Posted on September 2, 2022 at 9:13 AM
Hacks Linked To Russia/Ukraine War Are Far Lower Than Expected, Researchers Say
A recent study has shown that the attacks linked to the Russia/Ukraine conflicts have little impact and are not likely to escalate further. This may be deviating from the earlier worries by cybersecurity researchers that the conflict could lead to massive hacks across the world.
Researchers from the University of Strathclyde, the University o Edinburgh, and the University of Cambridge examined the data. The data was gathered 2 months before Russia’s invasion and four months after the invasion.
281,000 web defacement attacks were examined. Additionally, over 17 million DDoS attacks were also examined while the researchers looked into hundreds of announcements on Telegram used by threat actors to coordinate their activities.
The Surge In War-Linked Attack Only Lasted Two Weeks
Based on the analysis, Russia was the first victim of a large-scale attack linked to the war. A few days later, Ukraine was also attacked. At the time, there was a reported increase in the number of attacks, but the surge only lasted for two weeks.
At the time, threat actors and hacktivists around the world chose to either support Ukraine or Russia in the conflict. Some researchers stated that hacktivists could cause a lot of instability in cyberspace. Some believe that the hackers may cause the cyberwar to escalate to involve more people. This could lead to a future where war involves hybrid conflicts that would unpredictable and chaotic.
But researchers stated that hacktivists mostly used defacement attacks that change websites’ appearance and DDoS attacks which make websites temporarily unavailable. They target critical infrastructure on rare occasions, unlike what was expected when the war started. The hackers usually attacked trivial, defunct, or harmless websites with Ukraine or Russian domain names, including streaming services, news websites, and food delivery services.
The Attacks Used Simple DDoS Tools
Most of these attacks were perpetuated by low-level threat actors with simple tools that can get for free or at low costs on the dark net forums. The major attacks that require sophisticated tools and a huge capital outlay are still carried out by those that are looking for massive financial gains.
The researchers behind the recent study noted that the websites that provide DDoS as-a-service are everywhere. This means that launching such attacks is straightforward, even for those with little technical skills.
Most f the researchers that carried out the study are professors with extensive cybersecurity experience. Many of them have published several scholarly papers on the topic.
The widespread availability of DDoS services has kept the activities of hackers ongoing for weeks. But defacement attacks have reduced considerably after surging in the first few days after the invasion.
The defacement was heavily used when the war started because it was used to make political statements and deliver messages to rivals. However, the researchers stated that the attackers lost interest in this type of attack after running out of targets.
Many of the hackers were just joining and supporting one of the two countries at war in line with the trend. The researchers stated that they did not have a strong political viewpoint on the war, which means they are bound to lose interest as the war prolongs. The hackers seemed to be typical cybercrime entrepreneurs, whose own use of their tools for other purposes outside business takes a political dimension.
Cyberattacks Linked To The War Represent A Small Proportion
While more attention has been given to the Ukraine/Russian war cyberattacks, they still represent a small proportion of the global cyberattacks, according to the researchers.
For instance, US victims are the most targeted in DDoS attacks, as they represent 25% of all attacks in this category. Next in line are Brazil and Bangladesh 12% and 5%, respectively. The attacks on Russia and Ukraine only make up about 5% of the entire DDoS attacks.
The researchers also noted that some activities of cybercriminals were effective during the war. These include ransomware attacks using wipers as well as high-profile attacks gathered from Russian public services.
There are also minor acts of solidarity expressive delinquency, and teenage competition, which are not contributing to the armed conflict in any real sense. The researchers noted that the most damaging attacks since the war started are the ones carried out with financial motivation. In this case, the threat actors usually deploy sophisticated tools that can cause havoc on the target’s network or system. This forces them to pay a ransom to stop the attack or retrieve their stolen files back.