The physical Russian war of aggression on Ukraine is accompanied by cyberattacks – and although most of them are not very sophisticated, some of them bear the signature of well-known Russian state hackers. Many of the Russian state sponsored hacking groups have expanded their cyber capabilities in the past in alarming ways, causing significant damage in some cases. Among other attacks, "Not Petya" for example hit a large number of international companies such as Maersk, DHL and Merck in addition to countless Ukrainian companies, causing billions in damage. With attacks on power plants in Ukraine and on a petrochemical plant in Saudi Arabia, the Russian state hackers also showed that they are capable of executing complex cyber-physical operations and that they do not hesitate to cause potential life-threatening consequences.
Security researchers from Ukraine have been studying Russian attacks for years and have observed not only their professionalization, but also how they built permanent backdoors into software. Just because we don't hear too much of cyber attacks in the light of the devastating physical war in Ukraine, doesn't mean they don’t happen. So is the Russian war in Ukraine the “cyberwar” many people in the security field were expecting to happen? And what does this mean for all of us? In order to understand how to assess the threats and consequences of future cyberattacks and to find out how to prevent them, it is important to analyze past and ongoing attacks and to understand Russian cyber capabilities.
In this session we analyse the history of Russian cyber attacks and the capabilities of Russian state hackers in cyber warfare. Together with two Ukrainian security researchers Marina Krotofil and Oleh Derevianko, we will pragmatically discuss attacks on Ukrainian and international infrastructure in the past years and their relevance to the current situation. We will as well look into the future and find out how to best increase cyber resilience of our infrastructures.