WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
The two-month mark of the Russia and Ukraine war has passed, with Russia almost certainly having failed to meet its initial strategic goals. While Russian commentators may try to paint the ongoing conflict in a favorable light, Russian President Putin’s ‘special military operation’ was almost certainly intended to produce a lightning offensive, enabling the Russian military to knock out Ukraine’s government and install a puppet regime within a matter of weeks. Russia clearly underestimated the capability and resolve of the Ukrainian military and population, with the ongoing war resulting in catastrophic losses for the Russian military. With the Russian military withdrawing from the wider Kyiv region and consolidating its forces for a renewed offensive in the east, we explore the big factors that have led to Russian failure and what might happen next.
Two months into the conflict and it’s hard to imagine how Russian military planners could have conducted a worse operation. The scale of current losses for Russia has been estimated by the UK’s defense secretary to be around 15,000, while the Ukrainian figures suggest as many as 21,000 may have been killed in action. Whatever the real figure, the scales of losses are truly staggering. To put into context, the Russian military lost approximately 15,000 personnel during a 10-year conflict in Afghanistan in the 1980s, and approximately 7000 during the second Chechen war. Bottom line upfront; it’s unlikely that the Russian military can carry on with the same operational tempo if these rates of attrition continue.
Before the conflict even began, a distinct lack of clearly defined goals have led to a confused, and in many ways, handbraked invasion. Russian President Vladimir Putin’s justification for the conflict was reportedly to demilitarize and ‘denazify’ Ukraine, a claim as implausible as it is unachievable. What does a victory look like under these circumstances? Military planners need clearly defined goals and achievable ways to accomplish them. It’s likely that before the invasion began, the main effort to achieve these vague objectives would be to topple Ukraine’s President Volodymyr Zelensky’s government and install one favorable to Russia. The solitary method of achieving this goal—which appears to have been a mad dash to Kyiv—has fallen well short of the mark. Russia’s initial movements in the conflict appear to have attempted to bypass much of the worst fighting, avoid the worst of the west’s sanctions, and bring the conflict to a close as quickly as possible. Of course, this effort has completely failed, and Russia has instead fallen into exactly what they hoped to avoid, a long and bloody war of attrition.
This appears to have been influenced by many intelligence mistakes that failed to identify the level of resistance the Russian forces would face within Ukraine, and the response of the international community. We’ve previously reported on the necessity for priority intelligence requirements (PIRs) to plan for this conflict. It appears Russia’s military planners dramatically failed in this stage and their assessment of how the conflict would play out.
Renowned U.S. Army Gen. John Pershing once said, “Infantry win battles, logistics wins wars.” This has been identified as one of the core reasons for the Russian failure in Ukraine, with the Russian logistical supply chain being completely unprepared for a lengthy conflict. This was best demonstrated by the 40km convoy of armored vehicles stalling outside Kyiv, which made easy targets for the significant numbers of Ukrainian anti-armor weapons, in addition to the Bayraktar unmanned combat aerial vehicle (UCAV), which has been deployed to great effect during the conflict.
There are many reasons for these logistical issues. From a doctrinal perspective, the Russian military is known to use the push-based perspective towards its logistical supply chains, i.e. where forces are resupplied on a predictable basis, as determined by leadership and ahead of time. This differs from the pull-based logistics system used by most western militaries, where fighting forces are resupplied as needed and can adapt to real-time conditions. Ultimately, by assuming the war would be over in a matter of weeks, the Russian military simply cannot cope with the additional munitions needed to fight a prolonged conflict. This is where intelligence failures ultimately lead to logistical and other problems later down the line.
Another major factor in the current logistical problems is the overreliance on rail networks for supply; which is a hangover from the Cold War era. Ukraine forces have routinely sabotaged rail tracks leading from Russia to Ukraine, forcing Russia to change from a rail to a truck-based supply chain. Again, these soft targets made easy prey for Ukrainian forces working behind an increasingly isolated supply chain. Without fuel and munitions, an army simply cannot fight. I’m sure you’ve seen several of the videos circulating online of Ukrainian farmers requisitioning abandoned Russian armored units. Many of these multi-million dollar assets are being abandoned largely because of something as simple as a lack of fuel.
One of the major advantages of NATO and many western militaries is the capability to conduct operations at any point of the globe; this has been demonstrated repeatedly in recent years, from the second Gulf war, Afghanistan, Syria, and Libya. Many of the logistical weak points of the Soviet military have been laid bare, with the Russian military seemingly unable to supply its forces mere miles from its own border.
