Ukraine Defense Against Russian Cyberattacks Seen Having Implications for Industry
Russia launched a “massive, broad” cyberattack on Ukraine as part of its invasion of the country in an attempt to “create disorder and overwhelm Ukraine’s cyber defenses,” but the results show the limits of cyberwar, Daniel Hoffman, former CIA senior officer and station chief, said in a keynote at an AT&T virtual cybersecurity conference Tuesday. Hoffman spoke with AT&T Chief Technology Officer Jeremy Legg.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Russia “tried to disrupt services” starting in January, before the February invasion, Hoffman said. “They installed destructive malware on Ukraine’s networks using phishing and denial of service, trying to take advantage of any software vulnerabilities they could,” he said. Russia targeted government websites and the networks of communications providers, energy companies, banks and media outlets, he said. Probably the most successful attack was against Viasat, but lots of the attacks worked, he said. Hoffman said the attack was the largest in the history of warfare.
“It hasn’t resulted in any military advantage to Russia,” Hoffman said: “What surprised me … is that Ukraine had the resilience to carry forward. This war in a massive sense has been a massive intelligence failure” for Russia. “Ukraine is under siege in so many ways,” but its cyberdefenses have performed better than expected, he said. “The Russian cyberattacks just haven’t had their intended impact,” he said.
Ukraine published a national cybersecurity strategy in 2016, which emphasized redundancy and resilience, Hoffman said. “They took a lot of what we would call cyber hygiene basic measures to put themselves in the best position possible to defend against the expected Russian onslaught,” he said. Hoffman said he had meetings with Ukrainian intelligence officers while at the CIA. “They take cyber defense very seriously -- they know it’s an instrument of Russia’s battle siege mentality,” he said.
“It tells you that even though you have a large-scale international actor marshaling their resources to attack you that if you do some preparation … you have the ability to mitigate a lot of this,” Legg said. He said that is a good lesson for any businesses that may be targeted by international hackers.
Ukraine has also been able to penetrate Russian battlefield communications systems, Hoffman said. “A lot of Russian units rely on very inadequately secured mass market Chinese equipment that the Ukrainians were able to penetrate,” he said. Before the war China, not Russia, was Ukraine’s largest trading partner and the Ukrainian intelligence service was very familiar with all the gear the Russians are using, he said. When postmortems of the war are written, they’ll likely show that Russian communications failures led to the loss of senior officers and the large number of casualties, Hoffman said.
Deep Fakes
Nina Schick, an expert on deep fakes, warned they're becoming more sophisticated and difficult to detect. The use of deep fakes “will absolutely, exponentially increase, and the reason why is AI is doing the heavy lifting,” she said.
The FBI put out an alert last year saying the biggest new cyberrisk to businesses is “sophisticated, deep-fake attacks,” Schick said. Identity theft is a common threat, she said. “To clone someone’s identity, less and less training data is needed,” she said. Schick also warned of the rising threat from synthetic fraud. “The other thing AI can do is generate or create entirely synthetic people,” she said: “We’ve been seeing how these synthetic people are being used to infiltrate organizations to extract valuable data. It’s the fastest growing type of fraud in 2022, and it’s even more difficult than identity fraud.”
Companies can use AI to detect deep fakes, but the difficulty is that none of these detectors are always effective, Schick said. “From a cybersecurity challenge and perspective we understand that this is an ever evolving challenge,” she said. “We can’t trust anything unless it’s authenticated and that absolutely has to be the way forward,” she said.
“Authentication is just so core when we think about cybersecurity and any of our security principles,” said Bill O'Hern, AT&T chief security officer. Everyone is using video to communicate as they work from home, he said. “It gives a real opportunity” for bad actors to “collect the background and the data,” he said.
“There are more network edges than ever before because we’re more interconnected than ever before,” said Jonathan Nguyen-Duy, Fortinet chief information security officer-strategic services. “We work from home, from vehicles, from campuses,” he said. “More of our businesses are now software-defined and business processes are more digitalized than ever before.”
Cyberattacks won’t go away, Nguyen-Duy said. “They’re only going to get more sophisticated as the tools get more refined, as criminals get more experienced,” he said.
“Everything we’ve talked about is about the user,” said David Wade, AT&T director-cybersecurity. “We sometimes, as security architects and engineers, create the greatest solution, but to a user it’s awful, because they’re jumping from hurdle to hurdle to hurdle, trying to remember multiple usernames, multiple passwords,” he said. Users should be able to do the work they have to do, without a lot of thought, he said.
Security should be “easy for the user, hard for the bad guys, for sure,” said Johannes Jaskolski, AT&T vice president-workforce identity and access management. People should be able to log into their device “and it just works,” he said. A “lag-free, efficient network path” also is important, he said. End users should be able to “authenticate less, but more effectively,” he said.