Get A Quote
Written by Hitachi Systems Security on 2 March 2022

Cyberwars & what are the implications for cybersecurity

New warfare - Cyberwar

War has been present throughout human history. The face of conflict changes according to technology, ranging from bow and arrow to cannons, and even to biological weapons. What is new, however, is cyberwar.

Cyberattacks targeting government sites, utilities, or major financial institutions have been reported with increasing frequency. We looked at some of the recently reported attacks and came up with a series of recommendations for immediate and short terms actions that organizations could prioritize to reduce potential risk to their environments.

What to keep an eye on

 

Focus on intelligence related to your vertical and specific to your organization. Follow advisory from government entities dedicated to cybersecurity, and if you have access to threat intelligence, pay close attention to breaches that haven’t been reported yet. Malicious actors will capitalize on the chaos so beware of known tactics, such as DDoS attacks, phishing, vishing or whaling attacks.

Like in any critical situation, don’t give in to panic. Focus on elements that can be controlled, be vigilant and increase preventative measures. Now is not the time to roll out new solutions or test new protocols.

Known attacks to date:

 

  • DDoS attacks on critical entities, such as government and financial institutions.
  • Data wipers can often be traced to computers months before the active data breach takes place.
  • Daxin malware is a rootkit backdoor that allows attackers to communicate with secured devices.
  • WhisperGate is a destructive malware designed to look like ransomware but without the customary recovery mechanism.
  • Social engineering to promote misinformation to spread confusion.

What can we expect in the near future?

 

With some of the latest of economic sanctions, there is a significant disruption in the daily activities of the financial sector. Any financial disruption will eventually lead to long term difficulties to access funds, which often leaves tech experts out of a job, so they may be looking for alternate ways to secure funds, in this case - cybercrime.

  • Dormant malware could be re-instated. This is why it is of the utmost importance to carry out a compromise assessment and revisit old logs for any anomalies.
  • Physical attacks on communications infrastructure, such as data cables, cloud providers and data centers could result in immediate service disruption. Review your business continuity plans and incident response policy to be prepared for any contingency.
  • Automated attacks targeting your IT infrastructure could also be increasing. Bruteforce attacks could be expected as hacker groups are increasing activity and updating existing malware. Invest in DDoS security controls and signatureless detection technology that use AI and machine learning to detect unknown malware and malicious behavior.
  • Repeated lowkey attacks could be used to cover up a more subtle breach by creating diversion to plant slower and hidden malware that might not be immediately traced. Make compromise assessment and threat hunting a part of your routine and use User Behavior Analytics (UBA) technology to detect hidden threats.
  • Social engineering could be particularly damaging as hackers take advantage of confusion by impersonating high ranking personnel within organizations. The cost to develop a security awareness program for employees to raise your cybersecurity maturity level is minimal compared to the potential damage of a well coordinated attack.

 

What global cyber security experts fear more is a wide scale spillover of threats affecting the global environment. Data breaches do not follow borders, and network attacks could spread malware like wildfire across entire systems. So, what can organization do to mitigate risk?

  • Create a cybersecurity team that has authority and access across the entirety of the organization for complete visibility. Silos are not going to hold up against a potential threat.
  • Increase cybersecurity awareness trainings for employees at all levels tailored to their responsibilities and access levels.
  • Review old processes and create an elevated level process in case of a hypothetical breach and communicate the updated processes across the board from C-level to managers.
  • Address all possible scenarios as best as possible so if a breach occurs, everyone clearly understands what needs to be done and who are the responsible parties to address in case of an attack.
  • If you already work with a security vendor, initiate a conversation to gain better understanding of their methodology. If you do not work with a cybersecurity expert, find one to assist you in setting up a contingency plan and to mitigate threats.
  • Carry out a vulnerability assessment and a compromise assessment to gain complete understanding of your risk profile, including networks, devices, appliances and workstations. Prioritize addressing any weaknesses found and continue tracking potential vulnerabilities.
  • Schedule a threat intelligence report, such as digital footprinting or darknet monitoring to track mention of your brand for any chatter on hacker forums.
  • Review your network for access points, especially if there is communication with entities between your brand and any Ukrainian networks.

Clearly, these are challenging times for every organization, but with proper cyber hygiene and precise preventative measures, threats can be handled with minimal disruption.

 

 

Related Posts

phone-handsetcrossmenu