Skip to main content
banner image
venafi logo

Did the Cloud Provide Safe Haven in the Ukraine-Russia Cyber War? [Microsoft Perspective]

Did the Cloud Provide Safe Haven in the Ukraine-Russia Cyber War? [Microsoft Perspective]

microsoft-lessons-from-cyber-war-and-cloud
July 6, 2022 | Brooke Crothers

Microsoft asserts that the public cloud has proved to be a relatively safe haven in the face of ongoing Russian cyber-attacks, which the company spells out in a report “Defending Ukraine: Early Lessons from the Cyber War.”

Machine identity is essential for security. Find out how Venafi can help.
">
Foxblade was first salvo of war

Microsoft begins the report by pointing out that it was one of the first to detect the start of the cyber war.

(See full 29-page PDF of Microsoft report here.)

“The first weapon to be fired was the wiper software that we call 'Foxblade,'" launched against computers in Ukraine on February 23, 2022, according to Microsoft.

Microsoft’s Threat Intelligence Center (MSTIC) detected the launch against 19 government and critical infrastructure entities across Ukraine.

Foxblade was developed and launched by the same group associated with Russian military intelligence that launched the NotPetya attack against Ukraine in 2017, Microsoft says.

But Russian cyber tactics in the war have differed from those in the NotPetya attack against Ukraine in 2017.

“That attack used ‘wormable’ destructive malware that could jump from one computer domain to another and hence cross borders into other countries. Russia has been careful in 2022 to confine destructive ‘wiper software’ to specific network domains inside Ukraine itself. But the recent and ongoing destructive attacks themselves have been sophisticated and more widespread than many reports recognize,” the report said.

Disperse to cloud

“We remain the most concerned about government computers that are running on premises rather than in the cloud,” Microsoft said.

As an example of the danger this poses, Microsoft says on-premise networks were an early target. “Russia not surprisingly targeted Ukraine’s governmental data center in an early cruise missile attack,” the report said.

And the destructive wiper malware attacks also targeted on-premises computer networks.

Prior to the war, Ukraine had a longstanding Data Protection Law prohibiting government authorities from processing and storing data in the public cloud. This meant that the country’s public-sector digital infrastructure was run locally on servers physically located within the country’s borders. A week before the Russian invasion, the Ukrainian government was running entirely on servers located within government buildings—locations that were vulnerable to missile attacks and artillery bombardment."

--Defending Ukraine: Early Lessons from the Cyber War, Microsoft, June 2022

Tech companies, including Microsoft, rallied to help.

Within 10 weeks, Ukraine’s Ministry of Digital Transformation and more than 90 chief digital transformation officers across the Ukrainian government worked with the company to transfer to the cloud many of the central government’s most important digital operations and data, the report said.

Ukraine’s government “successfully sustained its civil and military operations by acting quickly to disburse its digital infrastructure into the public cloud, where it has been hosted in data centers across Europe.”

Microsoft goes on to say that that “while not perfect and some destructive attacks have been successful, these cyber defenses have proven stronger than offensive cyber capabilities.”

Microsoft attributes this to “threat intelligence advances,” including the use of artificial intelligence and internet-connected end-point protection which “has made it possible to distribute protective software code quickly both to cloud services and other connected computing devices to identify and disable…malware.”

Cloud as haven but concern about future attacks

Kevin Bocek, VP, Ecosystem & Threat Intelligence at Venafi, said that dispersing computer resources to the cloud makes it harder for bad actors.

“Ukraine is dispersing its computing resources to the cloud to a) make it harder to find b) reduce the impact of any one attack c) make it easier to detect malicious activity on an otherwise well-hidden resource,” Bocek said.

“The public cloud makes it easy to do this,” he added.

But future attacks could move to the cloud.  “We are likely to see in the future attacks on clouds to reach these military targets. This will bring collateral damage to other cloud users. Bringing the war closer and closer to Europe and rest of the world,” Bocek said.

Five Conclusions

The report offers five conclusions from the first four months of the war.

(1) Defense against a military invasion now requires for most countries the ability to disburse and distribute digital operations and data assets across borders and into other countries.

(2) Recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyberattacks.

(3) As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine.

(4) In coordination with these other cyber activities, Russian agencies are conducting global cyber influence operations to support their war efforts.

(5) The lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations.

Report criticism

Finally, it should be noted that there was some media criticism of the report by CyberScoop, a cybersecurity news site.

“Leading cybersecurity experts and foreign policy scholars began raising serious questions and concerns…and they complained that Microsoft is attempting to characterize the state of the cyber conflict in Ukraine to further its commercial interests,” the article said.

“Microsoft’s powerful global market position, the potential commercial benefits from positioning itself as a bulwark against Russian cyberattacks and the extremely delicate situation in Ukraine make this report’s bold claims and lack of data concerning,” the article added.

Related Posts

Like this blog? We think you will love this.
ip-spoofing
Featured Blog

What Is IP Spoofing?

What is IP Spoofing?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more