Season 3 / Episode 163
Before it invaded Ukraine, Russia was considered - and rightfully so - a cyber superpower. But a month and a half into the war, the lights in Ukraine are still on, as well as cellular communications and other important infrastructure. Lior Div (Cybereason's CEO), Yonatan Striem-Amit (CTO & Co-founder), and Sam Curry (CSO), talk about what we learned so far about the conflict - and what we might see in the future.
- Episode 22
- Episode 23
- Episode 24
- Episode 25
- Episode 26
- Episode 27
- Episode 28
- Episode 29
- Episode 30
- Episode 31
- Episode 32
- Episode 33
- Episode 34
- Episode 35
- Episode 36
- Episode 37
- Episode 38
- Episode 40
- Episode 42
- Episode 43
- Episode 44
- Episode 45
- Episode 46
- Episode 47
- Episode 48
- Episode 49
- Episode 50
- Episode 51
- Episode 52
- Episode 53
- Episode 54
- Episode 55
- Episode 56
- Episode 57
- Episode 58
- Episode 59
- Episode 60
- Episode 62
- Episode 63
- Episode 64
- Episode 65
- Episode 66
- Episode 67
- Episode 68
- Episode 70
- Episode 71
- Episode 72
- Episode 73
- Episode 74
- Episode 75
- Episode 77
- Episode 78
- Episode 79
- Episode 80
- Episode 81
- Episode 82
- Episode 83
- Episode 84
- Episode 85
- Episode 86
- Episode 87
- Episode 88
- Episode 89
- Episode 90
- Episode 91
- Episode 92
- Episode 93
- Episode 94
- Episode 95
- Episode 96
- Episode 97
- Episode 98
- Episode 99
- Episode 100
- Episode 101
- Episode 102
- Episode 103
- Episode 104
- Episode 105
- Episode 106
- Episode 107
- Episode 108
- Episode 109
- Episode 110
- Episode 111
- Episode 112
- Episode 113
- Episode 114
- Episode 115
- Episode 116
- Episode 117
- Episode 118
- Episode 119
- Episode 120
- Episode 121
- Episode 122
- Episode 123
- Episode 124
- Episode 125
- Episode 126
- Episode 127
- Episode 128
- Episode 129
- Episode 130
- Episode 131
- Episode 132
- Episode 133
- Episode 134
- Episode 135
- Episode 136
- Episode 137
- Episode 138
- Episode 139
- Episode 140
- Episode 141
- Episode 142
- Episode 143
- Episode 144
- Episode 145
- Episode 146
- Episode 147
- Episode 148
- Episode 149
- Episode 150
- Episode 151
- Episode 152
- Episode 153
- Episode 154
- Episode 155
- Episode 156
- Episode 157
- Episode 158
- Episode 159
- Episode 160
- Episode 161
- Episode 162
- Episode 163
- Episode 164
- Episode 165
- Episode 166
- Episode 167
- Episode 168
- Episode 169
- Episode 170
- Episode 171
- Episode 172
- Episode 173
- Episode 174
- Episode 175
- Episode 176
- Episode 177
- Episode 178
- Episode 179
- Episode 180
- Episode 181
- Episode 182
- Episode 183
- Episode 184
- Episode 185
- Episode 186
- Episode 187
- Episode 188
- Episode 189
- Episode 190
- Episode 191
- Episode 192
- Episode 193
- Episode 194
- Episode 195
- Episode 196
- Episode 197
- Episode 198
- Episode 199
- Episode 200
- Episode 201
- Episode 202
- Episode 203
- Episode 204
- Episode 205
- Episode 206
- Episode 207
- Episode 208
- Episode 209
- Episode 210
- Episode 211
- Episode 212
- Episode 213
- Episode 214
- Episode 215
- Episode 216
- Episode 217
- Episode 218
- Episode 219
- Episode 220
- Episode 221
- Episode 222
- Episode 223
- Episode 224
- Episode 225
- Episode 226
- Episode 227
- Episode 228
- Episode 229
- Episode 230
- Episode 231
- Episode 232
- Episode 233
- Episode 234
- Episode 235
- Episode 236
- Episode 237
- Episode 238
- Episode 239
- Episode 240
- Episode 241
- Episode 242
- Episode 243
- Episode 244
- Episode 245
- Episode 246
- Episode 247
- Episode 248
- Episode 249
- Episode 250
- Episode 251
- Episode 252
- Episode 253
- Episode 254
- Episode 255
- Episode 256
- Episode 257
Hosted By
Ran Levi
Exec. Editor @ PI Media
Born in Israel in 1975, Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast, Making History, with over 14 million downloads as of Oct. 2019.
