Connect with us

Hi, what are you looking for?

HEADLINES

Kaspersky reports on what cyber confrontation looked like in 2022

2022 was marked by a 20th century-style military conflict – that definitely brought uncertainty to and some serious risks of spreading over the continent. While the broader geopolitical analysis of the conflict in Ukraine and its consequences are best left to experts, a number of cyber-events took place during the conflict that turned out to be very significant.

In their latest report, Kaspersky’s experts analyze cyberspace activities relating to the Ukrainian crisis, observing their meaning in relation to the current conflict, and their impact on the cybersecurity field. This report is a part of Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts within the cybersecurity world.

2022 was marked by a 20th century-style military conflict – that definitely brought uncertainty to and some serious risks of spreading over the continent. While the broader geopolitical analysis of the conflict in Ukraine and its consequences are best left to experts, a number of cyber-events took place during the conflict that turned out to be very significant.

The story of the year, prepared by Kaspersky researchers within the annual Kaspersky Security Bulletin, tracks every stage of the armed conflict in Ukraine, the events that have taken place in cyberspace and how they correlated with on-the-ground operations.

Significant signs and spikes in cyberwarfare in the days and weeks pre-dating military conflict were seen. February 24, 2022 saw a massive wave of pseudo-ransomware and wiper attacks indiscriminately affecting Ukrainian entities. Some were highly sophisticated, but the volume of wiper and ransomware attacks quickly subsided after the initial wave, with a limited number of notable incidents subsequently reported. Ideologically-motivated groups that presented themselves in the original wave of attacks appear to be inactive now.

Advertisement. Scroll to continue reading.

On February 24, Europeans relying on the ViaSat-owned satellite faced major internet access disruptions. This “cyber-event started around 4h UTC, less than two hours after the Russian Federation publicly announced the beginning of a “special military operation” in Ukraine. The ViaSat sabotage once again demonstrates cyberattacks are a basic building block for modern armed conflicts and may directly support key milestones in military operations.

As the conflict has evolved, there is no evidence that the cyberattacks were part of coordinated military actions on either side. However, there are some main characteristics that defined the 2022 cyber confrontation:

  • Hacktivists and DDoS attacks. The conflict in Ukraine has created a breeding ground for new cyberwarfare activity from various groups including cybercriminals and hacktivists, rushing to support their favorite side. Some groups such as the IT Army of Ukraine or Killnet have been officially supported by governments and their Telegram channels include hundreds of thousands of subscribers. While the attacks performed by hacktivists had relatively low complexity, the experts witnessed a spike in DDoS activity during summer period – both in number of attacks and their duration: in 2022, an average DDoS attack lasted 18.5 hours – almost 40 times longer compared to 2021 (approx. 28 minutes). 

Total duration of DDoS attacks detected by Kaspersky DDoS Protection in seconds, by week, 2021 vs 2022

  • Hack and leak. The more sophisticated attacks attempted to hijack media attention with hack-and-leak operations, and have been on the rise since the beginning of the conflict. Such attacks involve breaching an organization and publishing its internal data online, often via a dedicated website. This is significantly more difficult than a simple defacing operation, since not all machines contain internal data worth releasing. 
  • Poisoned open source repositories, weaponizing open source software. As the conflict drags on, popular open source packages can be used as a protest or attack platform by developers or hackers alike. The impact from such attacks can extend wider than the open source software itself, propagating in other packages that automatically rely on the trojanized code.
  • Fragmentation. Following the start of the Ukraine conflict in February 2022, many western companies are exiting the Russian market and leaving their users in a delicate position when it comes to receiving security updates or support – and the security updates are probably the top issue when vendors end support for products or leave the market.

 “From February 24 onwards, we’ve been puzzled with a question, if cyberspace is a true reflection of the conflict in Ukraine, it represents the pinnacle of a real, modern ‘cyberwar’. By going through all the events that followed military operations in cyberspace, we witnessed an absence of coordination between cyber and kinetic means, and in many ways downgraded cyber-offense to a subordinate role. Ransomware attacks observed in the first weeks of the conflict qualify as distractions at best. Kinetic attacks using missiles and unmanned aerial vehicles have once again proven to be a more effective method of targeting infrastructure than cyberattacks. Nevertheless, collateral damage and cyber risks have grown for organizations in nearby countries due to the conflict, requiring advanced defensive measures more than ever,” comments Costin Raiu, Director of Global Research & Analysis Team at Kaspersky.

Read the full report on the 2022 cyber confrontation at Securelist.com.

These are part of Kaspersky Security Bulletin (KSB) – an annual series of predictions and analytical reports on key shifts within the cybersecurity world. Follow this link to learn more about other KSB pieces.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The exploit, discovered by Kaspersky’s Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical...

HEADLINES

This recognition underscores Kaspersky's commitment to providing robust security solutions tailored for industrial environments.

HEADLINES

At the end of 2023, Sophos X-Ops noted a significant increase in ‘remote encryption’ attacks – where ransomware attackers breach a compromised and often...

HEADLINES

With the launch of KATA 7.0, organizations can now benefit from enhanced Network Detection and Response (NDR) capabilities with deeper network visibility, internal threats...

HEADLINES

In 2024, Globe blocked 3,096 child pornography domains or those containing child sexual abuse and exploitation materials (CSAEM), a slight increase from 3,047 domains restricted...

HEADLINES

During a recent webinar on Building Resilience Against Online Scams, hosted by fiber broadband and technology provider Converge ICT Solutions Inc., its Chief Executive...

HEADLINES

In 2024, Kaspersky restructured its Partner Program into four key partner types, recognizing the diverse profiles within its network – from traditional resellers and...

White Papers

The study tested 2,000 UK and US consumers, exposing them to a series of real and deepfake content. The results are alarming: only 0.1%...

Advertisement