The translation of ‘cyberattack’ into Russian is ‘kiberataka’. Whether this is a word used by state-backed operatives is uncertain. What is apparent, however, is the action by Russian hackers in attempting to paralyse the U.S. and U.K. as part of retaliatory efforts of these western state supporting Ukraine and for implementing economic sanctions against the Russian state and the diaspora of oligarchs.
Of particular concern, based on intelligence from the National Cyber Security Centre in the UK and U.S. agencies like the National Security Agency., is the threat posed by a Russian state-backed hacker group known as Sandworm. This collective has developed a new type of malware called Cyclops Blink
In addition, Dave Klein, Director and Cyber Evangelist from Cymulate, tells Digital Journal that he expects the current wave of Russian cyberattacks on the Ukraine to spread to the U.S. and U.K. very soon.
Klein opines: “Beyond Russia’s denial-of-service attacks and spreading misinformation, by far the most damaging are the data wiping attacks.”
As to what data wiping actions comprise of, Klein says: “Like ransomware, these attacks encrypt the victims’ machines however there is no decryption key. The goal is permanent damage and this is exactly like NotPetya. We have seen new variants appear hitting various targets in Ukraine over the last few days.”
There is a track record of these tactics being deployed, says Klein. “Russia has used these tools against other countries in the past such as during the opening ceremony of the Olympics in Seoul. While they wiped out every machine, the Koreans had planned well, practiced incident response plans and were able to continue the ceremonies and restore the entire network by the start of the first games the following morning.”
Hence, U.K. and U.S. governments should be prepared to address these threats. Klein notes: “There is a real possibility that attacks on critical infrastructure, private and public entities in the West could occur in response to sanctions against Russia, and warnings have already been issued.”
In terms of appropriate defensive activity, Klein advises “that enterprises be vigilant. Suggestions include assessing and understanding the risk for your enterprise. Establishing incident response (IR) plans, practicing them, and using offensive cybersecurity testing to assess how well your people, processes and controls do, find the gaps, and mitigate them.”
Even putting this together does not constitute wasted activity. Klein concludes by saying: “A positive side effect? By doing this you also shore up your enterprises and reduce risk from ransomware attacks which work in similar fashion.”
To counteract the threats, some western based hacker groups have pledged to do what they can to destabilise the Russian technological infrastructure.
