Cyber attacks with devastating damage have so far failed to materialize during the Ukraine war.
(Photo: imago images/NurPhoto)
Dusseldorf, Berlin, San Francisco The incident raised the worst of expectations. A few days after Russia attacked Ukraine, a cyber attack shut down parts of the Viasat satellite network, with the result that energy companies like Enercon were no longer able to control thousands of wind turbines. The Federal Office for Information Security (BSI) warned of dangers for “high-value targets”.
But there have been no cyber attacks with devastating damage, at least so far. While Russia is becoming increasingly brutal militarily in the war against Ukraine, things remain unexpectedly calm on the cyber front.
Although IT security experts continue to see activities by Russian state hackers, there is no large-scale campaign on facilities in the West. To facilitate the corporations, authorities and ministries.
However, there is no reason to relax, warns Haya Shulman, professor of computer science at the Goethe University in Frankfurt and department head at the Fraunhofer Institute. “According to information from the USA, Russian secret services have access to critical infrastructure in the USA and Europe.”
Top jobs of the day
Find the best jobs now and
be notified by email.
If the regime wanted to, it could attack at any time – and then there would be great danger. The IT security expert emphasizes that Germany is no better positioned than Ukraine: “We are very vulnerable.”
Russia has proven time and time again that its state hackers can wreak havoc – especially in conflict zones. A few years ago, Russian groups sabotaged Ukraine’s power grid. According to a report from the Office of the Director of National Intelligence, which coordinates US intelligence, the regime sees disruption from cyber attacks as “a foreign policy tool to influence other countries’ decisions, as well as a deterrent and military tool.”
Russia is also conducting cyber attacks in the war against Ukraine – the Ukrainian Cyber Security Center (Cert) counted a total of 60 at the end of March. According to one report, these are primarily aimed at the government, local authorities and the military, but also to some extent at the economy.
Recently, the telecommunications service provider Ukrtelecom experienced a widespread outage. In most cases, however, the attacks are unsuccessful, the organization emphasizes.
“Russia underestimated Ukraine”
Outside of the war zone, it seems, the Russian hackers have so far hardly been active – contrary to expectations. “Since the beginning of the Russian attack on Ukraine, there have been a few additional unrelated IT security incidents in Germany, but they only had isolated effects,” said the Federal Office for Information Security (BSI) in response to a query from the Handelsblatt.
The authority includes the momentous failure of the Viasat satellite network. DDOS attacks that were averted, in which online services are overloaded with numerous pointless requests, have also been reported. All in all, however, the fear that Russia is wreaking havoc has not materialized so far.
Matthew Olney, Head of Threat Intelligence at Cisco Talos, sees two main reasons for the lack of widespread cyber attacks. For example, Russia underestimated Ukraine – the country had learned from the Russian cyber attacks of recent years and was better prepared.
The support from the USA may also have helped: according to a report in the Financial Times, the government in Washington sent experts in the fall to discover and render harmless malicious software, for example from operators of critical infrastructures. In Ukraine, Olney and his team take care of the cyber defenses of several authorities and companies, including those in the financial and gas sectors.
In addition, Russia has apparently set other priorities for its cyber elite, Olney suspects: “The hackers seem to be more concerned with espionage.” Instead of launching attacks, they tried to collect information about the behavior of other states and possible new sanctions.
Baerbock announces NATO response to Bucha and Mariupol “atrocities”.
A few weeks ago it became public that groups associated with the secret services were spying on Hungarian ministries, probably also to collect information about NATO countries and sanctions.
There is likely to be another strategic consideration: “An attack on power grids in the West could give NATO a reason to declare the alliance,” says Sven Herpig, head of cyber security policy at the New Responsibility Foundation (SNV). Putin might want to prevent that, despite all the aggressive rhetoric.
Because: In the event of an escalation, the Russian ruler must expect the West to respond with cyber counterattacks and disrupt the Russian power grid, for example. The specialists of the US intelligence service NSA would probably be able to do this.
However, all this is no reason to relax. The IT industry association Bitkom has observed that IT systems in Germany are increasingly being scanned for vulnerabilities. “Although such activities are the order of the day, such an increase can also be an indication of imminent attacks,” says Sebastian Artz, Head of Cyber and Information Security. And SAP boss Christian Klein warns that the software manufacturer is increasingly affected by cyber attacks.
There are several reasons that the threat is likely to increase:
- Western sanctions are hitting Russia hard, and the economic outlook is poor. It is to be expected that the Putin regime will react, says Shulman – to gain information from politicians, to sow discord and to take revenge. Cyber attacks are ideal for espionage, disinformation and sabotage.
- In Russia, numerous criminal hacker groups are active with the toleration of the state, says Shulman. It is conceivable that the regime would encourage them to cause damage to Western companies, authorities and research institutions, for example with blackmail software.
- Attacks aimed at Ukraine may inadvertently harm other countries as well. In 2017, for example, Russian hackers used the NotPetya virus to sabotage Ukrainian companies – but the software also spread to numerous German organizations. The failure of the Viasat satellite system is also considered collateral damage.
- According to Google researchers, the war in Ukraine offers hackers and spies from other countries a pretext for their activities. A group believed to be linked to the Chinese army is trying to spy on the military and governments in Ukraine, Russia, Kazakhstan and Mongolia. There are also numerous “financially motivated” activities.
More: War in Ukraine: Government plans for cyber counterattacks met with rejection