Another surprising development during the conflict has been a visible absence of offensive cyber used throughout the conflict. This has caught many within our industry by surprise, with the common sentiment perhaps being that Russia would bring the full force of its offensive cyber capabilities down onto Ukraine. There has been reporting of destructive malware used within the conflict, however at a far more restrained level than expected. There are several reasons we can provide for this.
As mentioned above, Russia attempted in the early days of the conflict to produce a quick win, with the Russian advances aimed at bypassing the majority of the hard fighting and producing a knockout blow against the Ukrainian government. By doing so, Russia could potentially have avoided a long and bloody conflict, and avoided the worst of the inevitable sanctions. This restrained approach may influenced Russia’s use of cyberattacks during the conflict. Nation-state aligned attacks against critical national infrastructure may have been seen as an unnecessarily harmful tactic in a country that they were supposedly liberating, and would inevitably have to pick up the pieces and govern; even through a puppet regime. It’s also possible that the Russian state simply has bigger issues at hand. We’ve already mentioned the intelligence and logistical problem, but problems with communications, establishing air superiority, and the impact of sanctions, are likely higher on the priority list for Russian military planners at this time.
We previously reported on the cybercriminal reaction to the Ukraine conflict. Overall, while some groups like Conti and CoomingProject have expressed their support for the Russian war effort, most groups have taken a neutral stance or otherwise decided to stay clear of aligning themselves with either side. It’s likely that these cybercriminal groups are fearful of sticking their head too far above the parapet, with the eyes of the world firmly on what’s happening on the ground in Ukraine; any cybercriminal attacks against Ukrainian organizations could be viewed under an even less favorable light given
what is happening right now. It’s also debatable whether attacking Ukrainian organizations would even result in a payment of a ransom. Why would an organization pay under such difficult circumstances, and what would the optics look like for any Ukrainian organization paying extortion groups, who are largely run by Russian cybercriminals? Ransomware groups may have determined that steering clear of the organizations involved in the conflict zone is in their best interest.
One factor that we in the security community perhaps haven’t considered, is that the use of offensive cyber warfare may in fact have a lesser role than we give credit for. During peacetime, using offensive cyber attacks allows Russia to pursue the art of brinkmanship, potentially by committing to significant cyberattacks yet stopping before they result in a physical escalation. During a conventional war, the use of such attacks are likely prioritized as a secondary effort; it’s hard to get excited about the success of a DDoS attack when troops on the ground are failing to be resupplied in a sufficient manner and suffering heavy losses. The war between Russia and Ukraine represents the first armed conflict between two developed nations in many years. Exactly how this has played out has taken many by surprise, including those in the security community. It’s possible that analysts may simply have overestimated the value of cyberattacks during a ground war.
With the Russian main effort toward Kyiv abandoned, a dramatic pivot in objectives for the Russian military is likely. Social and economic pressure on Russia continues to build with every day that the war continues, and there needs to be a realistic ‘win’ that President Putin can present as a justification to end the conflict. This is likely to come in the form of a recalculation of Russia’s initial objectives, in focussing on the Donbas region, home to the separatist regions of Luhansk and Donetsk. This may also include further incursions to control the south of Ukraine, permitting a land border with Crimea and potentially even the breakaway region of Transnistria; Transnistria is a breakaway state that has declared allegiance with Russia however is internationally recognized as part of Moldova. Of course, any incursions into Moldova would be a significant escalation in the war, and while these objectives have been outlined by the Russian Ministry of Defence, it’s unclear if Russia has the capacity to conduct such an operation.
From a cyber perspective, it’s realistically possible that nation-state associated cyber attacks will escalate as the conflict continues. Recent reporting has highlighted a renewed attempt to use the “Industroyer” malware, which previously had been used to great effect in disabling power across Kyiv in 2016. Targeting critical national infrastructure might become more common as a medium for producing pressure on the Ukrainian government. It should be stated that advanced cyber operations are by nature difficult to detect; it is realistically possible that such preparation for such activity is taking place right now, however will not become clear until the following months. We’ve previously reported on hacktivism, which is likely to continue its revival as the conflict continues. From a cybercriminal perspective, while at present it appears that the majority of ransomware activity is staying well clear of the conflict, that could change quickly.
The conflict is a highly dynamic environment and subject to rapid changes. It’s difficult to predict exactly what will happen next, so staying on top of current events and threats is as important now as ever. Digital Shadows (now ReliaQuest) has been closely monitoring cyber threats associated with the Russia/Ukraine conflict. For more Digital Shadows (now ReliaQuest) intelligence on events in Ukraine and Russia, please visit: https://resources.digitalshadows.com/russian-news-and-updates.