Despite a wide variety of attacks on IT systems, spectacular or particularly effective cyber attacks have not yet been recorded in the Ukraine conflict. The reasons for this are complex.
So far, the large-scale cyber war feared by many experts in the context of the Ukraine conflict has failed to materialise. However, this can change at any time and it is advisable to be prepared for a possible escalation.
Currently, various forms of attack are being registered, which, however, differ only slightly from previously known attack vectors. Numerous DDoS attacks have been observed on both sides. These attacks, which are technically quite simple, regularly paralyse entire websites. They can be commissioned on the internet for little money, which is why they are popular with attackers who do not have specific expertise. However, these attacks are rarely very effective.
There were also numerous web defacements on both sides, mainly on government sites, authorities and public institutions. These attacks are also usually of low complexity. It is enough to find a poorly secured access to the web server to alienate pages or post new pages. Attackers are primarily interested in causing reputational damage. Since web presences are often hosted on external servers at internet providers, access to the internal IT network is usually not possible. Moreover, the manipulations are easy to remedy.
The situation is different when politically motivated attackers or actors with a state mandate usemalware. Several Ukrainian systems have been hit by destructive malware attacks with so-called wipers. These malware are mainly aimed at deleting data or rendering systems unusable. Press reports mention HermeticWizard, for example, which affected various organisations, while IsaacWiper penetrated a Ukrainian government network and CaddyWiper is said to have affected only a few systems in unknown Ukrainian organisations. The exact extent of damage from these wipe attacks is not known and would certainly not be made public in wartime.
Measured against the potential of the cybercrime actors involved, the activities observed fell far short of the possibilities, according to various experts, and the feared digital conflagration has so far failed to materialize. The presumed reasons for this seem to be manifold. The New York Times believes that damage done with military weapons is much more effective. The online magazine Motherboard sees as an important reason that Ukraine has made the protection of its own IT systems much more effective in recent years. In contrast, the Financial Times emphasizes that cyber-attacks require long preparations, for which the small circle of people involved in the preparations for war lacked the time.
Increased caution in matters of cyber security is nevertheless advisable. "The BSI recognises an increased threat situation for Germany," states a situation assessment by the Federal Office for Information Security, BSI, which regularly publishes information on the development of the situation and recommendations for measures. The office warns: "Phishing emails with reference to the Ukraine war are already circulating in German."
The Federal Office for the Protection of the Constitution also advises caution and recommends taking concrete protective measures. "The war in Ukraine continues to be accompanied by extensive activities in cyberspace," the Federal Office for the Protection of the Constitution states on its website. The risk is high that this could lead to "spill-over effects and collateral damage on German agencies". However, companies or public institutions could not only be exposed to attacks by mistake, but could also be targeted: "Acts of cyber sabotage against companies in the CRITIS sectors, but also against the political sphere as well as against military institutions, are possible at any time," warns the BfV.
In another article, you will find out what effective protective measures can be look like.
