Contests between states in the so-called gray zone between war and peace have been increasing for some time in cyberspace. In Ukraine, cyberattacks have been recorded more frequently over the past few years, with high-profile attacks against its electrical power infrastructure in 2015 by BlackEnergy and in 2016 by Industroyer.
In 2017, the notorious NotPetya faux ransomware attack also struck Ukraine, which started by planting a backdoor on the update server of a popular Ukrainian accounting software provider that then sent a malicious update to customers and wiped out computers in Ukraine, even ripping through the systems of the Chernobyl Nuclear Power Plant. Many foreign companies with business relationships in Ukraine, and hence connected to Ukrainian networks, were also affected. The global impact of NotPetya was estimated to be more than US$10 billion. This is a useful reminder that even though attacks might start off as targeted, there is significant risk of collateral damage.
Asymmetric warfare
With the recent escalation of the gray zone conflict in Ukraine, cyberattacks have escalated in tandem, firmly becoming part of 21st century asymmetric warfare in which unequally matched adversaries adopt unconventional strategies and tactics to secure their objectives.
Since it is likely that geopolitical tensions will remain high for some time, countries whose governments are actively supporting either Ukraine or Russia will likely also be targeted with cyberattacks intended to disrupt, cause damage, and steal information. We already see hacker groups choosing sides and entering the cyber-battlefield guided by their sympathies. Complexity is further mounting given that a large tranche of sanctions has been introduced, presenting the specter of retaliatory cyberattacks on high value targets such as critical infrastructure, public sector bodies, and leading businesses, for instance, financial institutions.
Another rich target for cyberattacks is the supply chain, both physical and digital. In the digital realm, a number of recent vulnerabilities demonstrated the impact that a compromise along the supply chain can have on organizations downstream. Many of the risks seen with NotPetya in 2017 could manifest in a far worse form today.
We’ve already seen massive damage done to businesses and institutions via the abuse of IT management tools like SolarWinds Orion, Kaseya Virtual System Administrator, and Centreon, and email services like Microsoft Exchange. With an aim to avoid impacts at these scales, several national cybersecurity teams, such as the National Cyber Security Centre in the UK, have issued warnings and advice on actions to take when facing heightened cyberthreats. Such advice transcends borders and should be considered as essential to protect against cyberattacks and mitigate risks and impacts. Even companies that seem far from the geopolitical game are at risk, apparently less interesting enterprises might just be the ideal training camp for future larger scale attacks.
Preparing for cyberattacks
Suffering a cyberattack can be highly stressful and confusing, so preparation is paramount. It is important to avoid panic, and this is best achieved by training staff and conducting regular reviews of security policies and measures. Building business continuity and disaster recovery plans based on a concrete understanding of what needs to be done and in what order is key to success.
Remember, threats will continue to evolve in volume and sophistication – remain vigilant. Be honest about your organization’s risk exposure. Does your organization’s mission, product or service support critical infrastructure or key governmental processes? Is it part of a supply chain supporting key services? If the answer is no, it is still a good idea to develop a plan. If the answer is yes, evaluate your needs with a professional body.
Get a head start with our cyber-resiliency checklist.
Security partnerships
Businesses and institutions with concerns should consider private sector and government partnerships to address the growing cyberthreats. This requires a sustained team effort but is well worth it. Security teams at your organization should consider charting a course with a reputable security vendor that ensures systems are properly configured and that IT admins and staff are all addressing the security of their digital processes and tools.
As one of Europe’s leading digital security companies, ESET will continue to protect customers during this period of heightened geopolitical tension and share information on the latest threats observed in Ukraine with the wider infosec community.