Cyberattacks increase as Ukranian crisis continues

- Advertisement -

As a result of American sanctions on Russia, enterprises and businesses in the US are being warned of a possible escalation of ransomware attacks. And with tensions between Russia and Ukraine progress, cybersecurity experts are predicting a real war in the virtual world intensifying too.

Just minutes after US President Joe Biden announced America’s actions against Russian banks and its industrial moguls, the Federal Bureau of Investigation called on American enterprises not only in the mainland but also offshore to be doubly vigilant as reports that Ukraine’s border control systems had been hit with wiper malware aimed at disrupting the migration of refugees. The warning came from FBI’s David Ring, and reported in CNN late last week.

Chester Wisniewski, principal scientist of Sophos, said that known or suspected Russian state activities can be a barometer of what to expect as the crisis between the two countries continue. For example, sporadic distributed denial of service (DDoS) attacks have started disrupting Ukrainian government websites and financial service providers, there is much talk about being prepared for cyber conflict.

- Advertisement -spot_img

In response to the attacks, Mykhallo Federov, the vice prime minister of Ukraine and its minister of digital transformation, sent out a Tweet calling on people with cyber skills to join a virtual IT army to help Ukraine protect itself and at the same time attack Russian assets in retaliation for the hacking attacks allegedly perpetrated toward Ukraine.

An “IT Army” post on a message platform included a list of 31 targets for supporters to attack.

Wisniewski, in a blog post in Sophos’ website said two known hacker’s groups, Anonymous Collective and Conti’s have made announcements of whose side they are on, triggering an all-out war on the dark web–almost running at the same time attacks on the ground are happening.

The Twitter post to an account attributed the Anonymous Collective (from Sophos).

Anonymous in a Twitter post, declared “cyberwar” against the Russian government. The group of known hacktivists, hash-tagged the Tweet with #Ukraine and #Anonymous. A few hours later, ransomware attackers Conti, posted a message to their Dark Web site declaring their “full support of the Russian government.”

A post from cyber hacker group Conti with a stern warning against incursions on Russia.

“Many people want to support Ukraine, but I advise against doing something like this to show support. Unless someone is working directly on behalf of a nation-state, they are likely to be committing a serious criminal offense,” Wisniewski advises.

And another ransomware crew released an official statement regarding the conflict: Lockbit 2.0 posted a message to its Dark Web site saying that it will never attack the critical infrastructure of any country and is not taking sides. It claims to be just a diverse group of “post-paid pen-testers,” and that it is just business, and “all we do is provide paid training to system administrators around the world on how to properly set up a corporate network.”

The statement was posted in eight languages alongside two JPEG images of the earth.

Regardless of whether things continue to escalate, cyber operations are sure to continue. Ukraine has been under a constant barrage of attacks with varying degrees of peaks and troughs since Viktor Yanukovych was deposed in 2014.

Wisniewski warns that it is part of Russian military strategy to conduct Russia’s official cyber attacks that can wrest control of the optics of the situation and eventually control the rest of the world’s response to actions in Ukraine or any other target of attack.

“The prior implementation of measures of information warfare in order to achieve political objectives without the utilization of military force and, subsequently, in the interest of shaping a favorable response from the world community to the utilization of military force,” stated that “The Military Doctrine of the Russian Federation” from 2010 and is a clear indication of how it can control the rest of the world’s response to actions in Ukraine or any other target of attack. It also suggests a continuance of previous behaviors before a conflict, and makes DDoS attacks a potential sign of an imminent kinetic response.

False flags, misattribution, disrupted communications, and social media manipulation are all key components of Russia’s information warfare playbook according to the Sophos cybersecurity scientist.

“They don’t need to create a permanent cover for activities on the ground and elsewhere, they simply need to cause enough delay, confusion, and contradiction to enable other simultaneous operations to accomplish their objectives,” Wisniewski mentioned.

It is unlikely Russia would directly attack NATO members and risk invocation of Article V. However, its recent gestures toward reining in criminals operating from the Russian Federation and their Commonwealth of Independent States (CIS) partners will probably come to an end, and instead we will see the threats multiply.

From a global perspective, the cybersecurity expert said that it is expected that a range of “patriotic. freelancers” in Russia–otherwise known as ransomware criminals, phish writers and botnet operators–can lash out with even more fervor than normal at targets perceived to be against the Motherland.

“While defense-in-depth security should be the normal thing to strive for at the best of times, it is especially important if we can expect an increase in the frequency and severity of attacks. The misinformation and propaganda will soon reach a fever pitch, but we must keep our nose to the ground, batten down the hatches and monitor for anything unusual on our networks as the conflict cycles ebb and flow and even when/if they end soon. Because as we all know, it could take months for evidence of digital intrusions due to this Russian-Ukrainian conflict to surface,” Wisniewski warns.

Author

Share post: