Pages

1 March 2023

Russia Engages With Ukraine on Cyber Battlefield

ELLEN CHANG

Cyber activity will ramp up more before a physical war since it is being used as a tool in an attempt to disrupt and weaken countries.

Ukraine and several other countries, including NATO bore the brunt of the myriad of cyber attacks from Russia, Zac Warren, chief security advisor of EMEA at Tanium, a Kirkland, Wash.-based provider of converged endpoint management, told TheStreet.

"We need to understand that, moving forward, we’re going to be seeing more cyber activity as preemptive activity to physical war," he said.

Ukraine battled hackers last year while fighting Russia when its troops attacked major cities.

Cyber warfare is used as a strategy to "weaken a target before moving in," Warren said.

Hackers are targeting critical infrastructure of a nation such as its power grid, utilities and hospitals.

"There is a great deal of critical infrastructure that could be easily taken out or slowed down by a cyberattack," he said. "The conflict in Ukraine demonstrated that cyber is now the starting point for modern warfare and it’s high time we prepare for the realities of future conflict."

Ukraine has been a "playground for Russia’s cyber warfare operators for the last nine years," said Intel 471, a Wilimington, Delaware cyber security company, in a recent report.

Cyber espionage and disruption campaigns against Ukraine have been "rampant" since the mass protests in Kyiv in 2013.

The invasion of Ukraine in 2022 "galvanized" cyber-attacks from Russian state actors," according to the report said.

"Weeks prior to the invasion and weeks immediately following it, attempts to infiltrate the country's media and telecom sectors were reported," the report said. "Just as Russian missiles were striking TV towers and telecommunications infrastructure across the country, offensive cyber capabilities were deployed to disrupt and knock out communications to the extent Ukraine was forced to initially disable and later migrate government e-services to foreign data centers."


Russian Hackers Still Targeting Ukraine

The seemingly ease of Russia’s cyber aggression shows that even organizations who are obvious targets struggle to "understand what steps can be taken to close exploitable attack vectors," Mike Heredia, vice president, EMEA & APAC at XM Cyber, a Tel Aviv-based provider of hybrid cloud security, told TheStreet.

"Coordinated attacks aimed to disrupt national infrastructure cause panic and fear, weaken Ukraine’s ability to successfully defend and increase the chances of traditional war tactics being successful," he said. "The ease at which cyber attacks can be coordinated in this way indicates that Russia has ongoing foothold within Ukraine critical infrastructure networks and can simply pick and choose when and what to disrupt."

Organizations and companies need to develop new strategies because periodical penetration tests are not sufficient, Heredia said. Instead, there needs to be constant prevention strategies to determine the "most efficient steps that can be taken to eradicate this risk on a day to day and week to week basis."

"Organizations need to be mandated to have a continuous attack simulation that shows how the internal attack surface can be traversed by attackers given the latest attack techniques that can be used," he said.

NATO members should "immediately update compliance mandates and standards" while putting proactive defense measures in place, Heredia said.

Cyber warfare tactics include using wiper and other forms of destructive malware that can destroy and render critical computer systems inoperable, Darren Guccione, CEO at Keeper Security, a Chicago-based provider of zero-trust and zero-knowledge cybersecurity software, told TheStreet.

They are an obvious tool of choice for many threat actors, including nation states because wiper malware may be part of a "larger effort to threaten operations, destabilize a government or disrupt critical infrastructure such as power grids, transportation networks and financial institutions," he said.

Wiper malware is extremely effective because it can be used to destroy evidence of network infiltration for other purposes such as espionage.

"Protecting critical infrastructure and the services that people rely on from cyberattacks is as important as protecting it from physical attacks because the consequences have the potential to be equally devastating," he said.
Ukraine Fought Back Against Russian Hackers

Ukraine significantly boosted its continuous security monitoring capabilities during the past few years, so they were able to quickly detect these attacks, decreasing the impact to major infrastruture, Phil Neray, vice president of Cyber Defense Strategy at CardinalOps, a Palo Alto, Calif.-based detection posture management company, told TheStreet.

Wiper malware has been used to target Ukraine since at least 2015 due to efforts by adversary groups like Sandworm, a unit of Russian GRU military intelligence. An updated version was used in destructive attacks against Ukrainian networks in February 2022 while Russia moved its troops into the country, he said.

Ukrainian cyber security experts had already moved their critical data from on-premises servers to the cloud where it could be better protected, Neray said

"Gaining more high-fidelity detections at all security layers (endpoint, network, email, IAM, cloud, etc.) and moving to the cloud are the key lessons we can take from the past year," he saud.

Ukraine has been "surprisingly resilient against the attacks, showing a skill and dedication from the defenders that the Russian attackers certainly didn’t expect," Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation, told TheStreet.

Russia's threat actors have "some extraordinary" skills, but Ukraine's defense was impressive, he said.

Hackers from Russia will likely be more subtle about their next moves and may "alter the tools and tactics they use to try and get past Ukraine’s defenses, but they won’t stop," Parkin said.

No comments:

Post a Comment