Cyber ​​conflict can escalate at any time | Pentest7

top cybersecurity companies

In the cyber war between Russia and Ukraine, security experts are warning western companies of further cyber attacks.

In the real war between Russia and Ukraine, the situation remains confusing. Russian forces are occupying several locations, while the Ukrainian army has regained control of Kyiv airport. The Ukrainian government has posted instructions on how to make Molotov cocktails on social media.

Hitesh Sheth, Founder and CEO of Vectra AI, comments on the consequences of the now hot conflict between Russia and Ukraine from the point of view of an IT security expert:

“The war we see on TV is only a fraction of the conflict. Cyber ​​weapons inflict at least as much damage on Ukrainian computer networks, particularly the financial and military systems. We will never have more vivid evidence that offensive cyber actions are now a first strike tactic on par with kinetic warfare.

The sobering difference: Conventional war is waged between nation states. Cyber ​​war poses serious risks to private interests, even if they are reluctant to become combatants. An escalating cyber conflict can lead to unforeseen consequences and casualties. No one can be sure that he will remain a mere spectator.

No institution, public or private, can therefore afford relaxed complacency in the face of the events we are observing in real time. This is alarming evidence that legacy cyber defenses, focused on perimeter protection, fail when the worst comes to the worst. Security begins at home, and private interests cannot rely on government protection. Cyber ​​defenses must now be reviewed and strengthened, and AI-based detection and response must be prioritized. This will help provide stability at a worrying time.”

Lavi Lazarovitz, CyberArk Labs, adds: “CyberArk Labs has tracked the emergence of wiper malware called HermeticWiper targeting infrastructure in Ukraine. So far, our team has identified some specific characteristics that make this malware unique. These include the fact that attacks have been highly targeted to date and that infections seen to date use compromised identities to spread laterally.

Most notably, the Wiper’s distribution does not appear to exploit supply chain vulnerabilities or use other “super spreader” techniques. This means that the threat will not immediately spread to other regions. In a well-known case, the ransomware was distributed via a group policy in the Active Directory – the attackers therefore had privileged access to the Active Directory. Such a procedure is much more common for targeted attacks carried out by humans and was also used with Kaseya, for example.

It is worth noting that the wiper uses high privileges on the compromised host to make the host “unbootable”. To do this, it overwrites the boot record and the settings for the system start, deletes device configurations and shadow copies (backups). The wiper appears to be configured not to encrypt domain controllers to keep the domain active. This allows the ransomware to use valid credentials to authenticate with servers and encrypt them. This highlights that the attackers are using compromised identities to access the network and/or move laterally.”

Leave a Reply

Your email address will not be published.