EU's Cyber Rapid Response Team on Standby for UkraineLithuania Offers Cyber Support to Ukraine Following Attacks
After the defacement of multiple Ukrainian government websites last week and subsequent deployment of destructive malware against Ukraine over the weekend, Lithuanian officials have offered to deploy the EU's Cyber Rapid Response Team to help Ukraine deal with cyberattacks.
On Monday, Lithuanian Vice Minister of National Defense Margiris Abukevičius and Ukrainian Deputy Minister of Defense on Digital Development, Digital Transformation and Digitalization Oleh Haiduk discussed the possibility of activating the Cyber Rapid Response Team, according to the Ministry of National Defense of the Republic of Lithuania.
"It is important for us to show solidarity with Ukraine and provide support to it, and the use of a cyber-fast team if necessary is one of the goals of this Lithuanian-led international project," Abukevičius says.
LT Viceminister @AbukeviciusM:— Lithuanian MOD (@Lithuanian_MoD) January 17, 2022
It is important to demonstrate solidarity & support to our partners in UA as they are facing cyber attacks. The deployment of a cyber rapid response team when its needed is one of the objectives that this Lithuanian-led international project has.
Like Ukraine, Lithuania is a former member of the Soviet Union, and earlier this month it issued a statement with Latvia and Estonia, rejecting Russian attempts to "establish spheres of influence in Europe and deny sovereign countries' right to determine their own future."
The defacement of Ukrainian government websites occurred Thursday night and Friday morning - local time in Ukraine - as approximately 100,000 Russian troops remained massed on the country's border.
On Saturday, Microsoft reported that it had found multiple attempts to infect Ukrainian government sites with a type of destructive malware it had never seen before, and that the first attack attempts appear to have begun Thursday (see: Destructive Malware Discovered Targeting Ukrainian Systems).
Joint Cyber Unit
In June 2021, the European Commission proposed creating a Joint Cyber Unit to help EU member states respond to and prevent cyberattacks, especially those involving ransomware.
Under this proposal, the EU created a rapid response team to mitigate threats from hackers and establish national and cross-border monitoring and detection capabilities. The new unit also works with member nations' law enforcement and cyber agencies, security firms, diplomats and military services to coordinate cybersecurity operations and threat intelligence sharing (see: EU Proposes Joint Cybersecurity Unit).
Stefano De Blasi, cyberthreat intelligence analyst at digital risk protection solutions provider firm Digital Shadows, says that a deployment of the EU Cyber Rapid Response Team can be viewed as an attempt to enhance European cyber resilience against malicious activity from Russian-associated threat actors.
"Most countries belonging to the CRRT have likely dealt with Russian cyberattacks in the past and have become key players in the cybersphere out of necessity. In addition to the Lithuanian official’s statements, it is likely that informal multilateral agreements of cooperation with Kyiv have already been put in place to support Ukraine at such a delicate moment. If the CRRTs were to be actively involved in this hybrid conflict, it will likely focus on detecting and mitigating cyberthreats against Ukrainian organizations and, at the same time, assist in providing attribution to potential attackers," De Blasi says.
The EU's high-alert Cyber Rapid Reaction Team is led by Lithuania and includes cybersecurity experts from Poland, the Netherlands, Romania, Croatia and Estonia. If called upon, it will be ready to tackle a major cyber crisis, according to the Lithuanian defense ministry.
"The team can be used, among other tasks, during a major cyber crisis or, if necessary, to strengthen the defense of the EU institutions. Lithuania has taken the initiative to create a truly functioning multilateral force, which has been established in a short time and has been successfully on standby for several years," the ministry says.
Yana Blachman, threat intelligence specialist at cybersecurity firm Venafi, says working as a joint cyber unit is a very beneficial way to deal with cyberattacks, as it allows targeted countries to share threat intelligence and information about attacks, which could include incident response and forensic artifacts.
"Threat intel sharing and security collaboration are the best methods to increase defense controls and prepare for an attack. Instead of standing alone in cyber warfare, it increases the resilience of each individual country. The involvement of the EU cyber response team might indicate an escalation in the attacks and raise real concerns about the way things will turn out," Blachman tells Information Security Media Group.
Abukevičius and Haiduk also discussed the possibility of strengthening cooperation through the Regional Cyber Security Center that started operating in the Lithuanian city of Kaunas last summer. They say that cybersecurity specialists from Lithuania, the U.S., Georgia and Ukraine are working to ensure the capability of the region's critical infrastructure cybersecurity.
"Since the Russian military aggression in 2014 [in Ukraine], Lithuania actively supports Ukraine's independence and territorial integrity, supporting Ukraine in all legally permitted forms, including military support, military training and education, participation in joint exercises, treatment and rehabilitation of wounded soldiers," the Lithuanian defense ministry says.
Blachman says that although no officials have directly blamed Russia for the attacks, they align with the country's general strategy and the EU's response.
"As previous experience shows, this might become much more dangerous and have more damaging results than initially thought. It is a good start to have a strong united defense prior to escalation," Blachman says.
John Bambenek, principal threat hunter at digital IT and security operations company Netenrich, says cyberattacks coinciding with heightened geopolitical tensions involving the Russian Federation are typical and since the attacks against Estonia in 2007, defenders have struggled to contain and respond to such attacks.
"This move by Lithuania has both positives and negatives," Bambenek says. He states that trained individuals could help deal with the problem, but Ukraine’s relationship with the West undergirds the current conflict and "more EU involvement could increase the level of tension."
De Blasi says that the events in Ukraine in recent weeks have confirmed how cyberattacks have become an integral part of hybrid warfare and have significantly expanded the attack surface in which geopolitical confrontations are conducted.
He says that cooperation at a national and regional level is necessary to mitigate these threats by strengthening security posture and providing more effective defenses.
Jon Andrews, vice president, EMEA at Gurucul, says the cooperative action shows that countries are seeing what Russia is doing - using Ukraine as a sandbox environment to test cyberattack capabilities - and the longer this goes unchecked, the more likely it is that Russia's capabilities will grow.