Russian hackers constantly attack the most critical sectors, including government and finance. They are trying to gain access, install malware or steal data. It is not only Ukraine that is under attack; the websites of Czech ministries aimed to help Ukrainian refugees, including the Ministry of Interior, were down for several hours. Our interview with Lucie Kadlecova, Senior Associate on Strategy and Threat Intelligence, Dmitri Stoljarov, Cyber Security Expert, and Veiko Lukmann, Head of Communications at CybExer Technologies, Estonia.
How would you assess the Central and Eastern European region and Estonia in particular regarding cybersecurity?
Lucie Kadlecova: As it comes to the Central and Eastern European region, we have to think in three different ways. Firstly, the talent base, secondly, how governments approach it, and thirdly, business is a separate chapter. I believe our region is a birthplace, a hub for tech talents. It has historical roots; for fifty years, there has been a strong emphasis on technical education in the region. We have some excellent technical universities that can compete with some top technical American universities like MIT or Stanford. This is visible in different global cybersecurity, technology, and robotics competitions. Estonia is the most digitally advanced country in the world. But other countries in the region are not lagging either. In general, the governments of the Baltic States put much emphasis on cybersecurity. In the Czech Republic, the government already said a couple of years ago that we want to be a regional leader in cybersecurity. I think that we are working on it. If one mentions Estonia and technology, people probably associate with Skype. Moreover, there are other globally known cybersecurity or IT companies in the region, such as the Czech Avast, which is one of the top three antivirus companies, and the Slovakian ESET. Of course, there are some challenges, but I am convinced that our region is on a good track.
Dmitri Stoljarov: I think that the most significant benefit of Estonia is the size of the country. Implementing cybersecurity-related laws and regulations in such a small state is much easier. Another essential advantage of small countries is that people working or dealing with cybersecurity in different sectors, like telecommunication, finance, and government, know each other. Thus, it is easy to communicate. You can see them online; you can also meet and discuss the emerging problems and share information.
What are the region’s and Estonia’s biggest challenges in this respect?
Dmitri Stoljarov: That we need to stay safe. The biggest challenge is that the whole cyberworld is changing from week to week. So, we have to know what is happening in the world and constantly research and prepare ourselves, our environment, and our infrastructure to be aware of all the emerging good and bad things.
Several EU countries are offering support to Ukraine in the form of a Cyber Rapid Response Team (CRRT). What can we expect from this team?
Dmitri Stoljarov: The CRRT will be a great help to Ukraine. The Response Team has excellent professionals who will help Ukrainians identify the possible attacks and strengthen the systems to protect critical infrastructure, the financial system, and the government sector. In Ukraine, many people are dealing with the physical war now, so there are fewer available resources to deal with cybersecurity. Therefore, it is beneficial that other countries can help Ukrainians stop or mitigate cyberattacks.
Veiko Lukmann: CybExer Technologies had several projects in Ukraine. We experienced that Ukrainians are talented. Ukrainian education, especially technical education, has been quite good. Mathematics, natural science, and the industrial sector are traditionally important in the country. I believe Ukraine is resilient!
Is it possible that Ukrainians’ talent plays a role in why we cannot see more Russian attacks?
Dmitri Stoljarov: We can already see that the Russians lack access to some services. However, many sophisticated attacks are not immediately noticed. If something is affected, it can still stay silent and stealthy for weeks, months, or even years before being identified and removed from the systems.
Veiko Lukmann: The war in Ukraine has messed up the world. Everyone focuses on the kinetic conflict; however, there are also cyberattacks. Concurrently with the physical battles, malicious actors may work on something we do not see yet since our attention is on other incidents. Thus, I think cybersecurity threats will increase due to the war. It is in the news that all kinds of services are under attack in Russia as well. During the war, people will discover new vulnerabilities in the IT systems, and they can develop new ideas based on their findings. Therefore, cybersecurity threats can become even more complex in the future.
