Ukraine conflict: turning point in ransomware | Pentest7

top cybersecurity companies

Both sides in the Ukraine conflict rely on cyber warfare. This heralds a new era in ransomware threats, said Andrew Rose, Resident CISO, EMEA at Proofpoint, in a guest post.

The situation in the Ukraine conflict is difficult to assess and is constantly changing. However, for the first time ever, the world is forced to watch modern warfare in a highly interconnected society. The events surrounding the conflict can be viewed worldwide via TikTok, Facebook and follow Reddit.

Warfare has also changed. While tanks and ground forces remain on the front lines, cyberattacks are becoming increasingly important as part of a holistic offensive. There have been reports of phishing emails targeting both the Ukrainian military and the citizens living there. Distributed Denial of Service (DDoS) attacks on websites have also been reported, with the aim of damaging morale and responsiveness.

Russia explained via Twitterthat it “Never conducted and does not currently conduct ‘malicious’ operations in cyberspace,” however, there are clear signs that this statement should not be taken at face value. Local hacker groups like Conti have publicly stated that they actively support the Russian mission and at the same time are threatening consequences should a cyber intervention take place. Similarly, Mykhailo Fedorov, Deputy Prime Minister of Ukraine, announced the formation of a “IT Army” at. At the same time, he presented a list of priority targets, including Russian government and corporate websites.

In addition to this conflict raging in cyberspace, comprehensive financial sanctions have already been initiated. They are another important aspect of this international dispute and target Russia as an aggressor. It is entirely within the bounds of expectation that both confrontations – cyber conflict and sanctions – will last far longer than the actual military conflict. This would also have consequences for the threat landscape in terms of IT security.

Russian aggression as a turning point in the threat landscape?

So far, Western governments have more or less tolerated cyber attacks because they shy away from the consequences of a counterattack, a so-called “hacking back”. They were apparently unwilling to launch a major offensive in cyberspace. However, now that the lines of conflict are becoming clearer, there is a possibility that cyber offensives by countries will become more open and find their way into our everyday lives.

It is to be hoped that these attacks will be of a purely political nature and will not interfere with normal life. However, the proliferation of ransomware as a service and recent cyberattacks on hospitals, transportation systems, and waterworks suggest that attacks on critical infrastructure are entirely possible. In Western countries, this could mean that power outages, traffic delays and disruptions in financial systems could be the order of the day.

The most obvious thing, however, is that the policy on ransomware will change. So far, Western governments have allowed substantial sums of money to be paid to Russian hacker groups as ransoms. Companies were able to use the payments to recover their data and resume operations. For example, JBS Foods paid REvil $11 million, and Colonial Pipeline had to transfer $4.4 million in cryptocurrencies to Darkside to fix the ransomware damage. However, if those funds are likely to go to a clearly hostile country, which would then have an incentive to use illegal methods to evade financial sanctions, Western governments must put a legal stop to it.

Companies that have so far been tight-lipped about cybersecurity have very little time to change their stance. This conflict has real potential to increase the frequency and sophistication of digital attacks. At the same time, the possibility of buying one’s way out of a predicament as a result of a ransomware attack with money or insurance could be lost. A company’s resilience to cyber attacks will therefore be just as important as its profitability. The two areas are increasingly intertwined, and it can be assumed that legislative measures are likely to intensify this shift in corporate priorities.

What does this mean for cybercriminals? If companies stop paying ransoms and improve both their resilience and vulnerability to damage events, how will they prey? Possibly by directly targeting the large crypto assets of various online crypto platforms, or by targeting individual users rather than companies and replacing one $10 million attack with ten thousand $1,000 attacks?

It’s time to step up protection against cyberattacks

Right now, security officers (CISOs) have their hands full worrying about how to manage their facilities and infrastructure in Russia. At the same time, however, they are concerned that military cyber attacks could target companies. Many have created multi-stage emergency plans or are preparing them under enormous time pressure in order to be able to continue to fulfill their most important tasks. To do this, they are evaluating various options to increasingly isolate themselves from any global threat, while in the same breath compulsively strive to continue business operations.

It is rather unlikely that an attack, if it does take place, will break completely new ground. Sustainable protective measures that have been in place for years are still important. However, it is now of the utmost importance that these measures are applied with much greater efficiency than ever before. Security patches, backups, awareness training, phishing prevention, threat detection, and incident response drills are all key cybersecurity pillars that should be vigorously implemented. To make a comparison here: Even before the corona pandemic, the vast majority were used to washing their hands, but only when this was done consciously and with considerably greater regularity did its effectiveness become apparent.

Leave a Reply

Your email address will not be published.