7 emerging hybrid warfare trends from Russia’s cyber war
Russia continues using both cyber and influence operations to try to weaken Kyiv’s resolve and diminish support for Ukraine across Europe. Across the continent, Russia-affiliated influence actors have leveraged pro-Russia political figures and parties and promoted localized protests to exacerbate local divisions over the war.
Russian cyber and influence actors leverage cyber activity, use propaganda to promote Kremlin-aligned narratives within target audiences, and aim to stoke divisions within European populations. Russia’s influence playbook is multi-vectored and includes seven key tactics that merge cyber and information operations:
- Intensifying computer network operations (CNO): Russia’s CNO activity, which comprises destructive and espionage-focused operations that at times support influence aims, are likely to intensify. Efforts are likely to focus on the diplomatic and military related organizations in NATO member states, Ukraine’s neighbors, and against private-sector firms directly or indirectly involved in Ukraine’s military supply chain.
- Weaponizing pacificism: This tactic involves amplifying popular domestic discontent about war costs and stoking fears about World War III across European nations.
- Mobilizing nationalism: Conversely, Russian influence actors also promote narratives of right-wing populism that allege support for Ukraine benefits the political elite and harms the interests of local populations.
- Exploiting divisions: Russia remains committed to influence operations that pit NATO member states against one another. Hungary has been a frequent target of such efforts, as have Poland and Germany.
- Demonizing refugees: This tactic undermines solidarity with Ukraine by playing upon complex historical, ethnic, and cultural grievances.
- Targeting diaspora communities: Using forgeries and other inauthentic or manipulated material, Russian influence actors have broadly promoted the narrative that European governments cannot be trusted, and that Ukrainians will be forcibly extradited to fight in the war.
- Increasing hacktivist operations: Microsoft and others have observed purported hacktivist groups conducting or claiming to have conducted DDoS attacks, or document theft against perceived adversaries to project Russian power online. Some of these groups are linked to cyber threat actors like Seashell Blizzard and Cadet Blizzard.
Microsoft Threat Intelligence expects to see increased attention in regions of strategic importance to Moscow: the Balkans, Latin America, Africa, and within Russia itself. Continued efforts to undermine Ukraine’s alliances with NATO countries are also expected.
Recommendations to help strengthen your network security
Patch zero-day vulnerabilities immediately
Always patch zero-day vulnerabilities as soon as they are released. Don’t wait for the patch management cycle to deploy.
Inventory and audit all assets and identities.
Document and inventory all enterprise hardware and software assets to determine risk and to when to act on patches.
Audit remote access status
Remove access for any partner relationships that do not look familiar or have not yet been audited.
You can also do this by enabling logging and reviewing all authentication activity for remote access infrastructure and virtual private networks or VPNs, with a focus on accounts configured with single two-factor authentication to confirm authenticity and investigate anomalous activity.
Enable cloud protection
Enable cloud protection to provide identification and mitigation of known and novel threats to your network at scale.
Protect and defend high-value targets
Identify and protect your potential high-value data targets, at-risk technologies, information, and business operations which might align with the strategic priorities of nation state groups.
Harden internet-facing assets
Harden internet-facing assets and understand your perimeter
Enable multifactor authentication (MFA)
With MFA enabled, you can prevent 99.9% of attacks on your accounts. Enable MFA for all accounts (including service accounts) and ensure MFA is enforced for all remote connectivity.
Use passwordless solutions
Weak passwords are the entry point for most attacks across enterprise and consumer accounts. Passwordless sign-in methods like the Microsoft Authenticator App, physical security keys, and biometrics are more secure than traditional passwords, which can be stolen, hacked, or guessed.
Use conditional access
Try to reduce exposure to phishing attempts by enabling conditional access features for highly privileged accounts and impersonation and spoofing detection features.
Secure the supply chain
Secure your software and services supply chain review and audit upstream and downstream service provider relationships and delegated privilege accesses to minimize unnecessary provision permissions.