Author of 3 books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.
Special Guest
Lior Div
CEO and Co-Founder of Cybereason
Lior began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.
Yonatan Striem-Amit
CTO and Co-Founder of Cybereason
Yonatan is a machine learning, big data analytics and visualization technology expert, with over a decade of experience applying analytics to security in the Israeli Defense Forces and Israeli Governmental Agencies.
Sam Curry
CSO at Cybereason
Sam is a Visiting Fellow at the National Security Institute, and prior to joining Cybereason was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.
The Russia-Ukraine Cyberwar [ML B-Side]
Transcription By Trivikram Muralidharan
[Ran] Hi and welcome to Cybereason’s Malicious Life B-Sides, I’m Ran Levi.
Well, it finally happened. Ever since Stuxnet in 2010, security professionals have been talking about the emerging role of cyberattacks on the battlefield. About how cyber superpowers would be able to bring their adversaries to their knees by disrupting the most important infrastructure with sophisticated cyberweapons. Russia is, without a doubt, a cyber superpower. We covered many Russian cyber operations in Malicious Life, from political espionage and psychological warfare to actual attacks such as NotPetya, SolarWinds and more. Russia’s invasion of Ukraine last month seemed to be the perfect opportunity to see that superpower in action on an actual battlefield. But a month and a half into the war, it seems that most of these expectations failed to materialize.
Although there’s obviously a lot of deliberate misinformation and fake news from both sides, we can say with at least some confidence that Russia dropped the ball with its cyber operations as it did with plenty of other aspects of its military operation. So, what happened? What kind of cyberattacks did Russia try to unleash against Ukraine, and how successful were they? In this B-Side episode, we bring you a recording of a live webinar in which Lior Div, Cybereason’s CEO, Yonatan Striem Amit, Cybereason’s CTO and co-founder, and Sam Curry, Cybereason’s Cyber Security Officer, all frequent guests of our podcast, talk about what we learned so far about cyber operations in the Russia-Ukraine conflict.
Enjoy the episode.
[Sam] Hello, and on behalf of the Cybereason team, welcome to today’s webinar, discussing the cyber attack risk in the Russia-Ukraine conflict. Thank you all for coming. My name is Sam Curry, and I’m joined today by our CEO and co-founder of Cyber Reason, Lior Div, and our CTO and other co-founder of Cybereason, Yonatan Striem Amit. So with that, I’d like to start maybe with a high-level question, Lior, for you. What are some of your overall thoughts on the Russia-Ukraine conflict and geopolitical implications before we dive into cyber?
[Lior] Actually, we are living right now in a fascinating environment. I think that this is the first time for many, many years in an unfortunate situation that we see a massive country like Russia is actually in an act of war in another country, specifically the Ukraine right now. And this is an opportunity for us to see how big countries are behaving and using cyber as part of their ability to conduct warfare. Needless to say that it’s a very sad situation right now, but I believe that we learn massively about the ability to use cyber in warfare and the role that cyber, as we know it today, is taking part in the warfare and the agenda for those big countries.
[Sam] Yonatan, anything that you would add about the geopolitical situation, about what it’s like both politically and economically in Russia, and maybe a little bit of the motivation behind the Ukraine conflict?
