Julia O’Toole, founder and CEO of MyCena Security Solutions, comments on how historic cyberattacks have given the Russian government critical advantages in the build-up to the Russia-Ukraine conflict. In anticipation of escalating cyberattacks, organisations should take immediate action to secure cyber-resilience.
The invasion of Ukraine is the culmination of years of careful preparation from the Russian state. Strategic cyber-advantages were gained in several areas, convincing them of their own cyber-supremacy.
Cyber-advantage one: Cyberwar practice runs
The Russian military has been testing and perfecting cyberwar techniques for years, not least against their Ukrainian neighbour, of which the most devastating was the NotPetya cyber-attack. This was directed against Ukraine’s financial, energy and government institutions in June 2017 but also indirectly affected many other businesses, causing hundreds of millions of pounds in losses.[1]
This attack highlighted the risk associated with having their own country’s digital infrastructure connected to the world. Consequently, Russia created its own internet network that can be disconnected from the rest of the world when needed. This was tested in June and July 2021 and again in January 2022, a few days after a dozen Ukrainian government websites were hit by a data wiper attack disguised as ransomware.[2]
Cyber-advantage two: Financial gains through ransomware
According to a report by Chainanalysis, nearly three-quarters of traceable ransomware revenue in 2021 (around $400 million worth of cryptocurrency) was laundered through Russia. Meaning that cyber-insurers could well have unknowingly propped up Russian military coffers.[3]
Cyber-advantage three: Deep penetration into western governments’ digital infrastructure
A recent string of high profile cyberattacks and vulnerabilities, including the SolarWinds attack and the log4j vulnerabilities, has enabled Russian cybercriminals to scan, steal and crucially stay inside organisations. According to O’Toole, “the SolarWinds attack reportedly gave Russia access to data from about 100 U.S. government agencies, critical infrastructure entities, and private sector organizations[4].”
“Expect more cyberattacks”
UK Home Secretary, Priti Patel has issued clear warnings that “as this crisis develops” the Government expects to see “cyber-attacks aimed at the West”. And Lindy Cameron, chief executive of GCHQ’s National Cyber Security Centre, has said: “In a world that is so dependent on digital assets, cyber resilience is more important than ever…The UK is closer to the crisis in Ukraine than you might think… If the situation continues to escalate, we could see cyber-attacks that have international consequences, intentional or not.”
“Lindy Cameron is correct to urge businesses and organisations to take steps to improve and increase their cyber resilience,” says O’Toole. “In the current cyberwar, a cyber-resilience strategy is more urgent and necessary than ever. The question is how?”
“Hackers don’t need to hack in, they log in.”
“Russia has gained its cyber-advantages fundamentally through the inherently weak digital access models deployed by organisations today. We know that nine out of ten attacks involve legitimate passwords, with password phishing responsible for 83 per cent of all cyberattacks in 2021.
“People changing their passwords from DomSmith123! to Dom$mith1234 after a cyberattack will not stop a malicious actor from logging in again!”
Protect network access and ensure cyber-resilience
But it is not too late to protect your network access and secure cyber-resilience. According to O’Toole, organisations can quickly organise themselves to take back command and control of their digital network, stop passwords phishing and prevent ransomware attacks. Starting with applying physical security rules to their cybersecurity:
- Don’t let employees make and share their own (digital) keys. To ensure passwords can’t be seen, shared, or phished by anyone, they can be encrypted from end-to-end (creation, distribution, use, expiry).
- Don’t put all systems behind a single door with one key to open everything. To ensure (cyber) resilience, segment access to every system so that if one is breached, for example in a supply chain attack, the breach is isolated by default and won’t affect other systems.
From protecting networks to deceptive intelligence
O’Toole continues, “Intelligence has always been a key advantage in war. So has deceptive intelligence. By breaking the ENIGMA code, Alan Turing and the team at Bletchley Park helped the allies intercept the Nazis’ encrypted communications, create false information to then be intercepted by their opponents, and consequently shortened the war. Imagine today if organisations leveraged the rise in phishing attacks to deceive criminals with false information about their intentions and positions. Simultaneously, access from legitimate users would be protected with end-to-end encrypted passwords that can’t be seen, shared or phished. These organisations would be immune to passwords attacks, ensuring the integrity of their network and confusing their opponents in the process.”
Stop ransomware and stop funding the war
“From a financial standpoint, removing selected Russian banks from the SWIFT system and freezing their central bank assets will have a massive impact on Russia’s ability to sustain its aggression. Through preventing ransomware attacks, organisations could also prevent cryptocurrency theft from offsetting the financial sanctions and shorten the war,” O’Toole concludes.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.