Similar to the global impact of the chip shortage (read about it here and you can also read here), we are now seeing the global impact of a nation with malicious intentions, utilizing not only military force but also cyberattacks. It, unfortunately, is not a surprise that Russia’s military assault on Ukraine has involved this method, as Russian entities are attributed to previous large-scale hacks, such as the Colonial Pipeline attack in the spring of 2021. On day one (2/24/2022) of Russia’s illegitimate invasion, Ukraine’s websites for defense, foreign, and interior ministries were unreachable or slow to load…after an awful series of distributed denial of service (DDoS) attacks. Data-wiping malware infections were also deployed on hundreds of machines, impacting Ukrainian government contractors and financial institutions spanning three nations.
Only time will tell how many companies Russia has “backdoored in preparation for these attacks,” said Chester Wisniewski, a principal research scientist at Sophos. What we’ve seen thus far is most likely the tip of the iceberg. Thankfully, Ukraine is responding, with the majority of the world on its side. They’re recruiting an army of IT volunteers to operate in defensive and offensive units. These volunteers will help protect Ukraine’s infrastructure, as well as deploy cyberattacks and DDoS attacks on Russian business corporations, government entities, and financial institutions.
“The operations that will be conducted by the IT Army will increase the pressure on the Russian infrastructure [that is] already the target of a powerful operation launched by Anonymous,” said Pierluigi Paganini with Security Affairs. Together, they are going after a list of 30+ organizations, including Russia’s GPS network and telecom companies. Anonymous, the world’s most prestigious hacking group, declared cyberwar on Russia on February 25th and is already accredited for attacking
- the Russian Ministry of Defense website, servers, and database,
- companies that have chosen to maintain operations in Russia,
- the State Duma and Russian propaganda website RT News,
- the Russian Nuclear Institute, releasing 40,000+ documents,
- 400 public cameras in Russia, blasting “Putin is killing children. 352 Ukraine civilians dead,” on the camera monitors, and
- Russia’s Central Bank, stealing 35,000 documents,
On Monday the 28th, pro-Ukraine hackers broke into Russian TV stations and media sites, broadcasting the message, “This is not our war, let’s stop it!” and “Putin makes us lie and puts us in danger. We were isolated from the whole world, they stopped buying oil and gas. In a few years, we will live like North Korea.” Additionally, the Ukraine IT Army took the Moscow Stock Exchange offline, stating it only took five minutes. Then, on Tuesday, March 1st, the IT Army disabled the Belarus railway, attacking its network, which was transporting Russian soldiers.
Many companies and prominent figures are offering assistance to Ukraine as well. For example, Cloudflare’s DNS firewall is now protecting the domains in which the state authorities of Ukraine are located (gov.ua, as well as com.ua and kiev.ua). Yesterday (2/27/2022), Elon Musk also announced expanding Starlink internet service for Ukraine. This will potentially provide “the government with an alternative secure communications uplink as Ukraine’s military continues to resist invading Russian forces.” Acts of support for Ukraine, even within Russia, are being told online as well. Although Putin is trying to keep this reality from his citizens, they are finding out and revolting. Everything from Anonymous’ broadcasted messages and Twitter’s new Tor services is helping with that. As of March 7th, Cloudflare is joining forces with Crowdstrike and Ping Identity to create the Critical Infrastructure Defense Project, offering four free months of support for energy and water utilities of all sizes, as well as public and private hospitals of all sizes.
To add a further level of complexity, “evolving intelligence shows Russia amping up for cyber-war in response to Ukraine-related sanctions,” going after critical US infrastructure. If not direct hits, “cyberattacks against Ukraine could reach US systems,” said Theresa Payton, a former White House chief information officer. “Experts are concerned that malware operators will try to infect as many systems as possible…inside and outside of Ukraine, to make the attacks more powerful,” said Josh Breaker-Wolfe with IT Security Guru. Blowback could even come from nongovernmental Russian entities, as they operate “with an understanding that the Russian government will look the other way,” said Rep. Jim Langevin, a senior member of the House Armed Services Committee. This technologically advanced war is also occurring on a technological and financial battleground. Danny Lopez, the CEO at Glasswall, said, “If we see a de-escalation of the situation on the ground, we are likely to see an escalation of cyber warfare.”
Therefore, both governmental and private entities should prepare accordingly. Government personnel, as well as our vendors, are advising:
- Implement MFA
- Especially for applications and your RMM (remote monitoring and management)
- Encrypt your backups
- Test your backups restoration capability and quality
- Increase staff awareness
- Keep your software up-to-date
- Patch vulnerabilities regularly
- Scan for vulnerabilities across your network regularly
- Operate with a Least Privilege mindset
- Control access to and throughout your network
“Like planting a tree, the best time to secure your organization was ten years ago. The next best time is today. Organizations that have not addressed the key items…are at a significantly greater risk of compromise,” said Jason Rebholz, the CISO at Corvus Insurance.
We will continue to monitor this global issue as news develops. If you are interested in partnering with us or ramping up your security, contact us today. We are currently waiving our installation fee for the Partners Plus Security Package. Learn about it here.