[Yonatan] It appears pretty clear that the current conflict is an imperialist desire of expansion within the Russian, a sub-definition of the Ukraine and the Russian being, in the Russian eyes, kind of one and the same people. So there’s an expansion within the natural boundaries of what the self-perceived be part of the greater Russia scenario, which goes back to a lot of the background from the Soviet Union days. What is interesting in the case of cyber here, the perception ahead of the war was of Russia is a provable superpower in cyber. We’ve seen it with everything from the DNC hack back before the 2016 election over here, many influence the information warfare being executed by the Russian government through the RIA and the Russian Internet Agency. In this conflict right now, cyber seems to be taking a relatively backseat in this environment. It’s fascinating to understand what are the drivers for this kind of behavior and put it differently, what is the role of cyber within this conflict is a fascinating question for us to explore today.
[Sam] So let’s dive into that a little bit and we’ll zone in deeper and deeper. Lior, I think you’ve described it as an escalating scale of conflict in geopolitics that there’s a first we do this and then it gets more serious and more serious. On that escalating scale, where does cyber show up and how?
[Lior] Yeah, it’s fascinating to see that in this case, and I have to refer to what Yonatan said at the beginning, Russia was perceived as a massive basically superpower when it comes to cyber. This is a country that basically executed the NotPetya attack in 2017, influenced an election as Yonatan said, but most lately we saw kind of the SolarWinds attack, super sophisticated attack, on the US government and the cartel of ransomware that’s happening in Russia, basically state ignored. With all of this knowledge that we collected through the years, we were sure that the first thing that Russia will do is to leverage their capability in cyber in order to weaken the Ukraine, making sure that they have a much more easier area to penetrate and then basically to start the act of war.
The first assumption that we had before, it was that the first attack gonna be on a cellular network in the Ukraine to basically take down the ability for the Ukraine people to communicate internally and inside the army. And to be honest, at the beginning of the war, what we saw, we saw an attempt to take down the satellite company in the Ukraine. This is specifically the satellite company that control the command and control of the Ukraine army, but that was a failed attempt. And a few days ago in the 28th of March, we saw another attack on the telecommunication, the national telecommunication, the mobile company in the Ukraine that was down for probably a few hours and then pushed back on the attack, managed to recover and no damage or real damage has been done. So there is a conflict right now and something that we will need to dive into – kind of the gap between one hand the superpower that we saw in the past that Russia represented when it’s come to cyber to the actual foot on the ground type of attack that we see in the Ukraine that they are super not successful right now.
[Sam] So we had first the REvil arrests. We’ve had Conti looks like it’s been nationalized, even general increase in hacking activity that if not directly in the employee, at least aligned or maybe something shadowy is happening. What’s the role of cybercrime in this? Maybe I’ll ask first Yonatan then Lior, what’s the role of cybercrime in this? And is there a polarization happening or is this business as usual?
[Yonatan] So we’ve seen a couple of interesting phenomena. First across both sides of the fence, cyber actors, especially in the kind of non organized part are drafting themselves for the war. On the Russian side, we’re seeing REvil, the arrested and effectively nationalized Conti and other groups are calling out and clearly aligning themselves with the Russian government and the Russian current operation and current war in the Ukraine. On the other side, from the West side, we’re seeing everything from anonymous to other groups aligning themselves and saying we will use our powers in a non–organized, not nationally organized manner, to go and inflict damages back on Russia.
That goes with against companies in Russia and even companies in the Western world who have not in their mind gone sufficiently extreme in the way they disconnected themselves from Russia. We’ve seen attacks in other companies that were not perceived to be sufficiently aligning themselves in the side of the against Russia front and getting hacked by anonymous and others saying this is a punishment for not taking a more active stance in the war. So definitely the broader cyber scene is being very active here. There’s a second layer that’s worth talking about, which is the role of cryptocurrency, which is an adjacent field. Both the Ukraine and Russia have gone extremely vocal and active in allowing and supporting cryptocurrencies as a payment method in order to overcome cyber vulnerabilities and other and of course sanctions within the legacy banking system.
