Russia's Cyber War Operations Begin

The US Department of Homeland Security (DHS) is warning that Russia may pursue a cyber attack against the US as tensions escalate over Moscow’s buildup of forces near the border with Ukraine. In Britain, organisations are being urged to bolster their defences amid fears cyber attacks linked to the conflict in Ukraine could move beyond its borders.

The National Cyber Security Centre (NCSC) has issued urgent guidance, saying it is vital companies stay ahead of a potential threat. 

These events follow a series of cyber attacks in Ukraine which are suspected to have involved Russia, which Moscow denies, however it is thought Russian organisations are involved. Russia could launch such an attack if it believes Washington’s response to its potential invasion of Ukraine threatens its long-term national security, according to the DHS bulletin released January 23 to law enforcement partners. The bulletin said Russia “almost certainly considers cyber attacks an acceptable option to respond to adversaries” because it lacks the ability to respond with the economic and diplomatic options often preferred by other countries.

In the UK in recent weeks, critical national infrastructure - which includes energy supply, water supply, transportation, health and telecommunications - have been warned by the NCSC about specific vulnerabilities known to be exploited by Russian hackers.

Based on experience in Ukraine, energy and transport are most likely to be targeted if anything were to happen. "While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient," Paul Chichester, the NCSC director of operations said in a statement accompanying the latest guidance issued on Friday 28th January.

Hackers, who recently unleashed destructive cyber attacks against Ukrainian government networks, have been lying in wait for months, according to new findings. The malware used to strike Ukrainian government websites has similarities to the NotPetya wiper, but has more capabilities "designed to inflict additional damage," researchers say. Ukraine has already suffered two known cyber attacks in response to the geopolitical situation with Russia. 

Called WhisperGate, the malware is a wiper that was used in cyber attacks against website domains owned by the country's government. 

The attacks led to the defacement of around 70 websites and a further 10 subject to "unauthorised interference," according to the Security Service of Ukraine, State Special Service and Cyber Police. The wave of attacks was made public on January 14th.

Websites impacted included the Ukrainian Foreign Ministry, the Ministry of Education and Science, and various state services. 

  • The first round was a series of nuisance web page defacements that targeted more than 70 Ukrainian government websites. 
  • The second round of attacks executed WhisperGate, a destructive wiper malware disguised as ransomware, that impacted dozens of Ukrainian entities associated with government, non-profit, and technology companies.  

Despite having the appearance of a ransomware attack it did not have a ransom recovery method, a critical part of any ransomware operation. This leads to the conclusion that the primary intention appears to be to render systems inoperable, not collecting financial compensation.

While many observers first thought that Russia to be behind the cyber attack, Ukrainian authorities attributed the attack to a group linked to Belarussian intelligence, using Russian-linked malware.

Though Moscow has denied any association with the attacks, there is some evidence suggesting a malware link. In 2017, Russian military intelligence executed the NotPetya malware attack that initially targeted Ukrainian targets before escaping into the wild. 

Financial institutions, energy companies, government ministries, the Kyiv international airport, metro systems, and other state-owned enterprises were affected in Ukraine.

In December 2015, engineers in Ukrainian power stations saw cursors on their computer screens moving by themselves. They had been hacked. Hundreds of thousands of people lost power for hours. It was the first time a power station had been taken offline, a sign that cyber intrusions were moving beyond stealing information into disrupting the infrastructure on which everyday life depends. Russia was blamed.

Following the cyber attack, the European Union said it was mobilising "all its resources" to assist Ukraine, NATO has pledged its support, and US President Biden has warned Russia of a cyber 'response' if Ukraine continues to be targeted. 

This tactic, using destructive malware, is a classic Russian move that Moscow has used countless times before as tensions with Ukraine and other countries have sparked.

Russian hackers were behind the sweeping destructive attacks of 2017 known as NotPetya, which caused billions of dollars in damages around the world. Cyber attacks rained down on Georgia in 2008, too, when Russia started a shooting war to go after some territory in the country.

According to preliminary results from a joint investigation from Ukraine’s cyber security agency, the State Service for Special Communication and Information Protection, Russia is behind these cyber attacks. 

Russia denies any involvement in the cyber attacks, and disclaims any intention to invade Ukraine. Kremlin spokesman Dmitry Peskov, said, in a CNN interview. “We have nothing to do with it. Russia has nothing to do with these cyber-attacks. Ukrainians are blaming everything on Russia, even their bad weather in their country,”

NCSC:     Palo Alto Networks / Unit 42:     BBC:   Oodaloop:     ZDNet:     Daily Beast:     Techtarget:     

Cyber Wire:      GovInfoSecurity:      I-HLS:      BBC:

You Might Also Read: 

NATO & Ukraine Agree Deeper Cyber Co-operation:

 

« Top Tips For SMEs To Dodge Hackers
Canadian Government Ministry Under Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

National Cyber Security Authority (NCA) - Saudi Arabia

National Cyber Security Authority (NCA) - Saudi Arabia

The NCA is the government entity in charge of cybersecurity in Saudi Arabia and serves as the national authority on its affairs.

Safe Security

Safe Security

Safe Security (formerly Lucideus) provides Cyber risk assessment services and platforms to multiple Fortune 500 companies and governments across the globe.

Navixia

Navixia

As a leading Swiss IT security specialist, Navixia offers a global and pragmatic approach to information security.

Mindmajix Technologies

Mindmajix Technologies

Mindmajix is a live and interactive e-learning platform that offers professional online IT training in areas including cyber security.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

DNS Research Federation (DNSRF)

DNS Research Federation (DNSRF)

DNSRF's mission is to advance the understanding of the Domain Name System's impact on cybersecurity, policy and technical standards.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.

CHERI Alliance

CHERI Alliance

CHERI Alliance is an industry initiative spearheading the global adoption of the Capability Hardware Enhanced RISC Instructions (CHERI) security technology across the computing industry.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Utilize

Utilize

Utilize is an award-winning technology company with over 25 years of industry expertise, we support hundreds of businesses across London and the South East.

Taktika

Taktika

Taktika stands at the forefront of cybersecurity defense, offering cutting-edge integration and managed Security Operations Center (SOC) services.