Hybrid Warfare and Cyber Attacks

Steve Clarke, Head of Penetration Testing, reviews the most recent news on cyber attacks, hybrid warfare and the conflict in Ukraine. He covers:

• • The Conflict in Ukraine and Cyber Warfare

• • Information Warfare and Disinformation

• • Malware Spillage Beyond Borders

• • Russia Targeted by Anonymous

• • How to Protect Your Business and Data

• • How To Book Your Free Security Consultation

The Conflict in Ukraine and Cyber Warfare

Both sides in this conflict and activist groups have used information and hybrid warfare extensively. Here I cover what practical steps organisations can take to minimise their exposure to being targeted by such attacks.

Unsurprisingly Ukraine was targeted by cyber attacks before columns of armour rolled into its sovereign nation. Distributed Denial of Service (DDos) attacks have been ongoing for several years but intensified in the weeks ahead of the invasion.

Just days before the ground invasion HermeticWiper, a data wiper, was unleashed against a number of Ukrainian entities. The sole purpose of HermeticWiper was to erase disk storage and deny access to system data. It achieved this by leveraging endpoint and server configuration weaknesses, such as executing as a local administrative user.

Researchers also identified other suspected Ransomware variants with no decryption capabilities. This indicates monetising the tools may not have been the primary objective.

Information Warfare and Disinformation

Along with the technical exploits, information warfare, particularly disinformation, has been a known modus operandi of the Russian state for many years. The ability to target citizens from the other side of a continent 24/7 and without the ability to attribute the source easily make information attacks attractive and a disinformation weapon.

However, there have not been high profile cyber attacks on the West, which were widely reported and expected at the start of Russia’s campaign. Some commentators believe this might be down to infiltration of Russia’s cyber warfare capabilities, while others feel it’s merely a matter of time until these are unleashed. Time will tell which camp is right.

Of course, Ukraine being hit by suspected Russian cyber weapons is nothing new. Parts of Ukraine’s power grid were successfully attacked in 2015 by what is believed to be the first use of weaponised cyber attacks against electricity grids. The NotPetya ransomware from back in 2017 was explicitly designed to target users of MEDoc, an accounting package in use by 90% of Ukrainian businesses. It first compromised systems in Ukraine causing widespread havoc before further disrupting the world, including many multinational firms.

---

Malware Spillage Beyond Borders

It is simply a matter of time before non-targeted cyber weapons affect users and systems in other nations. There are often relatively few operational security controls within malware to limit infection to specific geographies. This makes them more potent as they can remain active for months or years, long after a ground invasion has concluded. Ensuring systems are hardened and remain patched against weakness remains a key priority for security teams. This is arguably the single best defence against untargeted attacks.

Russia Targeted by Anonymous

Russia has also faced the brunt of cyber hacks in the form of defacement and Denial of Service (DoS) attacks. State-sponsored attacks are inevitable and will likely be difficult to attribute. However, the Anonymous hacktivist brand announced early after the invasion of Ukraine that they were actively targeting the Kremlin. They have claimed defacement of public web pages, including the Russian military’s public website, the takeover of state TV broadcasts and exfiltration of government data. This approach has marked a shift in tactics from an organisation more commonly known to carry out Denial of Service (DoS) attacks.

 

How to Protect Your Business and Data

The National Cyber Security Centre (NCSC) has recently provided updated actionable guidance on preventing cyber threats. The advice is aimed at businesses and organisations of all sizes and sectors. It provides actions to help mitigate risk and helps organisations understand the factors contributing to their cyber risk. The steps outline several key areas of an organisation’s cyber security, including:

• • Patch management

• • Access control and password management

• • Logging and monitoring

• • Ensuring your Internet footprint i3rt4fgnhms minimal and hardened

• • Human-factors and procedural items such as ensuring users know how to report suspected phishing emails and ensuring backups are offline and recoverable

The first step you can take is to identify any gaps in your cyber security and ensure you have multiple layers of protection. CyberLab’s portfolio of products and services can help organisations obtain assurance on the effectiveness of many of these areas and assist them in quantifying risk to their data and assets. Our team looks after over 28,000 companies, from small businesses to large public sector organisations.

---

Please reach out if you want to talk about protecting your data from cyber attacks. Get agnostic advice from industry experts on how secure your business.