Latest news: Cybersecurity in defence

Romania’s decision to donate a Patriot air defence system to Ukraine’s war effort was met with a deluge in Russian-affiliated hacks, cybersecurity experts say. 

Romanian defence officials initially debated transferring a Patriot to Ukraine at the start of June 2024, prompting 352 direct-path attacks on Romanian government websites in a single day (2 June), according to new findings by NetScout’s ASERT Threat Intelligence Team.

Cyberattacks have predominantly targeted the websites of the Romanian President, Parliament, Ministry of Justice and Border Guard.

Banking, telecommunications and transport infrastructure were also hit following President Klaus Iohannis’ decision to send a full Patriot system to Ukraine on 20 June.

The report, released on 16 July, also reveals the Cyber Army of Russia targeted the Port of Constanta after Romanian officials refused to grant visas to Russian and Belarussian delegations for the Parliamentary Assembly of the Organisation for Security and Cooperation in Europe in Bucharest.

Other cybergangs have claimed credit for the spike in attacks on Romania, including CyberDragon and NoName057.

Do Russian cyberattacks concern Ukraine’s other backers?

The pro-Russian cyberattacks are primarily intended to deter arms shipments to Ukraine by Nato allies.

“Romanian donations have been pretty generous,” says Wilson Jones, defence analyst at GlobalData. “Aside from a full Patriot system, Bucharest has sent old Patriot batteries which are hugely important Ukrainian air defences.”

Spanish Prime Minister Pedro Sánchez will certainly have taken stock of the retribution dished out to Romania.

On 15 July, Madrid promised to send ten Leopard 2A4 tanks to Ukraine as part of a wider military support package, amid scrutiny over Spain’s defence spending and Nato contributions during the alliance’s Washington summit last week.

So far, Russian-affiliated cybergangs are yet to turn their sites on Spain, according to Chris Conrad, principal security analyst at NetScout.

“We haven’t observed any significant increase in DDoS attacks targeting Spain in the last 48 hours,” Conrad told Army Technology at the time.

Jones believes that “Spain is probably at higher risk” but added that “any western state opposing Russia is going to face this challenge”.

The cycle of arms donations to Ukraine and retributory Russian cyberattacks is expected to continue alongside Moscow’s advances into Ukrainian territory.

AI-led attacks mean that the cybersecurity sector is in for “a bumpy ride for the next two to three years”, according to GlobalData’s new cybersecurity report.

The report states that the cybersecurity market is set to be worth $290bn by 2027 but highlights that concerns around AI’s potential – both for cybersecurity and cybercrime – are significantly impacting the market. Businesses looking to adapt to new threats have faced an additional challenge: the talent shortage.

The report also notes that in 2024, cyber investments will comprise 14% of total IT, operational technology and automation budgets, up from 11% in 2023.

AI in particular is causing increasing anxiety around cybersecurity, offering a tool by which cybercriminals can improve phishing emails, and quickly send out thousands of carefully targeted messages to a higher number of potential victims.

“Organisations have had to learn how to cope with cyberattacks that deliberately target enterprise technology, such as networks, cloud storage, and endpoint devices,” according to the report.

“Now, they must respond to AI attacks that can adapt to a specific environment, seek out its weaknesses, and exploit them. One possibility is that cybercriminals will seek to create and deploy large language models (LLM) trained on existing malware code,” notes the report.

However, there is also the potential for AI to have a positive impact on businesses, by identifying signals of an incoming cyberattack. The report notes the example of IBM, which reported that organisations using AI and automation in their cybersecurity arsenal were able to contain a breach in 214 days, 108 days shorter than organisations which did not.

Who’s got talent? 

The cybersecurity sector has another pain point which is causing problems: a talent shortage. The International Information System Security Certification Consortium (ISC2) reported, in October 2023, that the workforce gap had reached four million, a 9% increase from 2022.

The Information Systems Audit and Control Association (ISACA) shared research in October 2023 that revealed 59% of cybersecurity teams were understaffed.

GlobalData’s report predicts consistently increasing demand for cybersecurity talent, noting that, as almost all businesses are now dependent on technology, securing systems against potential threats is now “a relentless task”.

As businesses across all sectors look to adapt to an AI-led security environment, there will be a shift in the roles of cybersecurity professionals.

In February 2024, an ISC2 report revealed that 88% of cybersecurity professionals expect AI will impact their jobs, but 82% believed that AI would make their jobs more efficient, whilst 56% believed it would free up time by taking over menial tasks. 

At the start of 2024, the Defence Intelligence of Ukraine (DIU) dealt a blow to Russia’s technological infrastructure.

In January, IPL Consulting was the target of a cyber offensive by the DIU, a company responsible for implementing information systems crucial to various sectors, including aviation, heavy engineering, and defence.

The DIU specialists executed a meticulous infiltration, breaching IPL Consulting’s internal network and executing an attack. The aftermath witnessed the obliteration of IPL’s entire IT infrastructure, comprising over 60 terabytes of data, numerous servers, and databases.

The Russia-Ukraine war is the first large-scale conflict in which cyber warfare was expected to play a significant role, according to GlobalData's “Thematic Research: Cybersecurity in Defense (2022)” report.

Concentrated attacks such as this against Russian industry have demonstrated the vulnerabilities of Russian cyber infrastructure and will spur investments in strengthening and further isolating its cyber infrastructure against further attacks, according to GlobalData’s intelligence on the Russian defence market.

Cyber a contested domain 

At the beginning of 2024, the State Security Service of Ukraine also successfully repelled a series of Russian cyber-attacks on the national mobile operator Kyivstar.

The Netherlands also in 2024 pledged €10m ($10.9m) to Ukraine to enhance cybersecurity defences. The cybersecurity allocation aims to fortify online infrastructure targeted by hacking attempts since the Russian invasion of Ukraine in February 2022.