ROLE OF CYBER IN RUSSIA
Russian cyberattacks and invasion of Ukraine have led governments on both sides of the Atlantic to worry that the situation could spread to other countries, triggering an all-out cyberwar. The government of Ukraine and its banking system have recently been targeted with cyberattacks attributed to Russia.
Two weeks before, cybersecurity firm ESET announced it had found new “wiper” malware targeting Ukrainian organizations.
A distributed denial of service (DDoS) attack knocked down the websites of several Ukrainian government departments and banks a day earlier. This occurs when hackers overload a website with traffic. Earlier this week, the GRU, the Russian military intelligence agency, was blamed for taking down four Ukrainian government websites.
The current situation in Ukraine has turned cyberspace into a second battlefield. According to Reuters, the Ukrainian government is assembling an IT expert corps in addition to its military force. These professionals will be able to protect Ukraine from Russian hackers, as well as prepare attacks on critical Russian IT infrastructure.
A hacker collective named Anonymous, which has declared digital war against the Kremlin, is also providing assistance to the country. The Anonymous activists were suspected of causing the inaccessibility of Russian government websites until February 26. In retaliation, cyber attackers targeted RT, the Russian government broadcaster that Western countries perceive as a Kremlin propaganda tool.
Spillover risks of global cyber attacks
At Darktrace, Toby Lewis, head of threat analysis, says the attacks so far have mainly supported Russia’s invasion of Ukraine. In his opinion, a cyber-first campaign may be more effective than economic leverage in getting physical land and territory that Russia seeks. It is also likely, however, that Russia’s cyber warfare tactics are spilling over into other countries, according to researchers at Symantec.
According to Lewis, the start of this cyber-conflict will certainly show up in the collateral effects on global supply chains, and there may be some impact on other Western countries that depend on the same contractors and service providers. The European Union has set up a cyber-rapid response team consisting of Lithuania, Croatia, and Poland to offer Ukraine support.
According to Hitesh Sheth, CEO of Vectra AI, cyberattacks have become the weapon of the first strike. “We have long predicted cyberattacks will be part of any nation-state’s arsenal,” he said on CNBC’s “Squawk Box Asia.” Throughout history, cyberattacks have been a key component of national security plans, he said on CNBC’s “Squawk Box Asia.”
Sheth expressed concern about retaliatory cyberattacks from Russia following this week’s imposition of sanctions by the West. According to him, it is fully expected that as a result of
Russian cyberattacks on Ukraine, there will be covert channels by which they can attack institutions that are being used to contain them in the financial community.
Clouds of cyberwars spread over Russia Ukraine
Meanwhile, the Ukrainian government has asked hackers to target Russia. The Ukrainian IT workforce shared tips on how to deploy malicious software against military officers and government officials online. According to Twitter accounts, a number of Russian banks and government agencies have had documents stolen. As part of an effort to slow down Russian troops, activists paralyzed Belarus’ rail system, according to reports. The claims, however, were not independently verified.
In recent years, hybrid warfare has been emerging as a form of hybrid warfare, with digital attacks playing a major role. Cyber warfare tactics have already been tested in the countries in the past. Ukraine’s electrical infrastructure has twice been targeted by hackers since Russia invaded in 2014, causing a power outage and demonstrating Russia’s capabilities to other potential rivals. Ukrainian government websites were defaced in the weeks leading up to the invasion to display warnings that the users’ data had been uploaded to the internet. Experts said the software targeted these websites in order to make them unusable. It was alleged by the Ukrainian government that Russian intelligence groups were involved in those attacks, a charge Moscow denies.
As discussed earlier, the anonymity provided by cyberattacks makes them powerful. Russia’s invasion showed the difficulty of identifying who is committing attacks or what they are trying to do in the digital sphere since then. Emma Best, a co-founder of Distributed Denial of Secrets, which publishes leaked documents, sometimes sourced anonymously, notes that it is impossible to know someone’s motivations or what lurks in their hearts. The truth remains the same no matter what, but especially in tense situations.
