Information has always been a major asset. Since ancient times, there have been espionage, sabotage, and infiltration in order to gain this valuable asset. In the modern era, technology has completely changed how this information is exchanged between parties, and because of this, all governments should be concerned with how to best secure their information. 

Cybersecurity has now become a crucial factor in winning or losing a conflict, and even whether or not that conflict starts in the first place. Current examples involving state-sponsored organizations are a good reminder that they can steal information from key public service providers and even spy on an organization’s system, often remaining undetected for years.

So how is cybersecurity related to the current conflict in Ukraine?

The Current Conflict

Even if there’s a clear battlefield for this conflict, there’s another that shouldn’t be taken for granted: cyberspace. In the last few days, there has been an increase in the number of cyberattacks coming from NATO members, Russia and China. Not only have Russian and Ukrainian media and key infrastructure been impaired by these attacks, but there have also been serious decisions made around the world regarding the use of certain technologies coming from those countries, as well as other decisions regarding cybersecurity. 

For example, President Biden signed into law what has been labeled as the most drastic set of cybersecurity requirements that the U.S. government has ever placed on the private sector. They require critical industry sectors to report to the Cybersecurity and Infrastructure Security Agency (CISA) within three days of being hacked.

This shouldn’t be surprising after the distributed denial of service (DDoS) and ransomware attacks against Ukrainian banks and defense websites since early February, reported to be launched by Russian-associated organizations. Russian cyber-capabilities (or cyber-capabilities of any country) should not be underestimated. 

Malware as a Weapon

Wars have always had weapons, but what those weapons look like has changed drastically. In Ukraine, different kinds of ransomware have recently been deployed and discovered. The goal of these attacks is to distract and interrupt regular availability of critical services.

For example, a wiper malware, dubbed WhisperGate, was placed on January 30 and was designed to look like genuine ransomware. In reality, it was destroying the host data automatically. This malware was found on the Ukrainian Foreign Ministry and the networks used by the Ukrainian cabinet. This specific attack bears similarities to the NotPetya wiper that hit Ukraine and many other organizations in 2017.

In another example, on February 23, cybersecurity companies detected a set of wiper attacks which were dubbed HermeticWiper. This malware shows similarities with previous campaigns launched by Sandworm, a Russian-backed hacker group.

Role of the Hacker Community

While hackers are often viewed as solo-artists, they also work very effectively as a community when needed.  Surprisingly, even whitehat and blackhat hackers (ethical hackers and malicious hackers) join forces occasionally to fight against a common enemy. These fighters are sometimes referred to as Hacktivists. 

In the current conflict, not only have state-based collectives of hackers been involved, but also volunteers coming from different parts of the world. They have come together in full force with a mix of offensive hacks aimed at Russian censorship and key media organizations.

The most well-known of these groups, Anonymous, has recently claimed responsibility for disabling websites that censor Russian media. To confirm this claim, recent research showed that of 100 Russian databases that were analyzed, 92 had been compromised. So while individual hackers may stay in the shadows, their community presence in Russia right now is certainly being seen. 

What can businesses do?

At Red Sentry, the mission of our blogs is to educate you on some of the dangers in the world, because in cybersecurity, ignorance is NOT bliss. However, we know it is easy to get overwhelmed by all of the potential threats out there and how to prevent them. 

Here are some actions that can help your company continue to run smoothly, despite everything happening globally:

• Create a continuity plan to assure business availability in case of a DDoS or Ransomware attack. 
• Check out your supply chain- how many steps is your data taking before landing on your own IT?
• Be aware of current vectors of attack. Are companies in your industry more likely to be victims of a ransomware or phishing attack?
• Increase your organization’s security awareness and prepare your employees. 
• Enhance security measures to get into your systems, like implementing multi-factor authentication (MFA) or hardening password requirements. 
• Invest in cybersecurity. Red Sentry offers tools and resources to monitor your entire cyber environment. 

Are you SOC 2 Compliant? Check if you need a Pentest or Vulnerability Scanning.

‍