Russia's Cyber War Operations Begin

The US Department of Homeland Security (DHS) is warning that Russia may pursue a cyber attack against the US as tensions escalate over Moscow’s buildup of forces near the border with Ukraine. In Britain, organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.

The National Cyber Security Centre (NCSC) has issued urgent guidance, saying it is vital companies stay ahead of a potential threat. 

These events follow a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies, however it is thought Russian organisations are involved. Russia could launch such an attack if it believes Washington’s response to its potential invasion of Ukraine threatens its long-term national security, according to the DHS bulletin released January 23 to law enforcement partners. The bulletin said Russia “almost certainly considers cyber attacks an acceptable option to respond to adversaries” because it lacks the ability to respond with the economic and diplomatic options often preferred by other countries.

In the UK in recent weeks, critical national infrastructure - which includes energy supply, water supply, transportation, health and telecommunications - have been warned by the NCSC about specific vulnerabilities known to be exploited by Russian hackers.

Based on experience in Ukraine, energy and transport are most likely to be targeted if anything were to happen. "While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient," Paul Chichester, the NCSC director of operations said in a statement accompanying the latest guidance issued on Friday 28th January.

Hackers, who recently unleashed destructive cyber attacks against Ukrainian government networks, have been lying in wait for months, according to new findings. The malware used to strike Ukrainian government websites has similarities to the NotPetya wiper, but has more capabilities "designed to inflict additional damage," researchers say. Ukraine has already suffered two known cyber attacks in response to the geopolitical situation with Russia. 

Called WhisperGate, the malware is a wiper that was used in cyber attacks against website domains owned by the country's government. 

The attacks led to the defacement of around 70 websites and a further 10 subject to "unauthorised interference," according to the Security Service of Ukraine, State Special Service and Cyber Police. The wave of attacks was made public on January 14th.

Websites impacted included the Ukrainian Foreign Ministry, the Ministry of Education and Science, and various state services. 

  • The first round was a series of nuisance web page defacements that targeted more than 70 Ukrainian government websites. 
  • The second round of attacks executed WhisperGate, a destructive wiper malware disguised as ransomware, that impacted dozens of Ukrainian entities associated with government, non-profit, and technology companies.  

Despite having the appearance of a ransomware attack it did not have a ransom recovery method, a critical part of any ransomware operation. This leads to the conclusion that the primary intention appears to be to render systems inoperable, not collecting financial compensation.

While many observers first thought that Russia to be behind the cyber attack, Ukrainian authorities attributed the attack to a group linked to Belarussian intelligence, using Russian-linked malware.

Though Moscow has denied any association with the attacks, there is some evidence suggesting a malware link. In 2017, Russian military intelligence executed the NotPetya malware attack that initially targeted Ukrainian targets before escaping into the wild. 

Financial institutions, energy companies, government ministries, the Kyiv international airport, metro systems, and other state-owned enterprises were affected in Ukraine.

In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours. It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.

Following the cyber attack, the European Union said it was mobilising "all its resources" to assist Ukraine, NATO has pledged its support, and US President Biden has warned Russia of a cyber 'response' if Ukraine continues to be targeted. 

This tactic, using destructive malware, is a classic Russian move that Moscow has used countless times before as tensions with Ukraine and other countries have sparked.

Russian hackers were behind the sweeping destructive attacks of 2017 known as NotPetya, which caused billions of dollars in damages around the world. Cyber attacks rained down on Georgia in 2008, too, when Russia started a shooting war to go after some territory in the country.

According to preliminary results from a joint investigation from Ukraine’s cyber security agency, the State Service for Special Communication and Information Protection, Russia is behind these cyber attacks. 

Russia denies any involvement in the cyber attacks, and disclaims any intention to invade Ukraine. Kremlin spokesman Dmitry Peskov, said, in a CNN interview. “We have nothing to do with it. Russia has nothing to do with these cyber-attacks. Ukrainians are blaming everything on Russia, even their bad weather in their country,”

NCSC:     Palo Alto Networks / Unit 42:     BBC:   Oodaloop:     ZDNet:     Daily Beast:     Techtarget:     

Cyber Wire:      GovInfoSecurity:      I-HLS:      BBC:

You Might Also Read: 

NATO & Ukraine Agree Deeper Cyber Co-operation:

 

« Top Tips For SMEs To Dodge Hackers
Canadian Government Ministry Under Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

Energy Sec

Energy Sec

EnergySec is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures.

Stratogent

Stratogent

Stratogent does IT and Cybersecurity operations. We specialize in high-touch and high-change IT environments, especially in the biotech and pharma industry verticals.

HPE Aruba Networking

HPE Aruba Networking

HPE Aruba Networking, a Hewlett Packard Enterprise company, is a leading provider of next-generation network access solutions for the mobile enterprise.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

archTIS

archTIS

archTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

MAUSHIELD

MAUSHIELD

MAUSHIELD is the national platform for sharing cyber threat information and intelligence that can help organisations to improve their cybersecurity posture, minimize risks and prevent cyber-attacks.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.

Sonar

Sonar

AI generated or written by humans, Sonar’s Clean Code Solutions cover your code quality needs, improving code reliability, maintainability, and security.