For the "Story of the Year" Kaspersky experts analyzed cyberspace activities such as DDoS or hacks in connection with the war in Ukraine. It is part of the Kaspersky Security Bulletin, an annual series of forecasts and analytical reports.
The year 2022 was marked by a military conflict that brought with it uncertainty and some serious risks. In the course of this, a series of significant events in cyberspace, such as DDoS attacks or hacks, also took place. For the Story of the Year, Kaspersky experts analyzed each phase of the war as well as the events that took place in cyberspace and how they correlated.
Is this what a cyber war looks like?
In the days and weeks leading up to the start of military confrontations, there were significant signs of cyber warfare. On February 24, 2022, a massive wave of pseudo-ransomware and wiper attacks hit Ukrainian companies indiscriminately. Some were very sophisticated, but the volume of wiper and ransomware attacks dropped quickly after that first wave. Only a limited number of notable incidents were subsequently reported. The attacks of this wave are due to ideologically motivated groups that now appear to be inactive again.
In addition, on February 24, European countries that rely on ViaSat's own satellite faced significant disruptions in internet access. This "cyber event" began less than two hours after the Russian Federation publicly announced the start of a "special military operation" in Ukraine. The ViaSat sabotage shows once again that cyber attacks are a fundamental building block for modern armed conflicts and can directly support important milestones in military operations.
Partly uncoordinated attacks
In general, there is no evidence that the cyber attacks were part of coordinated military actions on both sides. However, there are some characteristics that marked a cyber confrontation in 2022:
- Hacktivists and DDoS attacks: In general, the breeding ground for new cyber warfare activities was created. Among other things, cyber criminals and hacktivists support “their” site. Some groups like IT Army of Ukraine or Killnet have been officially supported by governments and their Telegram channels have hundreds of thousands of subscribers. While the attacks carried out by hacktivists were of relatively low complexity, the experts were able to identify an increase in DDoS activity during the summer - both in terms of the number of attacks and their duration: in 2022, an average DDoS attack lasted 18,5, 40 hours - almost 2021 times longer compared to 28 (about XNUMX minutes).
- Hack and Leak: The more sophisticated attacks attempted to gain media attention with hack-and-leak operations; they have been on the rise since the conflict began. Such attacks involve hacking into an organization and posting internal data online—usually through a dedicated website.
- Infected open source repositories and open source software: As the conflict drags on, popular open source packages can be used by developers or hackers as a platform for protest or attack. The impact of such attacks can go beyond the open source software itself and spread to other packages that automatically rely on the trojanized code.
“Since February 24, we have been wondering whether cyberspace is a true reflection of the conflict in Ukraine; whether it is the culmination of a real, modern 'cyber war',” summarizes Costin Raiu, head of Kaspersky's Global Research & Analysis team. “In all events that followed military operations in cyberspace, we could see that there was a lack of coordination between cyber and kinetic means, cyber offensive in many ways played a secondary role. The ransomware attacks seen in the first few weeks of the conflict are a distraction at best.”
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/