In our previous three blogs we introduced Naoris Protocol with Hello World, then highlighted the scale of the cybersecurity problem and followed with the current cybersecurity industry position and how this needs to change in the face of exponential failure across the digital world.

For our fourth blog, we shift focus to bring you a special report about the nature of cyber attacks that have a physical impact in Ukraine. Amidst the horror and destruction taking place, there’s another aspect that is underreported; the invisible war of cyber warfare, which is a cyber-physical attack that is executed in cyberspace that has a kinetic impact within the physical world.

Needles and Haystacks

It’s important to understand that cybersecurity is not just for the business and enterprise realm, it’s a warfighting domain and has long been leveraged by every military force on the planet. In the cyber realm, there are no borders therefore regional rules do not apply

Whatever critical infrastructure a nation-state controls, there’s a high probability it’s already backdoored in some way, meaning at the hardware or software level, there is a backdoor capability for a threat actor to subvert in ways we can’t necessarily imagine.

Let’s take for example a nuclear power plant. A backdoor could allow for a meltdown, Chernobyl style, all controlled remotely, maybe a logic bomb that’s been there for a year or even a decade and it is completely undetectable, it’s just sitting there sleeping, waiting to be remotely activated by some command and control logic or waiting on the system clock to reach a certain time and date for it to execute.

The complexity of nation-state infrastructure hugely increases risks like these and if you’re looking for something that’s well hidden, the probability of finding it from the beginning is very low. It’s like looking for a needle in a haystack.

But let’s imagine there are multiple needles in the haystack, and now you don’t just have a single haystack, you have tens of thousands or hundreds of thousands of haystacks all with hidden needles. So you try and organize people to look for the endless needles. The victim nation is now on the back foot because in cyber warfare you will always expect to lose. The only objective left is to try and maintain morale and mitigate how much you are going to lose by.

A History of Cyber Warfare In Ukraine Since 2014

Ukraine has suffered a series of cyberattacks since 2014, becoming a training ground for hackers shutting down computers, crashing software, knocking out power supplies, freezing supermarket tills, and forcing the government to prop up the hryvnia currency. Attacks on hospitals, power utilities, and the financial system were rare until recently, but organized cybercriminals, many of them living in Russia, have aggressively targeted Ukraine’s institutions using ransomware and malware.

In December 2015 in western Ukraine, a first-of-its-kind cyber attack cut the lights to 225,000 people with hackers also sabotaging power distribution equipment to complicate attempts to restore the power back to normal. Later in December 2017 when the lights went out in northern Kyiv, power supplier Ukrenergo suspected a cyberattack and hired investigators to help determine the cause. The hacking group Sandworm is thought to have hidden malware in Ukrenergo’s IT network going undetected for six months whilst acquiring privileges to access systems. Now with virtual access, it was just a flip the switch for the group to take the power offline.

In the last two months of 2016, hackers targeted Ukrainian state institutions about 6,500 times, officials said. Among the 6,500 attacks were the Finance and Defense ministries and the State Treasury which allocates cash to government institutions. A suspected hack also wiped out part of Kyiv’s power grid, causing a blackout in part of the capital. The attack on the State Treasury halted systems for several days, with state workers and pensioners unable to receive salaries or payments on time.

In 2017, a virus and dropper called NotPetya hit Ukraine and spread around the world, paralyzing thousands of machines and networks of institutions from governmental to healthcare as it spread to dozens of countries. NotPetya combined ransomware that could propagate itself across networks. It spread malware to millions of Windows machines creating a series of malicious activities including credential theft, token impersonation, malware propagation, remote execution of malware, MBR ransomware, system shutdown, and anti-forensics.

The estimated cost was $10billion.

Declared by some as the most devastating cyberattack in history, software became a weapon spread by a handful of people who were disrupting ports, crippling corporations, and freezing government agencies, all through a single piece of code.

Just before the invasion began on Feb 24th, 2022, a newly discovered piece of destructive software was found. A data wiping program dubbed HermeticWiper, had been installed on hundreds of machines across the country, an attack that had likely been in the works for at least the past couple of months. The attack required existing access to execute, meaning networks were already compromised. Here’s a technical breakdown by SentinelOne of the HermeticWiper.