And naturally, every time cyber currency gets involved here, an increase about hacking activity comes with it in order to try to attempt and subvert some of these transactions for other purposes. So definitely a lot of in the financial area work on cyber as well as a kind of private and criminal and then non national organization working on both sides. But it does look very clear that Russia has been bringing a lot of the private or the criminal hackers into default and working in aligning them across missions, objectives and activities with the more national government activity.
[Sam] So the Ruble devaluing, it looks like cryptocurrency is, if anything, more stable at this point or gaining in value because of its use. You mentioned attacking the cellular network and just brought up critical infrastructure. What’s the splash effect here? What’s the potential for it to go beyond the physical boundaries and into other areas, both digital and physical?
[Lior] In order to understand it, we have to almost go back more than a year ago to understand what was the dynamic with Russia, specifically with the U.S. and then to understand kind of how it’s evolving as we speak right now. So if you go back more than a year ago, you can see that once President Biden was elected and it was a switch in the governments here in the U.S. and suddenly we saw a switch between a massive type of attack that’s coming from China that’s starting to be less vocal. I’m not saying that the Chinese stop attacking, but it becomes less prominent or less vocal.
And we’re starting to see the Russian type of attack or attack that’s coming from Russia starting to be very, very active, specifically in two different dimensions. One is the state-sponsored one, the one that specifically going after espionage and kind of the most prominent one was the solar wind attack that we saw here in the U.S. Basically, this is the Russian government going after the U.S. government in order to collect intel. But then we saw another fascinating thing. This is a growing ransomware cartel in Russia starting to basically become stronger and stronger. And we used to call it state-ignored. And as Yonatan mentioned, the state-ignored become now state-controlled when Putin basically arrested the REvil group and recruited them.
This is two kinds of dimensions that the Russians were very, very active. But there is another one that this is the influence campaign, the warfare of information that Russia basically managed to do in a very, very successful way in the election in 2016 and the election in 2020. Basically, this is the capability to influence what people think and making sure that they’re choosing the candidate that Russia wants to president or any other thing. So if you think about Russia, they were operating in the state-sponsored, in the state-ignored that becomes state-controlled, and the information warfare, that that’s kind of the third capability that Russia presented during kind of the past few years.
Now to your question, when you go forward, it’s fascinating to see that in the warfare on information, right now the Ukraine people are basically have the upper hand, and they are the one that controlling the narrative, while in the past Russia showed that they have this capability, they’re unable to execute it when it’s come to a real war. And this is true to the state-ignored and to the state-controlled and to basically state-sponsored attack that they are not successfully executing. So we are in a fascinating point in time that right now it’s look like Russia is losing the battle, but I will not be rushed to say that Russia don’t have those capability. So our assumption right now in Cybereason is that we’re gonna see a bounce back specifically from the ransomware cartel, and specifically when the sanction on Russia becomes stronger and stronger, and Russia need to do something, and that will be kind of almost the easy button for them to push, and to let go all those group that they’ve recruited to start doing a massive type of ransomware attacks specifically on the US to create the pressure on the economy here in the US.
[Sam] So this is interesting, so we’ve got on the ground, we’ve got foreign fighters in a foreign legion for the Ukraine, and now we’ve got a Ukraine IT army, we’ve got nationalization of resources in Russia in the cyber crime community. In the escalation of this, my first question to either of you is what do we have to worry about outside of these countries with this militarization of the internet, who should be worried, what organizations and what sorts of things should they be worried about, or is that knowable at this point?
