Lessons learned from Russia’s cyber war on Ukraine – so far
A new in-depth report by Microsoft offers insight over the borderless, ever-evolving threat landscape and highlights the need for cooperation
The Russian invasion of Ukraine relies partly in a threefold cyber strategy, which is comprised of destructive cyberattacks within Ukraine, network penetration and espionage outside of it, and cyber influence operations targeting people around the world. This, according a report published on Wednesday by Microsoft.
Titled “Defending Ukraine: Early lessons from the cyber war,” this report is the result of ongoing research by Microsoft’s threat intelligence and data science teams, and offers insight into this borderless, ever-evolving threat landscape.
A lot of ground is covered in this report, including in-depth analysis of how Russia distributes its digital operations during wartime; the evolution of its offensive cyberattacks and defensive cybersecurity operations; network penetration and cyber espionage; and cyber influence operations in various countries and languages.
In line with these main themes, the report also offers five main conclusions:
1. Defense against a military invasion now requires – for most countries – the ability to disburse and distribute digital operations and data assets across borders.
2. Recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyberattacks.
3. As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine.
4. In coordination with these other cyber activities, Russian agencies are conducting global cyber-influence operations to support their war efforts.
5. There is a need for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations.
The report offers a comprehensive strategy of combatting foreign cyber influence operations, comprise of four pillars: detect, defend, disrupt and deter.
“Perhaps more than anything, the lessons from Ukraine call for a coordinated and comprehensive multilateral and multistakeholder strategy to strengthen defenses against the full range of Russian cyber destructive, espionage, and influence operations,” write the researchers.
“Wars are won over time, setbacks can be reversed, and Russian agencies have long invested in sophisticated cyber tactics and techniques.”