Computer security experts should pay close attention to what is happening in Ukraine

If the past few years are any indication, cybercriminals will continue to adopt new tactics and techniques to find ways to circumvent our network defenses, and this was on full display at the RSA conference earlier this month. where cybersecurity experts shared what they see in the wild. The annual cybersecurity conference came at a pivotal time in the cybersecurity space, as tensions between nation states and a kinetic war between Russia and Ukraine were preceded by large-scale cyberattacks .

The ongoing conflict between Russia and Ukraine is the first large-scale example of a nation-state prelude to a military invasion with devastating cyberattacks on its enemy, with Ukraine being hit with malware and wipers. destructive ice before being invaded by its larger neighbor, says John Fokker, principal engineer and head of cyber investigations for conference sponsor Trellix Threat Labs.

In addition to the continued prevalence of ransomware and software supply chain compromises, the sophisticated attacks that have become part of nation-state warfare strategies are most alarming to Fokker, who spoke to Technical decisions for an interview after the show.

Fokker says network defenders elsewhere should prepare for similar types of attacks as the cyber stage becomes another battlefront of modern warfare and ransomware groups and nation states begin to learn from each other others. Russia has long been known to be a haven for ransomware groups as long as they target Russia’s adversaries, and the Conti ransomware leaks revealed part of that working relationship.

“If you, as a foreign actor, want to deploy a more disruptive way to spread malware, you can actually learn from ransomware actors if you want to deploy a network wiper, because they’ve honed their skills by penetrating a network from A-to-Z in the shortest possible time over the past few years,” says Fokker.

Fokkers’ comments add to a roundtable that has been presented at RSA each year on the five most dangerous new attack techniques. Featuring cybersecurity experts, the session detailed how threat actors are using cloud infrastructure to carry out attacks, compromise backups, take advantage of spyware and worms, and how nation states are turning their attention to large-scale cyberattacks targeting satellites.

Panelists discussed the prevalence of cloud infrastructure and its growing use by threat actors to blend into victims’ infrastructure and evade detection, the need to back up systems securely, the persistent threat from worms, mobile device security and the growing use of spyware like Pegasus and new cyberattacks being carried out internationally.

Trellix researchers have seen the same thing happen in Eastern Europe, with cyberattacks ranging from proven methods like phishing and exploiting vulnerabilities to backdoors and destructive malware.

The company released a report earlier this month detailing some of those attacks, including phishing campaigns that impersonated the country’s Department of Defense and cybersecurity agency. However, it was the windshield wipers deployed by Russian nation-state groups that attracted considerable attention earlier this year.

According to the report from Trellix Threat Labs, the company observed a threat actor’s attempt to deploy a wiper on a victim’s network, but the wiper, dubbed WhisperGate, failed to get through. execute. However, it only took the group two and a half hours to deploy another wiper, this time HermeticWiper.

Fokker urges organizations, cybersecurity experts and IT professionals, especially those working for organizations that could be targets of state actors, to pay close attention to what is happening on the international stage.

“Make no mistake about it, if you have an (Advanced Persistent Threat Actor) as a potential threat to your organization, you need to be very alert to what’s going on right now,” Fokker says. “From a threat intelligence perspective, I think we’re at a pivotal moment.”

According to the threat intelligence expert, the Russian-Ukrainian conflict is the first time in history where a superpower launches cyberattacks and pursues them with a kinetic invasion.

“History is being written as we speak,” Fokker says.

Comments are closed.