Between Feb 23rd & April 8th, 2022 Microsoft said Russian government hackers carried out a total of 37 Russian destructive cyberattacks inside Ukraine that appeared to support Moscow’s military attacks and online propaganda campaigns. The reported intrusions suggested that hacking played a bigger role in the conflict than was publicly known. The digital onslaught, which Microsoft said began one year prior to Russia’s invasion, may have laid the groundwork for different military missions in the war-torn territory.

On April 29th & 30th 2022, the pro-Russian Eastern Killnet group launched a massive Distributed-Denial-of-Service (DDoS) type cyberattacks against Ukrainian and Romanian national infrastructure sites by injecting malicious JavaScript code called BrownFlood into compromised WordPress sites according to the Computer Emergency Response Team of Ukraine and the Romanian SRI. The Romanian Intelligence agency also found that attackers exploited network equipment outside Romania taking control by exploiting vulnerabilities to conduct attacks on sites in Romania. The agency also states that Killnet has launched DDoS attacks on sites of institutions in the U.S. Estonia, Poland, the Czech Republic, and also on NATO sites.

These stories are now appearing weekly…

A Tool To Hurt Society

Attacks like this appear from various directions, targeting communications, infrastructure, governmental, and the military, demoralizing the population and creating a panic that the government can’t keep its population safe. The objective for Ukraine is to try to mitigate damage and keep things running for as long as possible while maintaining morale as similar cyber threats will be occurring at multiple levels.

This is the invisible war.

Over time the debilitation and gradual destruction of government and civic infrastructure like hitting power sources, for example, will interrupt the capability to carry out everyday banking, which disrupts business, and starts to devalue the currency.

It’s a tool to hurt society that benefits the attacker, eroding trust in the sitting government which the attacker can leverage when they invade, betting the population ‘will welcome us with open hands.’

From a social cohesion perspective, these attacks destroy real-world infrastructure; all the way from leaving logic bombs, undetectable pieces of malware, or long-term sleeper advanced persistent threats within systems that are critical for the country. In the event of a counterattack or a political move that usurps the threat actor, these invisible attacks are used to achieve the overall objective.

In this context, the capabilities of the threat actor are so much higher than the capabilities to mitigate, which increases the potential of other threats, like military confrontation by orders of magnitude.

Because the victim knows they cannot deal with the overwhelming ‘invisible’ attacks, they may focus energy elsewhere, which may mean that for the observer they may end up inadvertently shooting a missile in the wrong direction. The victim also knows they cannot defend their own infrastructure creating further escalatory risk.

A potentially terrifying example of the invisible war with not so invisible consequences emerged following the Trump administration’s expansion of the U.S. nuclear doctrine in 2018. Imagine a cyber attack that disables pipelines, turns off power to U.S. hospitals, wreaks havoc with air traffic-control systems, or shuts down the electricity to major cities? Under the revised policy the U.S. could consider nuclear retaliation in the case of “significant non-nuclear strategic attacks” including “attacks on the U.S., allied, or partner civilian population or infrastructure giving the president the military option to launch nuclear weapons at Russia, China or North Korea if that country was determined to be behind such a devastating cyber attack. The Biden administration is now conducting its own review of the current U.S. nuclear posture.

Low-Cost Chaos

War and its hardware is an expensive business. Cyberweapons on the other hand have almost no cost associated with them. There are no manufacturing difficulties and it’s easy to take existing cyber weapons and create hundreds of variations, cyber warfare is not only revolutionary, but it’s also an innovation space.

With Russia’s capability to build war machines greatly reduced because of a lack of access to chips and technology created by economically crippling sanctions, NATO countries will expect massive multi-pronged cyber warfare attacks.

If Russia wants to build more cruise missiles, it’s costly to import electronic components, almost impossible to import from countries they can’t deal with anymore and they take time to produce. Whereas if you have a cyber weapon, you can control+C control+V the cyber weapon forever and it doesn’t cost anything. So cyber warfare supports Russia’s war efforts in Ukraine, with low cost being a motivation to continue the war in cyberspace.

Because cyber defense is so weak with no capability to enforce security standards to look for the needles in the haystacks in a way that’s trusted and verifiably true, then cyber warfare is easily executed, and in a centralized way by a very small number of people, at a very low-cost meaning nation-states have a very hard time coping.

