The extent of the attack on Ukranian government agencies has been reported by ZDNet. This type of issue also demonstrates the importance of keeping systems up to date and necessity of continually obtaining important advice and trends from cybersecurity systems and experts.
Looking into the issue for Digital Journal is Casey Ellis Co-founder, Chairman and CTO of Bugcrowd.
Ellis looks at the likely sources behind the attack, and places this on the geopolitical scale: “Well funded, talented and motivated nation-states exist as a crowd of potential adversaries with diverse skill sets and a variety of motivations, goals, and incentives to get results. The “Mossad/Not-Mossad” threat model introduced by James Mickens suggests that while a sufficiently motivated and resourced malicious adversary will ultimately always achieve their goals, an army of allies — also known as security researchers or ethical hackers — stands ready to help raise the bar, increase the cost of an attack and route the adversary into places where they can be more easily detected.”
Dropping down a scale, Ellis takes the incident and explains why the attack should act as a warning for everyone: “This incident highlights that every organization — regardless of its size and popularity — are prone to cyberattacks. Oftentimes, the impacts of a cyberattack goes beyond the targeted organization, as seen in this instance with the Ukrainian System of Electronic Interaction of Executive Bodies (SEI EB) acting as an all-access pass to other Ukrainian government agencies. Cybercriminals were able to exploit vulnerabilities in the SEI EB and use the file sharing portal as a “watering hole” to distribute a malicious trojaned word document.”
There are other issues that made the attack easier, as well as Ellis picks out: “Even more concerning, the party responsible for the attack remains at large as Ukranian officials used a .ru domain in their published indicators of compromise (IOCs) — signaling attribution to whoever is paying attention.”
The lessons are particularly acute for government agencies, explains Ellis: “While many questions have been spurred regarding recent state-sponsored attacks, government agencies must acknowledge the scale and distributed nature of the threats they face in the cyber domain and recognize the need to accept the assistance of security researchers who are offering to help defend against a growing legion of adversaries.”
This is not to say that action is being ignore: “In fact, many governments and private organizations around the globe have already recognized the threats they face and are leaning into the benefits of vulnerability disclosure programs (VDPs) and bug bounty programs to leverage the talents of cybersecurity researchers, who work to counter and outsmart adversaries and more importantly — help create confidence in their constituents’ security ecosystem. Vulnerabilities are actively being discovered within nation-states’ programs whether there is an invitation or not, making the decision to adopt VDP and bug bounty programs a no-brainer.”