[Lior] I’m not sure that right now we actually know, but I think that we can learn from the past and assess what will be in the future. For example, I’m pretty sure that after the situation that we have right now, it’s gonna be a debrief inside Russia, in the government, to assess basically what was successful and what wasn’t successful. I think that there is a lot of lesson learned that they’re gonna basically conclude it, and I’m pretty sure that what we’re gonna see, we’re gonna see a massive investment in cyber because this is something that will give them the ability to become a superpower. I think that they were very, very successful, unfortunately, with the ransomware cartel that was basically a private cartel, it was not sponsored by the government, but now when the government will have control on this cartel, they have massive amount of capability to create an attack and a very sophisticated attack. So I don’t think that this is kind of the last inning of this play, this is just the beginning.
[Sam] No, I hear you. Yonatan.
[Yonatan] I would like to add, there’s a couple of interesting firsts in this war, and a couple of interesting things we can learn pre-war that may or may not become something that is part of the future operation of military conduct. We’re seeing, as Lior said earlier, from an information warfare perspective, it’s fascinating. Russia was by far one of the strongest influencer in carrying out information warfare across the entire Western world, and appear to be not successfully doing so right now.
However, we’ve had for the first time, for example, militarization of AI in the form of deep fakes, a fake of President Zelensky claiming he’s giving up and the war should be abandoned and the Ukrainians should escape, clearly a fake attempt by the Russians to dissuade the local fighters on the ground. We’re seeing telecommunication not being disrupted by cyber, but definitely when missiles hit infrastructure, it has a similar effect. Let’s not forget, the war started, we’ve had a couple of wiper attacks, the Hermetic Wipers and others were destructive malware attempting to bring down the system, these by and large failed to get traction, but they’re not very dissimilar from NotPetya, who was a very successful campaign that actually spilled from the Ukraine really globally and caused billions of dollars of damages as well as loss of lives and other horrible and horrendous operations.
This is not a very dissimilar activity, however, this time, it did not succeed, unlike the NotPetya campaign. There’s definitely a lot of firsts here, and as Lior said, I’m pretty sure that post-hoc a lot of strategists across the world will ask themselves, what is the better way to utilize cyber to sow confusion and doubt in the war? I think if we’re to postulate that when the cannons are heard, the hackers are silent, I don’t think that’s the case. I think we’re still in the point where we’re re-evaluating and constantly assessing how are things changing, however, we do know that the rate of change and the rate of development of assets in cyber versus in wartime are not necessarily compatible. There’s a question of how to better align the success capabilities of the cyber realm with those of legacy on the ground warfare.
[Lior] To give an example of how hackers are evolving, and this is something that for us was fascinating, you can go back all the way to NotPetya in 2017. Back then, NotPetya was spreading all over the world. Cybereason was the company that we were the one that found the kill switch to find a way to stop it. When we reverse engineered it, we knew that this is a government act. We managed to find the kill switch, we released it first over Twitter, then basically CNN caught it and starting to spread the word. And using those two communication methods, we managed to stop the spread of NotPetya. Then as a company, we sent a team to the Ukraine to help the cybersecurity police over there in order to do a full investigation.
And what we discovered with others that we’re not talking about ransomware attack. We’re talking about basically the Russian trying to disguise a failed espionage operation by encrypting all the computer that their malware and their payload was installed. So that was the story about NotPetya. But then what you see, you see the evolution of those attackers all the way to 2020 when SolarWinds was hitting here in the US, if you reverse engineer the code and the payload of SolarWinds, what you will find there, you will find that those hackers basically check if Cybereason is installed on the machine. And if we were installed on the machine, basically they decided not to hack because they knew that we will be able to find them.
So in this demonstration, what you see, you see an attacker that got hit once by a private company that basically managed to discover them and evolve and learn to basically deciding not to attack if we’re there in order to avoid the fact that we will discover them because their main goal was to go after the US government and specifically part of the US government. So this learning and evolution of cyber capability, this is something that I believe that we’re going to keep seeing in the near future. And as Yonatan said, it’s the evolution of how the Russian government will use cyber and not just them, the Chinese, the Iranian and the rest of the world. This is something that many, many countries are going to learn deeply and evolve in the near future.
