New cyber attacks have been taking place in Ukraine every week since the beginning of the war. What, in fact, is the ongoing cyber stability in the face of the prospect of threats.
According to Kaspersky, there is a landscape of threats in connection with the conflict, with the wider international community. In this regard, the international community has observed a very large number of attacks of various kinds and with varying degrees of sophistication.
For example, among the destructive attacks, we can list: ransomware, fake ransomware, Wipers and Wipers e ICS / OT. The analysis of these destructive attacks notes that many of the malicious programs discovered have very different degrees of sophistication.
However, no special coordination efforts were observed, either between the occurrence of these attacks or with military operations that would have taken place at the same time (with the notable exception of AcidRain). Also, no special targeting trends were identified, according to Kaspersky experts.
Cyber attacks will continue
“Our opinion is that certain separate groups have decided to take advantage and wreak havoc immediately after the outbreak of the conflict,” say Kaspersky experts.
Therefore, the attacks observed so far against the infrastructure in Ukraine appear to be uncoordinated and led by groups of different technical levels. Also, while these cyber activities suggest the role that cyberspace could play during a military conflict, what we have seen so far cannot be seen as the full extent of the attackers’ capabilities.
Moreover, it is likely that as a clearer perception of the scale and duration of the war arises, different groups will find better ways to coordinate, and this can lead to situations with an extremely disruptive impact.
Kaspersky is making some recommendations on stability in cyberspace.
“Since we are still moving from one phase of the conflict to another, we expect some of the observations presented in this report to become less accurate over time. Although the various cyber attacks observed so far have been disorganized and uncoordinated, we believe that a more structured activity could appear soon, amid this constant background noise “, they say in the report.
They also anticipate that as the war continues, more and more sophisticated criminals will become involved and reorient their intelligence-gathering activities. For this reason, they advise companies around the world to prepare for a recovery from ransomware attacks.