The Kremlin’s cyberattack against Ukrainian satellite provider Viasat an hour before the invasion was “one of the biggest we’ve ever seen”. This is how Dmytro Alperovych, co-founder of CrowdStrike and head of the security-oriented Silverado Policy Accelerator think tank, described it. Together with Sandra Joyce, Vice President of Mandiant Intelligence, they analyzed the situation at the RSA conference, writes The Register.
Analysts have suggested that the main goal of the cyberattack was to disrupt Ukrainian communications during the invasion by remotely removing modem firmware. It also shut down thousands of terrestrial terminals with small antennas in Ukraine and Europe but did not have the dire consequences that could have been expected.
American analysts, along with several other malware infections on public and private networks, give US analysts a few key conclusions about how Russian cyber-bandits work and how Ukrainians counter them. According to Alpetrovych, one of the most important conclusions for Ukraine is the importance of sustainability.
Usually Russia succeeds by destroying networks from within. However, Ukrainians can restore them in a matter of hours. The NotPetya virus, which deleted data from energy companies, banks, and other businesses, helped me learn how to do this.
“If the network is destroyed, this is not a big problem, because Ukrainians are ready for it. They have backups, so they can rebuild everything quickly and efficiently. This is what we have less practice in,” Alperovych said.
For example, in the US, recovery from a powerful attack can take weeks. Analysts say they should pay more attention to sustainability.
Another lesson learned from Western experts is not to be afraid of disinformation campaign. During the war in Ukraine, several of these were recorded. For example, in March, false rumors spread that President Zelensky had committed suicide in a bunker in Kyiv. Later, Russian and Ukrainian circles argued that the Polish government wanted to send troops to western Ukraine. Both of these operations were unsuccessful in Ukraine. Although Russian deepfake technologies are becoming more sophisticated, the audience is growing with them.
Ukraine can also teach the West how to respond to incidents of shelling, light outages and IP blocking.
“In general, it’s quite stressful to react to an incident, not to mention to do it during the war. The resilience that Ukrainian defenders are showing right now in the cyber sphere is incredible. Honestly, we have never seen such a reaction to incidents,” said Sandra Joyce, vice president of Mandiant Intelligence.