War in Ukraine – What do Russian hackers mean for the rest of the world?

Parallel to the invasion of Russian troops, Ukraine was exposed to numerous cyber attacks. The rest of the world should also be prepared for attacks by Russian hackers.

The cyber attacks on the country’s digital infrastructure, which were taking place parallel to the Russian troops’ invasion of Ukraine, suggest that President Putin had planned the attack on the neighboring country well in advance. Months ago, Russian hackers smuggled new wiper malware onto computers in Ukraine, which is now specifically erasing hard drives and thus destroying digital infrastructures and databases. The malware was discovered by security researchers from the security company ESET, which announced its findings on February 23 on Twitter. Apparently, the malware called Hermetic Wiper had been smuggled onto the Windows computers via a Hermetica Digital security certificate stolen specifically for this purpose – and that back in December 2021.

In addition to the Hermetic Wiper attacks, a large-scale DDoS attack took place on several Ukrainian government organizations. As a result, these were temporarily unavailable, and military communications could also have been affected. The hackers behind the attacks are supported by the military, who are reportedly targeting mobile and landline networks. The internet went down in the Kharkiv region and the provider Triolan had to go offline after explosions in the city. Tesla founder Elon Musk has now pledged support to Ukraine and activated his satellite-based Internet service Starlink in the country. The technology required for this has reportedly already arrived in Ukraine.

Ukraine is also apparently receiving support from Western hacker groups. The hacktivists from Anonymous have now sided with the country under attack and briefly took over several Russian state media. The message read: “In a few years we will live like in North Korea. […] This is not our war, let’s stop it!” However, it is questionable whether and how much this message can achieve in view of the massive Russian disinformation campaign at home.

But what do the Russian hacker attacks on Ukraine mean for the rest of the world, especially for Germany?

The BSI has already declared the second highest danger level “Orange” for the German administration and companies. Although “there is currently no apparent threat to information security in connection with the situation in Ukraine”, one should also increase vigilance here and ensure the ability to react in an emergency. This is particularly advisable against the background of the threats that President Putin made in response to the sanctions imposed by Western countries and the arms deliveries to Ukraine. Of course, as many feared, these could relate to a nuclear strike against the countries that support Ukraine. However, other attack vectors – such as cyber attacks on critical infrastructures and German companies – are also quite conceivable.

In the US, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued warnings. However, the American authorities warn above all about spillover effects, i.e. attacks on Ukrainian targets could unintentionally spread to other countries.

Against this background, companies and authorities should increase their resilience to cyber threats and prepare for emergencies. The Americans have also issued a joint guideline with tips on how to prepare for an accidental or intended attack. It is therefore recommended to update the software used in the company as well as the antivirus and antimalware programs and to carry out regular scans. Strong spam filters should be used so that phishing e-mails do not reach the recipients in the first place. Password security should also be put to the test and multi-factor authentication installed.