The Ukraine crisis has made it clear that cyber warfare has long been a reality. In a guest article, Richard Werner, Business Consultant at Trend Micro, describes the current situation and possibilities for de-escalation.
Russia is considered a country that does not prosecute cyber crime, and the fact that several cyber criminals have been arrested here since January came as a surprise at first. Politically, however, we are walking on a minefield. Because: The arrests can contribute to easing the Ukraine crisis as a sign of goodwill.
However, if the situation worsens, they can also prepare for state-supported piracy and economic warfare.
In mid-January, some protagonists of the Ravil ransomware group were arrested by Moscow. Security researchers noted satisfaction that this led to fear and confusion within the cyber criminal scene. Many feared losing a haven with Russia. But ransomware actors, like the buccaneers of the sea, are only a pawn in politics. The fact that Ravil was specified should be taken as a clear sign. The group was behind the attack on the US Colonial Pipeline at the time – the only attack on a critical infrastructure that triggered a more than apparent political reaction.
In doing so, Moscow is giving potential copycats a sign that Western observers also took as a concession. In an escalating conflict with Ukraine, such as the one we are witnessing, it would be inconvenient for Russia for various reasons.
Two types of cyber-warfare
Forms of cyber warfare, such as cyber espionage, disinformation campaigns, or disruptive attacks on a country’s critical infrastructure or server systems, can only be understood by those who deal with the nature of cyber weapons.
More minor actions can have a limited impact – we’ve seen this for over a decade. Because it is impossible to identify the originator and his motivation unequivocally, these are political weapons that work as long as they can frighten people. More significant incidents that target a country’s critical infrastructure or entire IT systems, on the other hand, are complicated for state perpetrators to control – and are therefore actually unsuitable as a weapon of war. NotPetya from 2017 serves as an example. This attack most likely turned out to be a government cyber-attack in disguise because the technology of distribution and the damage inflicted was enormously advanced, quite in contrast to the ransomware part, which was so underdeveloped that a diversionary maneuver can be assumed instead of a monetary motive.
Ukraine was considered the primary victim, but European, American and Russian companies were also affected by NotPetya. Because similar to nuclear, biological, and chemical weapons, digital weapons cannot be restricted in their effectiveness.
In a connected world, they meet everyone. Anyone who uses them as a weapon in a conflict must also expect to hit non-participating nations and themselves sooner or later. On the other hand, if the perpetrator tries to use the gun in a controlled manner, one needs personnel to “supervise” it effectively.
This requires specialists to ensure success for each company targeted. This high expenditure of resources automatically limits the number of possible victims.
De-escalation instead of hacking back
Previous incidents such as Stuxnet, an influential computer worm discovered in 2010, or NotPetya have proven that it can cause enormous damage with targeted actions. A war opponent could use weapons like these to cause massive problems in another nation in an escalating conflict – with consequences for other states. Because just like the use of a nuclear bomb, an uncontrolled digital escalation of the crisis between Russia and Ukraine would also affect Germany, Europe, and the whole world.
However, since the consequences are much milder than those of a nuclear threat, this scenario could be a minor deterrent for military “hawks.” It is all the more important to prioritize diplomatic conflict resolution. It can be assumed that today every country has the means to react defensively. The federal government is at least in possession of the necessary technology to hack back to counter attacks. Cyber warfare is now firmly established in some nations, and attacks are used strategically as a result. As a rule, however, state perpetrators are more interested in using cyber attacks to manipulate public perception or stage diversionary maneuvers than to cause permanent, far-reaching disruptions – for example, to critical infrastructures. The psychological effect predominates at this point. Successful cyber attacks only produce selective damage that is difficult to assess, which at best paves the way for a conventional strike but does not replace it.