A Year of Armed Conflict: Lessons to Be Learned for Cybersecurity
The world has suffered witness to the Russia-Ukraine war for over a year now. One of the biggest revelations is that the war isn’t just happening on land, air, or sea, but it’s also quietly raging on in cyberspace. Ukraine’s top cybersecurity agency, the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) which issued a press release and hosted a press conference recently, gives us some insight into this cyber battlefield. Summarized below are key observations:
- Critical Infrastructure is the Most Attacked Sector
According to SSSCIP, industries such as the energy sector, security and defense sector, telecommunications, financial as well as logistics, are the most attacked sectors. Russia wants to destroy critical information infrastructure, obtain intelligence on security operations and movement of defense forces and perform psychological warfare by spreading fear and undermining public confidence. Telecom and internet remain principal targets of disruption aimed at blocking Ukrainians from communicating and exchanging information. - Rampant Use of Infostealers and Data Wiper Malware
To destroy information and disrupt systems, state-sponsored Russian hackers have been widely using so-called “infostealers” and wiper malware. An infostealer is basically a computer Trojan that harvests keystrokes, screenshots, and network activity then sends this information to attackers. And as the name suggests, wiper malware completely erases data from the devices it infects. The Computer Emergency Response Team of Ukraine (CERT-UA) identified five wiper variants — CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe. One researcher noted up to 16 families of wiper malware in Ukraine. Some of these targeted Windows systems while others focused on Linux, Solaris and FreeBSD systems. All in all, Ukraine faces more data wiping malware than anywhere else in the world. - Phishing is the Key Vector of Initial Access
In the same press conference, the head of SSSCIP, Brigadier General Yurii Shchyhol, claimed that email is the most popular vector for the dissemination of malicious malware. This means that while infostealers and wiper malware are wreaking havoc, the key reasons or root causes why cyberattacks happen is due to human error and poor judgement. Many of these emails incite a sense of urgency and emotion, designed to trigger an immediate response from recipients who are usually harried and distracted. While most of these social engineering scams are directed towards government employees, Shchyhol highlighted that every Ukrainian has a responsibility for the overall security of the cyber sector and therefore everyone must take cyber hygiene responsibly. - Vulnerability Exploitation Is Another Top Root Cause
In 2022, there were nearly 170,000 attempts made by Russian forces to exploit vulnerabilities in various state information resources. These include vulnerabilities in hardware, software, networks, firmware configurations and communication protocols. In addition, the SSSCIP also revealed that Ukrainian cybersecurity agencies have been successful at blocking thousands of intrusions attempts everyday including five to 40 powerful and high-intensity DDoS attacks daily. In December 2022 alone there were nearly 400 major attacks that were thwarted by Ukrainian cyber defenses.
Key Cybersecurity Takeaways for Businesses from the Russia-Ukraine Crisis:
True wisdom comes from experience, and there are a lot of lessons that can be learnt by all businesses from this conflict. Below are key takeaways:
- Practice A Shields Up Approach, Especially If You Are A High-Value Target
If your organization is involved or associated with critical infrastructure — and the US government labels 16 sectors as critical — cybersecurity should be your highest priority. Don’t rule out the possibility of indirect attacks, i.e., attacks via the supply chain or third-party partners. For example, the attack that took out internet services in Ukraine was the result of a successful cyberattack on a US-owned satellite company, Viasat. Practice incident response plans regularly for preparedness in case a cybersecurity incident occurs. Deploy proven technological defenses (endpoint detection and response, firewalls, intrusion prevention systems, etc.) and have clear cybersecurity policies and procedures in place for your entire ecosystem including third-parties. - Focus on Root Causes
Most organizations make the mistake of only fixing symptoms, not root causes. Malware is a symptom, not a root cause. One should understand how malware got in and eliminate those root causes. Phishing and vulnerability exploitation are top root causes so addressing these will help eliminate the majority of risk. Simple things like scanning the infrastructure for vulnerabilities and frequent patching of systems, software, and devices will help mitigate security weaknesses to a great extent. - Strengthen Human Defense and Response
Human-centric vulnerabilities (like impulsiveness, burn-out, anxiety, etc.) are the obvious reasons why threat actors target end users, thereby circumventing some of the most advanced technical controls. Organizations must coach employees about risk management, directing them to assimilate a degree of skepticism when interacting with anything online. Users should be exposed to simulated phishing attacks using real-world examples for testing awareness of the latest threat tactics and learn to recognize scams and report suspicious activity.
How long the Russia-Ukraine crisis endures is impossible to say but organizations can follow similar cybersecurity takeaways that are applicable to all. Address root causes before they escalate to security incidents and apply best practices for educating employees and partners. Focus on these elements and organizations will no doubt adapt to more resilient methods for running their operations with less fear of cyberattack. Focusing on these elements will no doubt spur organizations to adapt to more resilient methods for running their operations with less fear of cyberattack.
Written by Stu Sjouwerman.
Have you read?
Wealthiest Sports Owners in the World?
World’s Richest Actors And Their Net Worth.
World Richest Tennis Players And Their Net Worth.
Richest NFL (National Football League) Players.
Top CEOs in Singapore, 2023.
Add CEOWORLD magazine to your Google News feed.
Follow CEOWORLD magazine headlines on: Google News, LinkedIn, Twitter, and Facebook.
Copyright 2024 The CEOWORLD magazine. All rights reserved. This material (and any extract from it) must not be copied, redistributed or placed on any website, without CEOWORLD magazine' prior written consent. For media queries, please contact: info@ceoworld.biz