The tense atmosphere on the border between Ukraine and Russia is just one of the vertices of a possible war that is also being fought in cyberspace. Warnings of cyber attacks have multiplied and this could be the first cyberwar on a global scale.
While more than 130,000 Russian troops carry out exercises along Ukraine’s borders and diplomatic contacts between NATO members and President Vladimir Putin multiply to avoid a war that seems to be about to happen, in cyberspace the tension is also high and there is warnings that the attacks will have already begun. The first alerts were felt in early January, after Ukrainian government websites were attacked, with Microsoft discovering a destructive malware operation to render the country’s computer networks unusable.
Sophos has been monitoring the situation and Chester Wisniewski, the company’s Principal Research Scientist, recalls that these conflicts “can cause impacts and collateral damage both on people and organizations outside the main sphere of operations – in this case, Ukraine”, recalling that this has happened in the past. “Other adversarial actions in the past have caused collateral damage to organizations that have business operations in the targeted and nearby nations,” he explains.
In 2008, during the conflict between Russia and Georgia, a cyber attack brought down government, financial, and energy systems in that country, causing general chaos. But while these attacks may seem targeted, they end up having side effects. Less than five years ago, the NotPetya malware, which reportedly originated in Russia, targeted Ukraine’s power grid, transport and financial system, with the aim of destabilizing the country, and ended up spreading around the world. The estimated economic impact at the time exceeded 10 billion dollars.
At the origin of the attacks could be an organized cyber army, and under a Russian military command, but Chester Wisniewski also warns that, “often non-governmental agents attack suspected enemies in a kind of patriotic fervor, which can lead to an increase in of cybercrime by attackers who support the Russian cause”.
“The world has a place on the front lines for what could be the first large-scale cyber war in the pipeline,” wrote Keith Alexander, formerly director of the US National Security Agency (NSA), last week. Agency) and founder and commander of North American Cyber Command.
“THE RISK OF INVASION IS HIGH AND THERE IS LITTLE DOUBT THAT A MODERN MILITARY CAMPAIGN SHOULD INCLUDE A COMPONENT OF AN EXTENSIVE CYBER ATTACK”, UNDERLINES.
“Today, not only is the threat of a cyberattack greater, but the risks of damage are much higher. Microsoft has already warned that it has detected destructive malware placed on computer networks in Ukraine, extending to several governmental, non-profit organizations and information technologies. The lesson learned with NotPetya is that, once activated, this malware can spread far beyond its initial targets”, warns Keith Alexander in his article published in the Financial Times.
The risk that this malware will reach NATO members and private organizations around the world is pointed out as real, and the commander warns that there is no easy or miraculous solution to the problem, but that it is clear that an essential element is the concept of collective defence. “This links companies and other organizations – especially critical infrastructure – with each other and with governments to start anonymizing data from cyber intrusion attempts and attacks on modern networks,” he argues. And he recalls the recent attack that exploited the Log4j vulnerability at the Belgian defense ministry, among other targets.
“A collective defense approach creates a ‘radar’ image in cyberspace, allowing different teams to fight opponents immediately”, says the commander who now leads a company specializing in cyber defense, IronNet. “We are going to face a threat similar to 9/11 in cyberspace. The question is simply when. Uniting is mandatory if we want to protect ourselves against one of the biggest risks to a prosperous and peaceful future”, he stresses.
Sophos warns that “organizations with a presence in Ukraine, as well as citizens, should heed the advice of the US and other governments regarding their security, and should apply it to their cybersecurity posture as well.” Chester Wisniewski reminds them that they must be on high alert, take steps to protect their networks and systems and, because physical security is paramount, consider measures to secure, shut down or remove their physical networks and systems from Ukraine.
But also organizations that do not have a direct presence in Ukraine should stay alert and “put in defense in depth, as usual, but they should also increase monitoring and ensure that their defense layers are active, properly configured and being monitored.” 24 hours a day, 7 days a week”.
THE SPECIALIST UNDERLINES THAT “NO MATTER IF YOU ARE ATTACKED BY A NATION-STATE, A PARTY OR A STEREOTYPED TEENAGE GIRL OPERATING FROM SOMEONE’S BASEMENT – WE MUST HAVE DEFENSES ALWAYS UPDATED AND IN LAYERS, PREPARED TO ANTICIPATE FAILURE, AND CAREFULLY MONITORED, TO RECOGNIZE THE SIGNS OF AN ATTACK IN PROGRESS.”
Source: With Agencies