[Sam] So this is let the victim go and save the campaign because the tools on the ground could actually stop it. But we do know they have more sophisticated tools and touching on something both of you have said, I’d put this question up to either of you, are they a cyber superpower? Does even such a thing exist in your opinion?
[Lior] So I think that we saw Russia executing in the past sophisticated cyber attack, SolarWinds, as we mentioned earlier, it was super, super sophisticated – a supply chain attack. This is not something that if you don’t have capability of cyber, you cannot execute basically. I think that the question that we have to answer here is was it just a pinpoint, a single effort attack, SolarWinds or the election, or this is something that the Russian can execute in a very methodical way and just to push the button when they want. Right now we saw that when they’re pushing the button, specifically, for example, when they wanted to take down the cellular network in the Ukraine, they failed to do that. So right now there is a gap between one hand, very sophisticated type of attack that we’re seeing and to the other hand, that when they actually need those types of attack to give them the upper hand in a warfare, they fail to use them. So this gap, this is something that it’s very, very hard to explain right now. And if I need to guess, this is kind of a fail of execution, as we saw, by the way, in the real attack that they failed to execute when it’s come to operational, when it’s come to supply food and fuel to their teams on the ground. And I believe that the same kind of type of problem we see kind of affect the cyber ram.
[Yonatan] I think the answer is a clear yes. Russia is a cyber superpower, just in the Ukraine itself as an arena. We’ve seen the Russians take down the power in 2015, 2016. We’ve seen the attack NotPetya disrupting the economy and spilling over globally. We’ve seen, you know, just recently the wipers trying to attack there, successfully taking down Viasat and then Ukraine telecom a couple of hours. But it doesn’t appear to be a strategic tool in their arsenal right now. And I agree with Lior. I think it’s a failure to execute and a failure to plan on how to better integrate this tool with an overall kinetic warfare, which causes them, again, there’s a time horizon question.
How fast do you convert an intention to an execution if you had not planned ahead in time for it? I believe it’s not an issue of capability, it’s an issue of decision on what is the better way to leverage and combine these two toolsets together. But another thing we should look at, from a cyber perspective, Russia has been the go-to perpetrator, the one you actually defend against, the go-to attack simulation. MITRE attack just recently, just yesterday, published the last evaluation round where the reference threat was, on top of criminals, a nation-state-backed GRU unit going after infrastructure. And that’s been the third time we’re using Russian operators’ attack as a simulator and the reference attacker which we are protecting against.
So on the defender side, all of us, and there’s a reason why Cybereason came as the top contender of MITRE, the MITRE evaluation, is because we’re using the Russian capabilities as the reference for which we measure ourselves and protect against. So definitely on the defensive side, we’ve also massively increased our capabilities to fight and stop the Russian activists right now, which might also explain why it’s not being utilized to the full effect right now in the Ukraine.
[Lior] If you take what Yonatan just said about kind of the gap between intention to the time that you can execute, in cyber, and this is something that most people don’t know, you cannot just push the button. Basically if you didn’t plan in advance and you didn’t create kind of the right tooling in advance and penetrate, install them in a dormant way, you cannot just push the button. And it looks like Russia did not plan in advance to take down the Ukraine because if they did and they had like a year or two in advance, you would expect that they have the red button, that they can just push and take down the satellite communication, they can push and take down the cellular network, and so on and so forth. And right now it’s not look like they have those buttons that they can push and execute. So now the time between planning and wanting to do something to actually do it in cyber, it’s not immediately, it never was immediate. At least it’s take a few months to plan until you can actually execute this type of attacks.
[Sam] So we’ve got two different approaches here. The US is doing open source intelligence and it would appear to be anything but in Russia. So these two poles are treating things very differently. In the middle, the Ukraine has seemed to have a masterful command of social media. We’ve talked about critical infrastructure, we’ve talked about attacks on systems. To what degree is the propaganda war being won or lost? And what is Russia’s capability in that, do you think?
