Cyberattacks thrive on confusion, a lack of knowledge about systems and assets, and any generally fairly common weak points. Any major turbulent period in one country will likely make a range of businesses more vulnerable to cyber attacks than they were before.
This means that in principle, it should come as no surprise that over the past few months cyberattacks against the Ukrainian government and military sector have more than doubled, increasing by 112% in total, according to new findings from Check. Point Research (CPR).
But while this may be predictable, what too few companies are still considering is that while the illegal Russian invasion of Ukraine is a flashpoint for developing and deploying cyberattacks, those attacks, the techniques, and the people behind them, are not going to remain confined to Ukraine indefinitely. While physical invasion will go one way or the other, what is certain is that whenever you intensify an environment conducive to the growth and development of cyberattacks, attack methodologies and people that underlie them will survive the hothouse environment for a long time.
Sergey Shykevich, Threat Intelligence Group Manager at Check Point predicts: “At the end of the conflict, regardless of the outcome, these APT groups, hacktivists and individuals will not just disappear. Instead, they will turn their new expertise and new tools to new targets, unleashing a tsunami of cyberattacks across the world.
That, in case you missed it, is why companies should care.
The last few times there was a major international invasion with war, the West was largely speaking the aggressor – the Gulf Wars were fought in retaliation for the Iraqi invasion of Kuwait, and the Afghanistan War or The so-called ‘War on Terror’ began in response to the 9/11 terrorist attacks on American soil and ended in what would otherwise be described as a failure, with the Taliban taking over control of the country after 20 years of conflict Given that the Gulf Wars took place 30 years ago and the West can be said to have lost the war on terrorism, cyberattacks have never played an extremely important role in the conduct of modern warfare.
They do now.
War and Cyberwar
The invasion of Ukraine quickly established cyber warfare as an essential component of global conflict, both in terms of propaganda battles and the actual conduct of military operations. If you can cripple your enemy’s systems with a cyberattack, you can arguably do more damage than with a mortar – with the added bonus that you don’t physically take innocent human lives in the process.
This means that the whole nature of warfare has been intensified by the difficulties made possible by cyberattacks. From Distributed Denial of Service (DDoS) attacks and website defacements to destructive attacks on critical infrastructure, the war escalated during the Russian invasion of Ukraine.
In fact, just three days after the conflict began in late February, Check Point noted a 196% increase in cyberattacks against the Ukrainian government and military sector, while the Russian equivalent sector decreased by 8%. The difference is that Russia has various measures in place to limit access to its resources from outside its borders, which makes it more difficult to carry out certain attacks.
Corporate networks in Ukraine, on the other hand, suffered more than 1,500 cyberattacks per week on average, 25% more than before the start of the conflict.
Russia’s cyberattack campaign has included state-sponsored APT groups carrying out sophisticated operations ranging from critical infrastructure attacks to espionage missions. For the first time, there was also observable coordination between cyberattacks and military assaults, such as March 1stwhen a Russian missile assault on Kyiv’s television tower coincided with a cyberattack designed to knock out the city’s broadcasting capabilities.
Specialization in Cyberattacks
Finance has been the most frequently and effectively targeted sector in Russia and Ukraine since the start of the invasion, with communications (Russia) and military and government (Ukraine) also a troubling second.
Drastically increasing the number, frequency and effectiveness of cyberattacks like this required recruiting and deploying a whole new army of “hacktivists”, as well as, in the case of Ukraine, a new generation of cyber defenders. extremely motivated. He also tapped into pre-existing big players in the cyberattack plane, including Anonymous, which declared war on Russia itself, and ransomware group Conti, which pledged to protect Kremlin interests. .
These cyber battle lines only look impressive against the backdrop of an ongoing invasion and defense at all costs. When the Russian invasion ends, the cybersecurity space is likely to be much worse off. An army of pro-Ukrainian hacktivists and the active cybercriminals currently fighting Russia’s cyber battles will have honed their skills and somehow they will be unleashed on the cyber attack black market, ready to use these skills for the highest bidder.
The CPR says it has already seen the beginnings of what this could mean, with attacks launched against NATO partners, as well as other nations that have come to the aid of Ukraine, increasing both in frequency and intensity.
Keep the lights on
But big hits like nation states are occasional, partly ideological targets. What gets cybercriminals and hackers out of bed in the morning are monetized attacks that pay their bills and keep their lights on.
If you are a company with a large turnover, this means you.
The “real world” analogy would be the stuff of a die hard film. Specially trained espionage forces that in a peaceful world attack a large corporate building for money. Except these days, ransomware is far more effective than Alan Rickman, and it can hold companies back for huge amounts of money remotely, with far less chance of hijackers getting caught.
The Russian invasion of Ukraine and Ukraine’s struggle to retain its independence will – no doubt – increase the threat level of cyberattacks against both governments. and commercial organizations globally. Given that we’ve seen the number of cyberattacks increase astronomically over the past year, businesses need to be prepared for an inflationary effect as the invasion winds down and hacktivists have to make a living.
Are you ready?
This means businesses around the world need to start thinking in terms of a prevention-focused cybersecurity strategy. This will involve evolving and emerging technologies and consolidated platforms. This will require real-time cross-platform global threat intelligence and the ability to guard against both zero-day vulnerabilities and fifth-generation attacks.
Most companies are not yet ready to deploy this level of technology to weather an impending storm of post-invasion cyberattacks.
The question is: is it yours?