FeatureThe invasion of Ukraine is a harrowing ordeal for anyone impacted by the conflict. It is a time of heightened risk and uncertainty, with implications that are rippling across the world.
One area of increasing concern is the elevated risk of cyberattacks. As part of the greater cybersecurity community, we aim to share information that is helpful to those who are dealing with, or having to respond to, questions about increased cyberthreats.
Over the course of at least months, cyber strikes on Ukraine have escalated
Over the course of at least months, cyber strikes on Ukraine have escalated. Attacks in recent days have knocked government and corporate systems and websites offline, and defaced Ukrainian websites. A new data wiping malware, dubbed HermeticWiper AKA KillDisk.NCV, has also been leveraged to infect hundreds of machines across Ukraine, Latvia, and Lithuania.
Security researchers have reported that HermeticWiper corrupts the Master Boot Record, resulting in failure to boot. This new malware family comes close on the heels of the discovery of WhisperGate malware, which was used to attack Ukrainian systems in early January.
Attacks in recent days have knocked government and corporate systems and websites offline
As with NotPetya, these new malware families seem intended to incapacitate the assets they infect. The rapid emergence of these debilitating, novel malware families also reinforces the need for proactive, preventative security that goes beyond signature-based recognition.
However, the cybersecurity fallout of the geopolitical conflict extends far beyond Ukraine’s borders. Cyber threat activity is picking up around the world. A joint advisory, by CISA, the FBI and the National Security Agency, outlined activities and tactics used by state-sponsored cybercriminals. These activities include brute-forcing, spear phishing emails with malicious links, using harvested credentials to gain access, and maintaining persistent access.
Cyber threat activity is picking up around the world
CISA also issued a SHIELDS UP advisory. In the advisory, CISA recommends all organisations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. The advisory also provides steps organisations should take to help prevent or mitigate a cyber intrusion.
While nation-state threat actors may be increasing activity to disrupt the operations and supply chains of adversaries, and to increase their spheres of power, the usual cast of non-affiliated, opportunistic threat actors, such as ransomware operators and phishing scammers, could also be looking to cash in on global instability, like they did during the early stages of the coronavirus pandemic.
A joint advisory, by CISA, the FBI and the National Security Agency, outlined activities and tactics used by state-sponsored cybercriminals
Over the last year, nations across the world, including the US with its issuance of the Executive Order EO 14028 on Improving the Nation’s Cybersecurity, have made strides in ramping up their cyber defences and in fostering better cross-country collaboration. Recent geopolitical events underscore the importance of maturing zero trust security controls across all organisations—from small businesses to critical infrastructure and operational technology.
Activities include brute-forcing, spear phishing emails with malicious links, using harvested credentials to gain access, maintaining persistent access
Right now, it is important for everyone to reassess their cyber risk and look closely at where they can mature their security controls. The specific security priorities—whether it be accelerating the patching of vulnerabilities, vaulting and automating management of credentials, applying least privilege, or better securing remote access pathways—should be directed by the findings of their assessment.
Geopolitical events underscore importance of maturing zero trust security controls across all organisations, from small businesses to critical infrastructure.
Opinions and comments are of the authors mentioned.