[Yonatan] From a Western perspective, we’re clearly feeling that the Ukraine is winning. The Ukrainian narrative rules the dome completely and the streets here in the States, but also throughout most of the Western world. If you, in contrast, discuss the views and opinions of Russian population on the ground, the majority of them are still convinced of the government’s legitimate behavior. However, it’s a very, very complex conflict. Definitely here in the West, it seems that the Ukraine world view is controlling. Again, it has a very natural bias.
We’ve been thinking of Russia and the Russian expansion is a threat for many years. It has subsided since the fall of the Soviet Union, but never quite completely disappeared. But it wasn’t too many years ago when Mitt Romney said the enemy of reference is Russia and people have called them obsolete and irrelevant and stuck in the past, which is clearly these days no longer the case as we’re seeing on the ground. So there’s definitely an evolution here. As Lior said earlier, in the past multiple years, we’re seeing a lot of success of Russian propaganda influencing, influence campaign, both here in the States and across Europe has been successful in changing election results or influencing election results, have been successful in controlling the narrative, have been successful in sowing more dissent across Western countries.
So Russia does have capabilities across this, but I think it goes back to the question of what they thought would happen. What would be the role of information warfare. Once again, the time horizons here matter dramatically. Maybe things cannot be pushed so aggressively as they already become obvious. So we have seen some attempts in the form of deep fakes and using those things. There’s definitely information warfare happening, but by and large, the Ukrainian machine is working much better or succeeding much better in the Western world than the Russian one. If you think about it, then it’s, again, super fascinating to look at it. Russia have for sure the capability to do and conduct information warfare. Election 2016, election 2020, they were dominating basically every social media and execute in a way that actually influenced the minds of many, many people around the world.
So the question is, is Russia had this capability? The answer is absolutely yes. But it’s looked like that if they are not planning in advance, they cannot just go on a guerrilla information warfare. And this is something that I’m giving a lot of respect to the Ukraine and specifically the prime minister there – Zelensky – that they understand immediately when this warfare started that have to do a guerrilla information warfare and basically leveraging and using everything that they have. So they didn’t probably plan in advance. It was a surprise for them. But once the situation started, instead of planning and starting trying to execute in a very methodical way, they started basically to use every tool and every power that they have. Basically, they use a basic, think about it, a mobile phone, and the president, he got kind of a picture of himself and starting to distribute massive information through every social media and every capability that he has in order to speak with his people, with the world and with everybody. So this is fascinating to see that Russia could not just execute the guerrilla information warfare. And it’s looked like that if they didn’t plan in advance to actually do it, they failed to execute in a very fast manner. And I think that this is something that it’s very important to understand because this has gave the Ukraine the ability to control the narrative in a very fast way. And you know, maybe there is a new term here, guerrilla information warfare, that we can borrow from the real type of warfare that’s happening.
[Sam] It’s almost cyber citizen soldiers as well, this guerrilla warfare. Controlling that narrative led to hacktivism. It led to Anonymous and Squad 303 doing things like robo dialing and actually getting people to call. Do you think that mobilizing the neutrals and the citizen soldiers, getting the guerrilla information warfare going at grassroots, is that a big factor here in the lesson learned for Russia and the world?
[Lior] I think that it contributes massively to the way that people think. And I think that we should not… Information warfare, this is probably kind of an influence campaign. This is probably the new frontier year when it’s come to cyber because you control eventually or you direct what people will do. And I think that what Zelensky managed to do, he managed to convince the Western world while he’s not part of NATO, while he’s not part of the union between the Western countries. And basically they said almost no to him to be part of it, but they send him weapon, money. He managed to recruit many people to support them in the cyber world, in the physical world. So I think that we have to take very, very seriously when it’s come to information warfare and the power that it has. Sometimes it looks like that it’s less than a regular cyber because there is not an attack that it’s specific attack, but the long-term effect of information warfare, this is something that it’s helping the Ukraine war right now as we speak by shaping basically the minds of what people think about it in the Western world in general.
