Ukraine Cyberattack 2022: Geopolitical Cybersecurity
Europe is on a knife-edge. With over 130,000 Russian troops amassed on the Ukrainian border, the region is witnessing the biggest build-up of firepower since the cold war. Inevitably, there is also cyber-dimension to this conflict. Mounting attacks on Ukrainian websites and I.T. infrastructure are making policymakers in Washington and elsewhere nervous should tensions rise further. All of this comes amidst unprecedented US-Russian cooperation to crack down on organized cybercrime.
However, CISOs should be clear: the best course of action is not to wait for politicians to strike deals in a volatile world. It is to get on with the vital business of improving cyber-resilience, threat detection, and response.
Shields up
The Ukrainian government and civilian organizations are no strangers to large-scale cyber-attack campaigns. Back in 2017, the NotPetya ‘ransomware’ worm wreaked havoc on the country before spreading globally to do the same around the world. So far this year, there have been several waves of attacks, including:
- A significant web defacement effort targeting at least a dozen government websites
- A “WhisperGate” destructive malware campaign aimed at government, non-profit, and I.T. organizations, mimicking the NotPetya attacks
- DDoS attacks which took the Ukrainian defense ministry and two state-owned banks offline for several hours
- Disinformation and “hybrid warfare” tactics include using a bot farm to host 18,000 fake mobile accounts. These were used to send fake bomb threats and spread online disinformation about mines being laid in public spaces
These tensions could easily escalate and spread to other nations, with providers of critical infrastructure and other private sector organizations in the crosshairs. Lithuania and Poland have already raised threat levels. And the U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week issued a “shields up” warning to organizations:
“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.”
Ironically, this comes at a time when the Kremlin is engaged in an unprecedented crackdown on cyber-criminals operating from within its borders. That has seen alleged arrests of REvil ransomware affiliate members, the ringleader of the infamous InFraud cybercrime group, and the disruption of a third unnamed cybercrime operation. The REvil arrests are said to have been coordinated with help from the U.S.
Time to build platform protection
All of which paints a puzzling picture for CISOs. While we should all be pleased about any Russian moves to police cybercrime more effectively, it may be nothing more than geopolitical showmanship. The bigger picture is that today’s enterprises must operate in a risk environment that is in constant flux. Nation-state activity is no longer the business only of the largest and most prominent organizations. Any enterprise could suffer collateral damage if tensions continue to rise.
That makes it increasingly necessary to follow best practices in critical areas such as patch management, network monitoring, identity access and control, user training, and supply chain security. And it means teaming up with trusted partners like Trend Micro that offer platform-based security—delivering endpoint, network, cloud, and server protection, combined with extended detection and response (XDR). That’s how to harden systems against possible attacks and respond rapidly to suspicious activity before attackers can cause any lasting damage.
This new normal requires powerful, streamlined security, which optimizes protection whilst lowering security overheads.