Why Russia's Cyberattacks on Ukraine Have Failed to Make a Significant Dent

pcmag.com:

HELSINKI–At the start of Russia’s invasion of Ukraine, the odds of Russian malware traversing government computers in Kyiv seemed even higher than the chances of Russian tanks rolling down that city’s streets. 

But much as Russia’s armed forces failed to take Ukraine’s capital, its digital attacks have yet to leave much of a dent.

"Russia's attacks have failed surprisingly much, both in the online world and in the real world,” WithSecure Chief Research Officer Mikko Hyppönen said in a talk Wednesday at the Sphere conference(Opens in a new window) here hosted by that firm, an enterprise-focused spin-off of the longtime security company F-Secure. 

The one successful cyberattack he pointed to, a disruption of Ukrainian border-control computers by wiper malware(Opens in a new window) that led to 24- to 36-hour lines for fleeing Ukrainian refugees, happened at the start of the unprovoked invasion. 

"This, my friend, is what cyberattacks look like in war,” Hyppönen said. And it makes sense from a strategic perspective to engage in them, as he noted at the start of the talk: "Cyber weapons are effective, affordable, and deniable."

(In a presentation to media earlier Wednesday, Hyppönen said Russia’s adoption of deniable attacks now includes at least two cases of running fake front companies that advertise work-from-home penetration-testing jobs at high salaries that lure Western "pen testers" into doing the regime’s dirty work.)

But a drastic increase in the rate of attacks has yet to inflict close to a corresponding level of damage. For example, Russian hackers tried to shut down a power plant with malware in April, but Ukraine’s government thwarted the attack. 

Hyppönen credited Kyiv’s successful defenses to the experience