Russia’s repeated military failures in Ukraine have amplified the significance of the information battleground, says Oleh Derevianko, a leading Ukrainian cybersecurity expert based in Kyiv.
“It was always one of their core focuses. But because of their failure on the battlefield, disinformation operations, psychological operations like hack and leak attacks, and deep fake attacks will be even more and more important for them,” said Derevianko, the Co-founder, Chairman and Chief Vision Officer of Information Systems Security Partners, a private cybersecurity company founded in 2008 in Ukraine and now operating globally.
“I think that anything that can help them divide Ukrainian allies or influence public opinion in specific countries so they could try to make them doubtful will be one of their prime targets,” he said. “There will be disruptive cyber attacks as well, but disruptive cyber attacks really take a lot of time, whereas you can have huge quantities of hack and leak attacks, or attempts to undertake them.”
Shortly before Derevianko spoke, a Russian missile barrage pounded Kyiv. The Russian onslaught is now entering its second year, and Derevianko maintains that the war was made possible because Russia was successful in its disinformation operations in the first place.
“Thanks to their propaganda and disinformation inside of their country, they persuaded their own population about all these narratives that they’re disseminating there, portraying Ukraine as some kind of Nazi state and so on,” he said. “We know that with their narratives, they managed to create a very strong public opinion in Russia itself that support the war.”
Ukraine has enlisted foreign governments and international volunteers in its information campaign against Moscow, and “I think it’s pretty clear that Ukraine and its allies are winning the information war against Russia, at least in the West,” Derevianko said.
“Without the proper counter-disinformation campaigns, Ukraine and its allies wouldn’t be able to maintain the right perception about Russia as an aggressor. This informational component is extremely important for the purpose of maintaining allies’ support for Ukraine and supplying everything that’s needed to win this war,” he said.
Initially, the Russian disinformation campaign did hamper foreign governments’ willingness to supply Ukraine militarily, Derevianko said.
“Russia was pretty successful in the first months of this war in making the West extremely fearful of so-called escalation and nuclear conflict,” he said. “Even though I believe that many experts believe that they would never dare to do that because they would be fully destroyed, it dominated public opinion and many of the political circles of many countries. How long did it take for them to supply more powerful weapons to Ukraine?”
The significant international cyberspace aid “was pretty useful for government institutions because many of the government institutions were really not well equipped with the technology,” Derevianko said.
The private sector, by contrast, had core technologies available, and the key lesson to be learned from Ukraine’s current experience in cyber warfare is that “people, and the quality of your team’s skills, matter the most in cybersecurity,” he said.
“You can have all the technology on earth, but it really depends on the quality of your people and how well your processes are operationalized,” he said.
Another lesson he’s drawn is that organizations should have contingency funding available for deep full compromise assessment. Without that kind of evaluation, they’re open to more severe variants of the attack they’ve mitigated, he said.
Ukraine didn’t have a lot of suppliers of red and blue team exercise platforms or cyber ranges until recently. What it did have “is the real exercises,” he said, as it’s been facing Russian cyber attacks since 2014, the year Moscow invaded Crimea and annexed it from Ukraine.
That same year, Russian-backed separatists also seized power in parts of the Donbas region of eastern Ukraine. Two days before launching its full invasion, Moscow declared two areas of the Donbas, Donetsk and Luhansk, as independent states.
“Since 2014, we’ve appeared at the front lines of cyber warfare,” Derevianko said. “Ukraine became a testing ground for cyber war. We realized that Russia was not just attacking Ukraine, but also testing and developing techniques and capabilities, using Ukraine as a playground for that.”
“There are continuous attacks and response, continuous attacks and response and the need to recover,” he said. “So basically teams were trained to respond to huge attacks, not just in terms of detecting and mitigating them, but also to recover from them, which means that for us, resilience is extremely important.”
After the full scale invasion started, cyber attacks multiplied threefold in 2022, Derevianko said. The CyberPeace Institute, a non-profit organization in Geneva, documented 249 cyber incidents against entities in Ukraine last year, as opposed to 464 cyber incidents against entities in nation-states that are not the combatants.
Derevianko estimates that more than 60 different groups are executing attacks against Ukraine and its allies.
The attacks that were relatively successful for Russia were against those targets to which the threat actors had access before the invasion began, including the communications system that was struck on the first day of the war or another attack against a nationwide telco company that culminated in March 2022 but the company had been breached back in January, he said.
Once the invasion began, there was “a clear tendency for using simpler and more easily modifiable tools rather than the tailored, specific attacks that they were executing before, when they had time to prepare,” he said.
Today, “I would say that Russia may be much more interested in cyber attacks aiming at espionage rather than disruption.”
Derevianko doesn’t think the Russians have had a strategic impact with their cyber attacks.
“I don’t think so, and I don’t think they were capable of doing that,” he said. “This is the result of Ukraine – and especially private sector operators – taking care of cybersecurity for the last eight years, and especially since 2017.”
That year, a wave of powerful cyberattacks using NotPetya malware targeted Ukraine, hitting the Chernobyl nuclear power plant, government ministries, media, utilities and financial institutions before spreading to other parts of the world. The attacks have been blamed on Russia, which has denied responsibility.
Asked if Russian cyber capabilities were overestimated, Derevianko replied: “I don’t think that the Russian capabilities were overestimated. I think that overall cybersecurity attacks as a method of modern warfare was overestimated by the general public and possibly political decision makers. Not in the sense that it’s not risky, but overestimated in the sense that it can create the same damage as the kinetic missile strikes.
“Cybersecurity has a strategic importance during warfare because it lets you keep all your services to people functioning.”
While Russian attackers put Ukrainian government institutions in their sights, their primary targets were commercial enterprises such as banks, telecoms, media, energy, and defense and security companies, Derevianko said.
“Even though the number of attacks increased, you don’t see many sophisticated attacks because you need a lot of manual work to execute those attacks,” he said. “Smaller companies are of course a big target, especially those who are within the supply chain to larger enterprises, to the government, to the defense and security sector, or to critical infrastructure.”
Because of the private sector preparation, the attacks were disruptive but not calamitous, he said. Cyber attacks and military attacks on civilian targets have often taken place in close proximity.
Ransomware attacks are down this past year, and he assumes that hacking groups that were engaged in financially motivated attacks are now being hired for state-sponsored attacks. What’s more, Ukraine was not a major magnet for ransomware attacks before the war because it is not as wealthy as many of its Western allies, he added.
Ukrainian officials, breaking new ground, have maintained that the Russian digital warfare constitutes a war crime and wants the International Criminal Court in the Hague, a war crimes tribunal, to investigate.