Cyberattacks in the context of Russia’s war on Ukraine could intensify and pose a threat beyond the borders of the two belligerents. States, companies, but also individuals must organize a “passive defense”, as explained to 20 minutes Nicolas Arpagian, director of cybersecurity strategy at Trend Micro.
To your knowledge, have cyberattacks ever been carried out against Western organizations?
It’s very difficult to definitively impute the things we see. There are attempts at intrusion, bundles of converging technical elements.
In this universe, two dimensions should be considered. First, there is the takeover or destabilization of computer structures, sites and servers. Then there is the informational dimension, with disinformation campaigns in order to influence public opinion.
In the context of the current conflict, we found that in the days preceding the intrusion, the Ministry of Armies and Ukrainian banks had been attacked. The idea was to start creating a climate of tension. These are visible attacks with tangible effects for the general public.
What can we currently fear on an international scale?
What is feared is that cyberattacks which were still symbolic, will actually spread beyond Ukrainian borders. Among the concerns, there is that concerning “active charges” hidden in infrastructures.
You mean like ticking time bombs?
When Vladimir Putin promises a global war, the question is already whether the states which have shown their support for Ukraine and tried to calm Putin’s ardor have not been exposed to offensive actions for n anywhere in the world, by cyber mercenaries.
These are people who carry out actions in a political agenda, at the request of a sponsor, while their essential activity generally consists of “simple” villainous activities. In the event of detection, the sponsoring government can thus exonerate itself from all liability. What cyber enables is therefore asymmetry: a few isolated individuals can launch attacks. Cyber is not the plain of Waterloo with two armies facing each other.
We have seen the Anonymous reappear for a few hours…
These are diffuse actions of people who do not know each other. We see the mechanics starting again, as in the Arab Spring, but this is not a guarantee of performance or sincerity. It is neither strategic nor very complex to implement.
Can the media be impacted?
Yes. An example: the site of 20 minutes or any other daily which may possibly receive 5,000 visitors at the same time could be blocked if it were sent 15,000 requests simultaneously. This is called a “denial of service”. It disturbs without altering.
But in a cyber war, the Grail corresponds to the famous TV5 Monde affair where there was an attempt to take control of the antenna in 2015. The latest existing analysis on this file considers Russian responsibility. We are typically in the informational attack which aims to mark the spirits. If someone took control of 20 minutes, it would be to create a stunning effect, with a political, ideological, but not economic message, with no proven desire to weaken the company.
Are our businesses protected?
Yesterday, the boss of Euronext encouraged his teams to print certain documents in order to keep a memory for essential information…
The question of vigilance in the digital domain is therefore essential.
In 2016, France adopted a military programming law that targeted three hundred companies in twelve sectors of activity (telecoms, water treatment, energy, certain media, food, etc.). This law gave rise to the NIS (Network Information Service) directive in Europe and concerns companies whose failure would have impacts beyond their strict economic scope.
If tomorrow there is no more electricity, the supplier company in spite of itself impacts hospitals, schools, individuals… The companies concerned have therefore reinforced their level of protection on access management, the duplication of their information…
We therefore encourage all companies, communities and administrations to investigate, to ask themselves whether the backups of their equipment have been made in order to be able to reconstitute their assets if necessary.
Can our interactions with social networks become dangerous?
Viginum, created by the French State, aims to detect possible disinformation campaigns, to distinguish between legal free expression or the component of a broader destabilization operation. The problem is to detect the information early enough, to analyze it, to propose a range of actions: do nothing, request the intervention of the platform publisher, legal proceedings, diplomatic action… The electoral period which opens is conducive to disinformation campaigns. Among the constraints, those consisting in intervening within strict deadlines…
I, an individual, should I be worried?
It is not useful for a state to target individuals. They will be in the last line. But despite everything, everyone must be aware of the digital risk and the current digital risk: make backups, multiply their identifiers, not click on a suspicious link… And as an employee, if I click on a link, it can also affect my company. In case of doubt, it is essential to alert your IT department and contribute to a passive defense.