In recent weeks, it has often been the fear: if Ukraine is invaded by Russia, it will be accompanied by a major digital attack. For example on the power supply. Now, more than a week after the raid started, no such major attack has yet taken place.
Such an attack can have major consequences. If the power goes out, civilians will suffer as a result, but communication will also become a lot more difficult for the army, for example. The fact that such a scenario has not yet happened does not mean that nothing has happened at all. And a major attack could theoretically take place at any moment. Everyone is on alert, also in the Netherlands.
Two major attacks in recent years
In recent years, Ukraine has become what some call the “playground” of Russian hackers. The country was heavily attacked twice. The first time was in 2015, when hundreds of thousands of households were without power for hours just before Christmas due to a hack at power plants.
Two years later, it was NotPetya ransomware that hit the country hard. Not only Ukraine is affected, but there were problems worldwide. From a hospital system in the US, an oil producer in Russia, to the world’s largest container transporter Maersk and the port of Rotterdam. In 2020, six Russians, working for secret service GRU, were charged by the US for this attack.
The Dutch port company APM Terminals also suffered from the attack:
It is therefore not surprising that such an attack was once again taken into account in advance. That this has not happened so far has surprised the cybersecurity sector. This also applies to Hugo Vijver, a former employee of the Dutch intelligence services and who specializes in digital conflicts.
But, he notes, just because no major attack has been observed yet doesn’t mean nothing is happening. “The attacks that are taking place just don’t seem to have the desired effect yet.” Vijver takes into account that Ukraine is better able to stop attackers than in previous years. “They have learned from major digital attacks in recent years.”
Wipe out computer systems completely
The most notable attacks that Dave Maasland, director of security company ESET, has seen so far happened with so-called wiper malware† Its purpose is to erase computers’ hard drives, so that they no longer even boot. If that happens in one go, it can shut down a company or government agency.
“It became active hours before the invasion and was extremely targeted; they were planned, a lot of preparation went into preparatory work and seemed to be coordinated. For example, a Polish customs post was affected by it, so that refugees could hardly or not cross the border. government agency affected.”
The timing suggests that Russia is behind the attack. But according to Maasland, it is not yet possible to say that.
For the rest, he mainly sees sites that are taken over and receive a front page from the counterparty, a so-called defacement. There are also many DDoS attacks, whereby a lot of internet traffic is fired at a website, which is temporarily less accessible or not accessible at all.
It’s either more difficult than expected, or they weren’t ready yet, or they’re keeping it in reserve.
The question of why more is not forthcoming is not entirely clear to Maasland either. “It’s either more difficult than expected, or they weren’t ready yet or they’re keeping it on hand. Or a combination of those three.” One of the things that stands out is that the internet infrastructure is still working. The Russian armed forces themselves may also need the Internet for their communications.
Kiev TV tower hit
Hugo Vijver also takes into account that there is still a big blow to come. “What struck me is that the Russian army bombed the television tower. While you can also attack television services digitally. I don’t know how to read that yet.”
He does think that with the raid, the chance of a major digital attack is decreasing. “You would think that if it had started, it would have already happened.”
The risk of digital attacks is not just a matter for Ukraine. The West is also keeping a close eye on developments. The Dutch NCSC (National Cyber Security Center) sees “so far no concrete indications” that digital attacks related to the war have an impact on the Netherlands. But it does not rule out “possible consequences and attacks in the Netherlands in the future”.
It is entirely possible that Russia is holding back attacks to punish countries for imposing sanctions.
“Anyone who is not on the side of Russia should be concerned about attacks,” says Hugo Vijver. “It is very possible that Russia is holding back attacks to punish countries for imposing sanctions. I think Russia’s focus is still mainly on Ukraine. But that could of course change.”