Lessons learned about cyber resilience from a visit to Ukraine

Posted on by

It has been widely documented how various nation-state entities from within Russia, the GRU (military intelligence), the SVR (foreign intelligence), and the FSB (state security) are engaged in cyber operations targeting Ukraine, Europe, and the United States.

In addition, proxies from the Russian criminal world have joined the melee, not because Russia requires deniability and would hide behind a third-party aggressor, but rather because encouraging these entities enhances its attack capabilities. In addition, these criminal entities provide a means for gathering stolen credentials to be leveraged in the battle.

Russia excels at social engineering

Russia’s expertise in social engineering is not up for debate; they are good at it and they are effective wielding it like a weapon. They take an all-of-government approach to their efforts, and while the three security services may compete against one another for resources, they do collaborate and cooperate. Ukraine has seen evidence of this in a concerted effort to compromise mobile devices and garner access to Signal (a commercial secure communications application) groups.