[Sam] As you’ve been speaking, Lior, I realized this kind of influence and narrative control would have been impossible 30 years ago or even 20 years ago. It’s a very different kind. We talk at Cybereason about reversing the hacker advantage, but honestly, it looks like cyber may have reversed the kinetic fight advantage to some extent here. Lior and Yonatan, I’m going to ask each of you one last question as we approach the end of our time. And it’s an open one. I’ll start with you, Yonatan. Any final thoughts about this conflict that’s gone on longer than I think anybody East or West private sector or government had thought it would? Any thoughts on the future direction of the conflict and what you think some of the changes in strategies might look like?
[Yonatan] I think even the question itself started with one of the biggest issues of failing to understand and failing to plan. Maybe part of the reason why cyber did not take a more massive part here. It seems apparent that the Russians believe this will be a very, very quick war. And therefore, because of the time horizon for information warfare and cyber attacks to make an impact is longer, they did not plan on this becoming a strategic component of this. With that failing to plan, the failure to execute is kind of a corollary of the situation. So there’s definitely here a dramatic shift on the ground from what the Russians appear to have thought would happen versus what actually happens.
Now, no doubt Russia is and remains a superpower. It seems that right now a lot of the information warfare capabilities are directed inside. The amount of censorship happening right now and information control within Russia to control the population thinking of the war and garner support internally is dramatic. The data that the average Russian citizen is exposed to right now is dramatically and vastly skewed by the government’s control. And here in the West, on the other hand, we are bombarded, and in a very effective manner, with messaging supporting the Ukrainians out of the conflict. Again, it’s an easier sell to many degrees. But that massive amount of support is what also pushes the political layer to go and be willing to expand more, to invest more in this conflict. So we’re definitely seeing how information warfare, even ahead of time, can be a vastly useful tool in order to impact the war afterwards, which was not used necessarily in this case. So it’s going to be a fascinating learning period as a result of this conflict.
[Sam] Lior, any thoughts from you on this?
[Lior] Yeah, I think that what we see, we see something that, from my point of view, is super fascinating as technology evolve, and right now technology has evolved very, very fast, the use of technology and the ability to use this technology to your advantage, this is something that was not exist in the past. In the past, the wars were defined by how many planes, tanks and soldiers you have. And that’s it, basically. And it was almost a matter of size and strength and planning and executing. What you see right now that the Ukraine and in Ukraine is happening is that you can leverage new technologies and you can use them very, very fast if you’re nimble. And even if you didn’t plan in advance, you can use it to your advantage and you can change many things that’s happening. One example that we gave is the guerrilla information warfare. But there is many technologies that the Ukraine right now is using in order basically to take down Russia. One of the examples is to find out where is those generals and to take them down using cellular network. And this is something that we saw in the past few days. And it’s fascinating to see how technology influence cyber. If you know how to use it fast, you can win wars. It’s very early to determine what will be the end of this conflict, and it’s very sad right now. But I believe that if we look at the future, cyber and information will take a significant and growing basically portion of this type of conflict that we’ll see in the future. So prior to this conflict, there was a debate even whether cyber war existed.
[Sam] And coming into this discussion, I thought the main topic of conversation would be when will the other cyber shoe fall? Instead, what I’m hearing from both of you and my takeaway, and I believe the audience will have heard this too, is cyber has had an unexpected and dramatic influence on geopolitical conflict. We’re at the end of our time. I do want to thank you both for your insight. And I found it very enlightening. Lior, thank you. Yonatan, thank you. And for our audience, that’s a wrap for today’s session. And thank you again from the whole Cybereason team for attending today’s session and enjoy the rest of your week.
[Yonatan] Thank you very much for having us, Sam.
[Lior] Thank you, Sam.
[Sam] Thank you, guys.