Microsoft’s Defending Ukraine report offers fresh details on digital…

Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. “There is no going back to normal.”

Last week Microsoft published an in-depth examination of the early cyber lessons learned from the war in Ukraine, offering fresh insight into the scope of Russia’s malicious digital activities and new details about the sophisticated and widespread Russian foreign influence operations surrounding the war. Microsoft has been uniquely positioned to observe the digital landscape in Ukraine since Russia invaded on February 24 and even before then.

Company President Brad Smith noted in March that in addition to funding humanitarian technical relief efforts, Microsoft deployed its RiskIQ platform to identify cybersecurity vulnerabilities in the Ukrainian government system. The company “provided a list of exposed and vulnerable systems to the Ukrainian government that had unpatched high-impact common vulnerabilities and exposures (CVEs) that could provide a foothold for attackers.”

Microsoft security specialists were among the first to discover pre-invasion malware attacks in January that took down around 70 Ukrainian government websites. The company also deployed protections for newly discovered and destructive malware into Microsoft 365 Defender Endpoint Detection (EDR) and Anti-virus (AV) protection on-premises and in the cloud.

In his foreword to the new report, Smith discusses the importance of the first shot of any war, drawing parallels between the current conflict in Ukraine and the 1914 assassination of Archduke Franz Ferdinand, which launched World War I. In the present context, Russia’s first shot against Ukraine was a damaging cyber tool deployed against Ukrainian computers called Foxblade as early as February 23, right before the war began.

Smith said that Russia’s invasion strategy in Ukraine includes “three distinct and sometimes coordinated efforts—destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world.”

This article appeared in CSO Online. To read the rest of the article please visit here.