On top of this, the U.S and Western allies’ defense budgets and conventional military firepower which costs $1.2 trillion per year, are now obsolete in this cyber domain, almost as if it was a parallel universe to cyber. This war machine is built for a war of the past, cyber warfare is, unfortunately, a war of the future.

Attribution Is Pretty Much Impossible

If there’s an attack for example on a nuclear power station in a NATO country, it’s impossible for that country to know exactly where it came from. So what’s the answer?

The International Laws of War says that a country can respond in a proportional way, equivalent to the threat waged against it. If somebody sends you a missile, you can send them a missile, if they attack using artillery, you can use ground forces, etc.

But if a cyber attack destroys a country’s energy supply and collapses the entire stock market and the damage to the economy is huge, how do you answer? How do you retaliate when an attack appears out of nowhere? Do you send bombers? What do you do when you do not know who it is?

Imagine a cyber weapon is launched by Russia against a country, it is detected, reverse engineered and the victim country finds in the code that all comments in the code are for example, in Israeli, or in Chinese? So there is the potential to create conflict through deception. An extended example of false attribution and its massive multi-pronged consequences of another warfighting domain it is leveraging — Deception and Psi-Ops.

Another example is supply chains. Let’s take military equipment and imagine there’s a plane with hundreds of thousands of components that are being delivered from all over the world. If some of the hardware comes from a manufacturer that is a potential adversary then there might be a kill switch on a specific piece of hardware that you never discovered is actually a backdoor. There is currently no way to deal with this at all.

And It Rolls Both Ways

Cyber-physical attacks started in 2009, and although neither country has openly admitted responsibility, a malicious computer worm called Stuxnet on Iranian nuclear facilities, first uncovered in 2009 but in development since 2005 is understood to be a cyberweapon joint venture by the United States and Israel in a collaborative effort known as Operation Olympic Games.

Stuxnet targeted (SCADA) systems causing substantial damage to the nuclear program of Iran, a cyberattack that went against international conventions to disable their nuclear power stations without warning. It destroyed 1000 centrifuges in the Uranium enrichment facility, a virtual attack with physical consequences that were exploding without anybody knowing why, but it was the Stuxnet worm virus making them explode. Rotating 10 times the speed they were manufactured for, they would explode, destroying all the other centrifuges around them, making running a nuclear power station for Iran financially impossible

In response, Iran set up its own teams and systems to clean up the Stuxnet. With more than 30,000 IP addresses affected in Iran, the problem was compounded because Stuxnet could mutate, with Iran advising against using the Siemens SCADA antivirus since it was suspected it contained embedded code that updated Stuxnet instead of removing it. Since Stuxnet, countries started to develop cyber armies with Pandora’s box being opened with Stuxnet being the first.

The NSA intelligence organization has its own cyber army that is constantly looking for exploits and vulnerabilities to penetrate foreign networks. One was the Eternal Blue exploit designed to attack the world’s most common OS, Microsoft Windows, but the NSA lost control of their own cyber weapon which appeared some years later as NotPetya as mentioned above.

The shadow world of cyber warfare is now big business, is unstoppable, and expanding into new territory, this is now the future of war.

In our final blog of the Naoris Protocol introductory series, Naoris Protocol argues that a Web3 cybersecurity solution could prevent the majority of the above cyber warfare attacks. As we dive deep into the heart of the Naoris Protocol solution, we reveal a radically different approach — how we defend against cyberattacks, how we manage structures that bring awareness of threats, and how we implement those defenses.

About Naoris Protocol

Naoris Protocol is a Decentralized CyberSecurity Mesh for the hyper-connected world. Our disruptive design pattern makes networks safer as they grow, not weaker, by turning each connected device into a trusted validator node. A powerful Blockchain protocol that every company can use to protect against the escalating levels of cyber threat.

Devices are rewarded for trusted behavior fostering an environment that is secure. Participants earn $CYBER staking rewards for securing the network. The more users, businesses, enterprises, and governance structures that come together to establish networks or networks and use the stronger and more secure Decentralized Cyberecure Mesh becomes.

Want to learn more about it?

Visit our Website or check out our Whitepaper

Stay connected: Telegram | Twitter | LinkedIn | Medium | Instagram