2022 in cyberwar and what it means for you

2023 might have started with some major hacks, but 2022 was an unprecedented year for cyberwarfare. The Russian invasion of Ukraine was not only the biggest war in Europe since World War II, but the first cyber conflict waged on such a large scale.

In other words, a lot has changed. IT Brew spoke with experts about the lessons learned so far.

A changing threat landscape. Despite major incidents like the Viasat satellite network outage, Russia’s cyberwar has largely fallen flat. Ukraine has remained mostly online, and those attacks haven’t translated to any big strategic advantages. Nor have fears of massive digital retaliation against Ukrainian allies materialized, despite more tension than ever.

“I think everyone expected this to be a completely one-sided war, both in terms of the kinetic and cyberspace,” Mandiant analyst John Wolfram told IT Brew. “Defense has a say in these things. It’s not just up to the attackers.”

According to research by Wolfram and Mandiant Analyst Gabby Roncone, Russia’s GRU military intelligence agency has recently shifted to “living on the edge” tactics, targeting edge devices to gain rapid, persistent access.

“You don’t want to build out a bunch of different multifunctional wipers with cool features just to burn them in an operation,” Roncone told IT Brew. “It makes more sense to just take a really simple tool that does this disruptive job and modify it slightly.”

Insurers are getting wary. As the cost of cyberattacks has skyrocketed, so too have premiums, and insurer reluctance to cover sprawling damages from nation-state attacks. Ritz cracker giant Mondelez reached a settlement last year with insurer Zurich, which cited an “act of war” clause in refusing to cover over $100 million in damages from Russia’s 2017 NotPetya campaign.

“The insurance companies are struggling a little bit with what their exposures are and how to actually underwrite and how to price policies in an effective way, because let’s face it, they’re businesses,” Jeffrey Wheatman, cyber risk evangelist at Black Kite, told IT Brew. “And if they collect less money than they pay out, their businesses will not stay in business very long.”

Wheatman said insurers are filling longstanding gaps in cyber expertise that have hobbled their ability to assess risk, and adjusting policies to account for factors such as potentially open-ended damages from attacks. He added some larger companies now “spread their risk across baskets” by buying multiple policies from multiple providers.

The Mondelez case shows how ambiguity in everything from attribution and policy terms complicates payouts. James Lewis, director of the strategic technologies program at the Center for Strategic and International Studies (CSIS), told IT Brew the legal definition of war is “pretty much what the beholder thinks it is.”

“You can see why it’s in the interest of the insurance company to argue that it’s not [an act of war],” Lewis said.

Kinetic war, cyber sanctions. International sanctions and boycotts on the Russian economy have effectively cut it off from much foreign hardware and software, like Windows. Hundreds of thousands of citizens left Russia to avoid conscription, including 170,000 domestic IT specialists (by the government’s own estimates) by July 2022.

Mikhail Mizhinsky, co-founder of tech relocation advisory Relocode, told IT Brew the exodus of Russian tech workers has slowed, but it’s his impression that those still leaving are thinking strategically about destinations.

“Are these people looking forward to com[ing] back to Russia or not? That’s more important than how many new people are going to leave Russia,” Mizhinsky said. He added that many relocated Russian IT workers “need to stay outside of Russia to be able to provide services to the rest of the world now.”—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.