AI/ML, AI benefits/risks

What security pros can learn about AI from the Russia-Ukraine war

Battle war drone flying in the sky, an unmanned combat aerial vehicle, controlled by war ground control station.

For better or for worse, war drives innovation. From the defense of Syracuse led by Archimedes to the Manhattan Project's atomic bomb to Alan Turing’s decryption “bombe” at Bletchley Park, warfare has spurred invention. Two years into the conflict and we can say the same about the Russia-Ukraine war. A “living laboratory,” Ukraine leverages and evolves information technology to stand its ground against the Russian Army, despite being outnumbered and outgunned.

With assistance from the U.S. and European allies, Ukraine managed to slow and turn back the Russian invasion. While headlines speak of the West supplying tanks and artillery, behind the scenes, Ukrainian forces look to advances in software, especially cybersecurity and AI.

From the onset of the conflict, Russia engaged in a series of high-profile cyberattacks, employing various tactics to support conventional warfare efforts: 

  • Destructive attacks aimed to damage systems or permanently delete data.  
  • Disruptive attacks slowing down services, including Distributed Denial of Service (DDoS) attacks.
  • Data Theft that exfiltrated strategic data for espionage, surveillance, and intelligence purposes.  
  • Disinformation operations targeted at spreading propaganda, false information and psyops.  

From the start of hostilities, these types of attacks were prominent: Russia attacked communication systems at the Kyiv Post and the KA-SAT satellite network. And, Russians engaged in data-wiping worm attacks against Ukrainian government websites and launched cyber-attacks targeting border control to hamper fleeing refugees. These attacks were followed by assaults on Ukraine's digital infrastructure, blocking access to financial services and energy providers.  

Ukraine responded by bolstering cybersecurity measures, establishing partnerships with international allies and recruiting cyber experts. This preparation helped Ukraine repel most Russian attacks, to retaliate and embarrass Putin’s regime, hacking railways and financial institutions. Ukraine also leverages low-cost artisanal tech, taking out Russian assets with off-the-shelf drones.

As the war dragged on, cyber operations have gained sophistication. Russians continue to disrupt and spread misinformation, but also engage in more serious activities, hacking security cameras to spy on troop movement and disrupting energy and telecommunications networks. The worst attacks occurred in May-December 2023, directed at Ukrainian mobile operator Kyivstar. Ukraine Security Service (SBU), reported that Russia had been inside the telecom giant for months and destroyed its “core,” with grievous impacts on mobile and data services.  

The spillover

The CyberPeace Institute has reported that attacks associated with the Russia-Ukraine conflict impacted nearly 50 other countries. For instance, the Vatican website suffered a DDoS attack after Pope Francis condemned Russia for invading Ukraine.  

Other incidents inflicted “collateral damage.” A Russian attack on U.S. firm Viasat, a provider of internet service to Europe and Ukraine, destroyed 5,800 modems in wind turbines belonging to German utility Enercon. Other indirect victims included organizations hacked by Russian cybercrime gangs, with money siphoned to fund the Russian war machine.    

The tactics and techniques employed by both nations have set new precedents, prompting nations worldwide to reassess cybersecurity postures. The result has been increased awareness of the need for robust measures and international cooperation to counteract evolving cyber threats. 

Nations and organizations, recognizing the significance of staying ahead of evolving cyber threats, are investing heavily in R&D, accelerating development and deployment of advanced cybersecurity technologies. The attacks against Kyivstar illustrate that no organizations are safe from proficient hackers. As a result, even as the war has degraded European and global economies, cybersecurity budgets have grown substantially.  

Cyber war moves to the cloud, use of AI/ML

Cloud-based cyberwar highlights new attack surfaces, with targets combining on-premises networks and cloud-based assets. The attack against Kyivstar destroyed more than 10,000 local computers and 4,000 servers, and also took down harder-to-quantify cloud storage and backup systems. Ukrainian hackers also know their way around the cloud, disrupting Russian Bitrix24 cloud services, host to numerous Russian companies.  

Ahead of the conflict, Amazon, Google, Microsoft, and Starlink worked to protect Ukraine from Russian cyberattacks, migrating crucial government data to the cloud to keep the country connected.

Vendors of AI technology like Palantir were quick to inject their wares into the conflict. Since day one, Ukraine leveraged AI to analyze satellite imagery, open source data, drone footage and ground reports to guide military operations, saving a myriad man-hours and thousands of lives.

These tools integrate commercial and classified government data, including gathering evidence of war crimes, clearing land mines and resettling refugees. The war now offers an “industry standard” for AI and cybersecurity products, with vendors touting “battle-tested in Ukraine.” Here are four takeaways:

  • Combine and coordinate defenses: Complement “need to know” with systemic “need to know everything.” Share cyber intelligence with peers, allies, and government.
  • Balance infrastructure with endpoint defenses: Just because new threats target the cloud doesn’t mean that desktops and mobile clients need less protection.
  • Act locally, think globally: With migration of resources and operations to the cloud, the scope of attack surfaces now extends well beyond enterprise premises.
  • Embrace automation: Modern attacks occur at internet speed. Don’t rely on human actors to formulate response and take defensive actions

Security pros should take note that the Russia-Ukraine war has shown that planning and preparation, coupled with technology, manpower, intelligence (and a little help from friends) go a long way in thwarting even the most fearsome cyber threats. There’s much security pros will continue to learn from this conflict.

Asaf Shahar, vice president of products, Skyhawk Security

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.