There have been a number of attacks under the name of the Anonymous hacker collective that have been attributed to people operating with divergent agendas. According to the Guardian, the group is no longer real as many people think, but accounts with its name have recently reappeared, “declaring cyberwar on Russia.”
The motivation for hackers to pose as another person is often financial gain. In addition to criminals impersonating state actors to intimidate victims, government-staffed hackers may impersonate independent political activists to stir confusion. “False-flag operations are beginning to appear,” says Jim Guinn, the global head of Accenture’s cybersecurity practice. Hackers have exploited the recent increase in political attacks associated with the Russian invasion in order to break into networks and steal data for their own ends, according to McGinn and other experts.
The most sophisticated hackers occasionally use publicly available or other hackers’ hacking tools to confuse forensic investigators. However, they may also employ more advanced techniques. Despite the fact that they are using more advanced techniques. Andrew Morris, Founder of cybersecurity firm GreyNoise Intelligence, explained how to steal pictures from someone’s diary and get away with it. He flipped the mattresses over and stole the TV so it would seem as if they had been burglarized. There haven’t been any huge data breaches like that seen in 2014 when hackers struck Ukraine’s power grid or in 2017 when the NotPetya attack did significant damage to a variety of global corporations. Nevertheless, experts are concerned that the length of the conflict will increase the likelihood of dangerous cyberattacks.
In other words, it does not matter if it comes from Russia or another party not directly involved in the conflict. I think we should each light a candle and pray for just a moment,” Guinn says.
Russia-Ukraine: Cybersecurity implications to follow
Within 48 hours of the conflict breaking out, the number of suspected Russian cyber-attacks increased by more than 800%. Homeland Security, Federal Bureau of Investigation, and U.S. cybersecurity agencies have all shared high alerts regarding threat levels, preparedness, and response. It cannot be overemphasized. A modern global military’s primary tool is hostile cyber warfare. Global events like this have been planned for some time without any doubt. History shows that nefarious state-sponsored cyber-attacks have escalated during times of geopolitical tension. Although we do not know what forms of attacks may emerge or which may succeed, we should be alert to:
- Zero Day Vulnerability
- Network Attacks
- Code Flaw Vulnerability
- Privilege Escalation
- Data Anomalies
- Man in the Middleware Attack
- Network Anomalies
1. Fix Business Critical Software and Tools
Every software vulnerability, even the old ones, will be patched. You may get caught if you only patch against known threats in the wild. You need to patch anything on the internet, whether it’s a website, a communications network, or a remote business operation.
2. Be ready for any data breach
In addition to the risk of ransomware, many have grown used to the practice of paying a ransom. By disposing of the key or by rewriting the file, these methods and vulnerabilities can also destroy data. A recovery from an attack involves much more than merely removing the threat – it involves
coming back from a catastrophe. Make sure you test your backups and validate your recovery, continuity, and disaster recovery plans. Develop scenarios for all components of your systems.
3. Prepare a quick response strategy
Make sure your response organization is well-tuned. Keep an eye out for mail leaks. It is important to determine the incident manager and to ensure all non-email contacts are current. In the event of a crisis, walk through and reinforce how information will be shared among teams, customers, and employees.
3. Make your network secure
Don’t let the hatches open. The idea that you need to check out all aspects of your network may seem inconvenient, especially if you are used to sending links to clients and colleagues or using a convenient chat application. The convenient experiences may need to be affected until certain point in the future, however, as policies may need to be modified. Simply put, if there is a way to function without, and you can eliminate a potential risk factor, you should do it.
Final thoughts – Role of AI in defence
In addition to cyberattacks, machine learning (ML) has become increasingly important for cyber defenses as well. Russia’s cyber tactics may likewise be characterized by the use of AI and machine learning in the same manner as software supply chain attacks.
Gamaredon’s Pterodo malware strain has been deployed against Ukrainian targets previously – which evades detection and thwarts analysis in part by mapping API components with a “dynamic Windows function hashing algorithm,” Microsoft researchers cite as an example. AI and machine learning “… can be used to protect systems in a way that humans would not be able to detect malicious activity,” Gorge said.
The software can, however, be abused by attackers to circumvent traditional defences. This will be the future of cyber warfare.”