What we observe every day in the Russian-Ukrainian conflict must stimulate every country to adopt stringent measures to face widespread and unscrupulous attacks, which involve very high human and economic costs.
The war in Ukraine is being fought on all fronts and, in addition to soldiers, guns and planes, we are now in a all-out cyber conflict, which perhaps claims fewer victims directly but certainly not indirectly. It is therefore extremely important to be aware of this in order to face the attacks that come from Russia not only to Ukraine, but to all the main Western countries, with Italy particularly exposed and in the crosshairs. There awareness it is in fact the first stage to be able to activate forms of deterrence, invest in training and develop new technologies.
As the well-known general wrote already in 1830 Carl Von Clausewitz, in his famous treatise on military strategy Of the war, "War is nothing but the continuation of politics by other means, it is an act of force to disarm the enemy and reduce the adversary to our will." What we are observing in the ongoing conflict recalls the words of the Prussian strategist and animates the discussions in newspapers, blogs and think tanks around the world around a war fought on several fronts: to the traditional physical mobilization of troops and land vehicles, yes alongside more subtle tactics, apparently less destructive (but certainly no less nefarious) that extend to the impalpable new cyber dimension, the cyber war, directed against Ukrainian institutions and infrastructures, but also against the states that have taken sides against the adventurism of the new Tsar Putin.
The cyber conflict, wrote Emanuele Galtieri, CEO of Cy4Gate recently, relies on an escalation of techniques and tactics that primarily affect the emotional sphere of a community, aiming to weaken it through the creation of doubts and uncertainties capable of generating in the 'attacked the perception of an attacker capable of expressing an overwhelming force and such as to induce the opponent to more easily accept the conditions for surrender. It is a war that, while not neutralizing the adversary's ability to use force, insinuates itself between the cracks of a supposed inferiority, to bend its will and induce it to surrender.
And in fact, as the months go by, the cyber attack strategy adopted by Russia is becoming increasingly clear: before the invasion there had been important "cyber bombings" in the form of the so-called Distributed denial of service (DDoS) to the detriment of institutions or companies. Massive attacks, consisting in sending large amounts of data simultaneously and from multiple parties to specific strategic targets (government organizations and critical infrastructures) to prevent access to network resources, thus preventing the provision of essential services. But it was clearly only the first step because, in reality, this beginning was intended to be a way to temporarily hide from the eyes of Ukraine and the international community the planning of a second and more serious phase of the attack with employment (all 'currently in progress) of a more powerful weapon than DDoS, malware, often recently created, therefore unknown and capable of escaping cyber defense systems, real "cyber bombs" created specifically by groups of hacker activists linked more or less officially to the secret services and state institutions.
The first malware, Galtieri recalled, had already been identified by experts in the days immediately preceding the attack of 24 February; it's about HermeticWiper, a product capable of irreparably damaging the system data needed to start a PC as well as overwriting other data on the storage disks to make all the information stored therein unusable. Once deleted, files are no longer recoverable and PCs are no longer restartable. The purpose of HermeticWiper is therefore not to steal information, but simply to destroy it. The particularly insidious malware uses very effective cloaking techniques, which hinder their identification in real time.
Immediately after February 24, a second malware appeared, called Cyclops Blink, attributed to Sandworm, a group of Russian hackers close to the country's state apparatus. The malware acted by infecting firewalls produced by the US company WatchGuard (generally used to protect business accounts), and then implanting itself on infected devices with the aim of exfiltrating the stored data to an external command and control. It is a persistent malware and which - going to take root in the firmware of the infected device - with a simple reboot or factory reset cannot be eliminated.
In short, we find ourselves facing a war carried out by groups that do not wear uniforms, without an identity and a framework of rules of engagement to respect: in addition to Sandworm, in fact, the Russians are supported by others threat actors aggressive, such as Conti, who created the powerful ransomware of the same name, Red Bandits (which describes itself as a group of Russian cyber criminals) and Coming Projects (a group that creates ransomware).
On the Ukrainian front, however, the EU or NATO did not officially respond to the call to cybernetic arms of Ukrainian President Volodymyr Zelensky, but the well-known international activist group "Anonymous" which, on its twitter account, declared "cyber war" to the Russia and has already caused a breach on the website of the Russian Defense Ministry, publishing all the databases available there online. There remains the doubt that behind Anonymous there may also be hidden apparatuses of Western states willing to support, albeit not explicitly for obvious reasons, the cause of the Ukrainian people.
Prepare the defenses
The Ukrainian experience makes it clear how the availability of advanced cybernetic technologies and skills enables forms of conflict that arise, spread and extinguish at the speed of light, wars capable of breaking down any barrier imposed by the distances and physical and political borders of a nation. (it is said in fact that the cyber war has replaced national borders with the less palpable ones of fire-walls), and in which the traditional "ambush" is supplanted by a cybernetic "surprise effect" perpetrated with unknown and insidious malware, which make the scenario even more complex and uncertain. And these are wars that can be fought with technological weapons that are much cheaper than traditional weapons. Even countries with scarce financial resources can more easily equip "cyber troops" or to enlist threat actors external to the state apparatuses capable of unleashing effective attacks against states that in the classic terms of arming of air, land and sea are considered "powerful".
In this complex scenario of precarious global geo-political balances, concludes Galtieri, it is essential to activate robust defenses along four lines.
- First, developing a high degree of sensitivity on the subject, in the awareness that we have now entered a state of permanent cyber warfare.
- According to, enabling the institutional actors (from the National Cybersecurity Agency to the Armed Forces, from Intelligence to the police forces), through the definition of a clear regulatory framework and well-structured rules of engagement, to exercise their role in all its fullness of national cyber security guardians, authorizing them to implement cyber countermeasures to deterrence and deter attackers.
- Third, investing heavily in training, from an early age, in the disciplines pertaining to the cyber domain to create a pool of resources that will make the policies of development and growth of the skills necessary to strengthen the national cyber defense capacity sustainable in the long term.
- Fourth, promoting the development of proprietary national products and technologies also through the use of public-private partnerships and dedicated incentives to the industry that invests in research and development in the cyber sector.