Lucie Kadlecova: We can approach this from two points of view. Firstly, there are possibly secretive attacks that can target critical infrastructure. These can affect how the state and the infrastructure works. Secondly, there are more visible attacks that target the psychological state of people. Examples are defacing important state websites or DDoS (distributed denial-of-service) attacks. These are more visible to the population and can have psychological effects; Ukrainians and Russians can experience them now. Moreover, we also saw them in other countries, for instance, in the Czech Republic. The Czech Ministry of Interior’s website was not available for several hours. Other ministries involved in the assistance of Ukrainian refugees experienced the same with their websites.
Dmitri Stoljarov: The usual strategy is that the hackers try to attack from various places simultaneously during the different types of cyberattacks.
How would you assess the Anonymous attack on the Russian state TV channels? Was that effective from the perspective of the war?
Dmitri Stoljarov: I prefer monitoring different sources. But there are much fake news and disinformation nowadays. Everybody assumes that Russian hackers did it. They are highly skilled, especially those who have been state-sponsored. They have the equipment, the knowledge, and the power to conduct attacks in two different ways.
The most dangerous escalation scenario is the nuclear war, and cyber operations might increase its likelihood. How probable is such a scenario?
Lucie Kadlecova: This is super difficult to predict. I am not a nuclear war expert, but I think we are now in a psychological game, where we are threatened by nuclear war, which nobody wants to happen. I believe the Russian government is fully aware of what a nuclear war could cause to the innocent European population and what it would mean for Russian citizens. So, I think it is mainly a psychological game, but we can only hope that a nuclear war will not happen.
We expected Ukraine’s basic internet infrastructure to be subject to an extensive Russian hacking attack, but this did not happen. Communication channels seemingly still work in Ukraine.
Dmitri Stoljarov: I heard from various sources that Russians are constantly attacking the most critical sectors, namely the financial and government sector, internet service providers, and critical infrastructure. They are trying to gain access to the systems, plant some malware or steal some data. However, Ukrainians are capable of resisting. Psychological approaches are often used in this type of warfare. For example, many attacks are started at the end of the week, on Friday afternoons, because at that time people are already tired of work. They want to go home to see their families and enjoy the weekend. So, they are paying less attention to phishing emails and malicious files. They think that it is already leisure time with family or friends. Hackers can cleverly exploit this psychological aspect when people pay less attention than usual.
How can someone avoid reading fake news? What can be the solution for an average media consumer?
Veiko Lukmann: Many citizens take all online content as edited and controlled information. The truth is that anyone can easily and quickly upload information to distract or achieve some broader, malicious implications. Furthermore, on social media, information is flowing basically freely. Thus, it is very difficult to block the spreading of disinformation on social media platforms. Many people have a deplorable personal information hygiene level; humankind must radically improve on this. It is challenging to vaccinate people against disinformation, although there are some simple rules. Firstly, do not get yourself in heated discussions on social media, or at least try to keep your head cool if you do. Secondly, do not share everything you see, and do not click on all kinds of links. Thirdly, double-check all the information that looks suspicious or comes from unknown sources. If you have some hesitations, google it and check if it has any proof behind it.
Dmitri Stoljarov: It would be a terrible idea to cut off Russia from the global internet in the current situation. It would prevent Russian people from seeing the real picture. Then they would have no chance to get information besides Russian propaganda and local sources. When I am holding my cybersecurity training for the younger generation, I always emphasize that they ought to share the basics of cybersecurity with their family and closest friends. They might have parents or grandparents who are less educated. We should teach them how to verify that an e-mail has been sent from a trusted source, how to decide that it does not have suspicious attachments, that they should not open everything, that they should not click on all links, and that they should check their social media messages.
How can the war escalate from the perspective of cybersecurity?
Veiko Lukmann: I think this war is building up on every level. People are finding new ways to act maliciously, which will be a threat in the future. In addition, technology may advance to new levels after a war. We have seen that in human history many times.
About CybExer Technologies: CybExer Technologies is a NATO-awarded Estonian cybersecurity company. They have wide-ranging experience providing and maintaining highly sophisticated IT platforms with a special focus on cyber capability development. CybExer’s flagship product is its proprietary cyber range solutions.