Recheck the effectiveness of your cybersecurity protection as soon as possible and make sure you have reliable and “bulletproof” backups.
“Right now, the world has a front-row seat to what could possibly be the first full-scale cyber war in the making,” Keith Alexander, former Director of the US National Security Agency, wrote for the Financial Times on 15 February. And it happened indeed – just five days later. With Putin’s invasion of Ukraine, cyber warfare began.
What is cyber warfare anyway? It is a digital attack on another country to disable its infrastructure. As a result, water, electricity, and gas supplies can be disrupted, financial markets are crippled, transport, communications and other services suffer. This is exactly what the attack in Ukraine has already indicated.
In the first days of the military attacks, several Ukrainian banks and websites of state institutions were taken offline due to a denial of service (DDoS) cyber attack. A DDoS attack is a traffic jam that makes the attacked services unavailable for normal use.
At the of the first DDoS attack, the first destructive virus named Wiper was detected. The Wiper supposedly irreversibly destroys data on infected devices. Symantec detected it just hours before the first Russian tanks rolled into the Ukrainian territory. It seems as if this attack was intended not only to weaken the country’s leadership, but also to affect the citizens. The attack on the banking system has made it very difficult for individuals to withdraw cash, thereby preventing them from leaving the country or possessing money to buy the basic goods. And this is just the beginning.
We are probably all wondering how the sequence of events will develop. How will Putin react to the coming sanctions? Will he retaliate against the EU countries involved and how strong is he? If necessary, he will probably be covered by China, which is known for its extremely powerful cyber arsenal. Will Slovenian entrepreneurs also end up victims of this cockfighting?
We have to take into consideration that nowadays almost every digital device is already connected directly or indirectly to the internet, which poses many security challenges. There are several reasons for such a risky situation, but let us focus on the essential ones. The first one is that most computer code is poorly written which poses many security issues. This is mainly caused by short deadlines and low prices dictated by the market.
The second reason is that the more devices connected in a system the higher the chances of a security failure. A real-life scenario that seems as if only possible in a sci-fi movie is a breach into a casino IT system that was initiated by a breach into an aquarium connected to the internet.
Why are computers still so hard to protect despite all the technology? There are two powerful factors. One is the perennial problem of security patches, which a quarter of users never install. The second is the existence of “powerful forces” that have a vested interest in ensuring that the Internet is never completely secure. Government departments collect security flaws in computer systems like a squirrel collects hazelnuts and hides them from the public so that they can be used later, e.g. for espionage.
Do you remember the Pegasus software that was secretly installed on thousands of mobile phones around the world? The owner or operator of the Pegasus software was able to read SMS messages on the “hijacked” phones, collect usernames and passwords, monitor and record location information, access the microphone and camera, and collect information from installed applications. All of these was enabled by security flaws in the iOS and Android operating systems’ software code that were known only to a select few until recently.
Large countries such as China, Russia, the US and even North Korea have armies of trained hackers who carry out daily cyber warfare activities. The problem with digital attacks is that it is impossible to figure out who exactly stands behind them. Everything happens in the dark, usually only the victims are known, and only the consequences are visible. When the result of an attack is a blackout that lasts for days, citizens’ trust in the country’s governance can quickly drop. A widespread panic begins to build up, which is the perfect breeding ground for someone who is breaking in, who is approaching.
Cyber weapons are very dangerous. If you recall the notorious NotPetya cyber-attack in 2017, you will remember that a malicious code in the guise of a ransomware virus did a fair amount of damage to the Ukrainian economy and some parts of its critical infrastructure. The damage was enormous. Later it turned out it was a cyber weapon designed to cripple Ukraine’s infrastructure and economy.
As we have already realised in the past, cyber-attacks of this kind sooner or later spiral out of control and wreak havoc elsewhere. Once the malicious code is in the hands of cyber criminals, they quickly use it for their own profitable purposes. Companies around the world are targeted as collateral damage. In the case of the NotPetya attack, it is not only Ukraine that suffered multi-billion dollar damage, but also some organisations in other countries.
A similar concept was used in the case of Stuxnet. This computer worm was allegedly built in 2005 as a cyber weapon by Israeli and US hackers to disrupt Iran’s nuclear programme. It targeted industry-specific SCADA networks.
Digital weapons, like biological ones, are extremely difficult to control., Sooner or later they start spreading into the wild. Stuxnet, Petya and other cyber weapons can still be found on too many networks, also in Slovenia.
Who will keep us from becoming collateral damage in the growing cyber-conflict that the attackers are in fact only just beginning to warm up for? Now is the time to tell the plain truth. The more I look, the less I see the traditional defence that we usually rely on when it comes to conventional warfare. In the digital world, cyber weapons designed for specific operations can be in no time transformed into widely available cyber tools that are abused by attackers on the black market. For money. For a lot of money. Ransomware, theft of intellectual property, espionage, deception, denial of service, and the list goes on and on.
When we discuss the cases within our company, we sometimes can’t believe how easy it is to hack into some systems and how little it takes to disable services. You can’t imagine how many companies with highly vulnerable systems exist out there. However, the good news is that it often doesn’t take much to make improvements. All you have to do is to be just one step ahead of everyone else. Because if you are, there is a good chance that the “bad guy” will go elsewhere, where it will be easier, faster and cheaper to achieve his evil intentions. If you find yourself being chased by a tiger, you don’t have to be faster than the tiger. You just have to be faster than the slowest living being in the same situation.
Given the current situation, I would strongly recommend the following to all corporate decision-makers: re-examine the effectiveness of cyber security protection as soon as possible and ensure you have truly reliable, “bullet-proof” backups. Make patching your company’s Ten Commandments and immediately introduce regular training for employees so that they are able to identify the phishing attempts that will come with the next digital tsunami.
Originally published in IKT Informator on February 28, 2022