global cyber power. 

The IDF is awarded the Cyber Shield Award. From left to right: Major General Lior Carmeli, Major General Tamir Hayman,  Gili Drob-Hiesten Managing Director ICRC, TAU President Prof. Ariel Porat and Prof. Isaac Ben Israel 

The conference is a joint effort by Tel Aviv University’s Blavatnik Interdisciplinary Cyber Research Center (ICRC) and Yuval Ne’eman Workshop for Science, Technology and Security, and the Israeli National Cyber Directorate under the Prime Minister’s Office and the Ministry of Foreign Affairs. 

TAU’s Cyber Week 2020 Goes Virtual

Global cyber leaders and international researchers will gather on one virtual stage from October 19-21

TAU’s Blavatnik Interdisciplinary Cyber Research Center, the Israel National Cyber Directorate at the Prime Minister’s Office and the Ministry of Foreign Affairs will hold its annual Cyber Week conference online on October 19-21, 2020. Traditionally, the Cyber Week Conference takes place on the TAU campus and attracts over 10,000 international participants. This year, due to the global pandemic, the Cyber Week Conference will be held online.

Participants in this year’s event will include Yigal Unna, Director General of the National Cyber Directorate and Prof. Isaac Ben-Israel, Head of the Blavatnik Interdisciplinary Cyber Research Center at TAU, as well as many prominent international figures from the fields of Cyber and Information Security, business, financial and technological sectors, and leading corporations in relevant areas. Speakers include: Gil Shwed, Udi Mokady, Esti Peshin, Omer Tene, Ofer Schreiber, Partner and Head of Israel Office at YL Ventures, Mikko Hypponen, Cyber Fraud Expert at F-Secure, Mark Russinovich, Microsoft VP and CTO, famous hacker Chris Roberts, Cyber Security guru Bruce Schneier, Jaya Baloo, Head of Information Security at Avast, Cyber expert Theresa Payton and others.

The National Cyber Week Conference is Israel’s chief annual event in the fields of Cyber and Information Security and a leading event globally. It serves as a major meeting ground for prominent cyber experts and researchers from around the world, alongside entrepreneurs, policymakers, international security organizations, diplomats and top business professionals. Its aim is to exchange cyber dialogue that focuses on current issues, trends and technological solutions. Topics to be addressed in this year’s event include: cyber trends as a result of the pandemic, challenges of working from afar, life after the pandemic, cyber and health systems, cutting-edge trends in cyber warfare, information privacy in the diplomatic context of terrorism and cybercrime, innovations in cloud security, law and cyber in Israel and worldwide, and more.

Prof. Isaac Ben-Israel, Chairman of the Conference and Head of the Blavatnik Interdisciplinary Cyber Research Center at TAU: “It is already clear that even if the COVID-19 pandemic is soon eradicated, life afterwards will be different. One aspect of the change will be increased use of online communication – as exemplified by this year’s online Cyber Week. This intensified use will increase our dependence on computer systems and digital communication, generating more opportunities for cyberattacks by malevolent actors.”

The updated program of the event

Victoria

Tok Corporate Centre, Level 1,
459 Toorak Road, Toorak VIC 3142
Phone: +61 3 9296 2065
Email: office@aftau.asn.au

New South Wales

P.O. Box 4044, Maroubra South,
NSW 2035
Phone: +61 418 465 556
Email: davidsolomon@aftau.org.au

Western Australia

P O Box 36, Claremont,
WA  6010
Phone: :+61 411 223 550
Email: clivedonner@thelinqgroup.com