Advisen FPN

Advisen Cyber FPN - Monday, February 28, 2022

   
Experts fear global impact from Russia's cyberattacks on Ukraine

Advisen

Experts fear global impact from Russia's cyberattacks on Ukraine

By Erin Ayers, Advisen

Russia launched a full-scale military assault on Ukraine in the early morning hours of Feb. 24, accompanied by a series of targeted cyberattacks that experts and officials say could ultimately have a much broader impact.

In the weeks leading up to the invasion, Ukrainian government entities, financial institutions and other key organizations faced website defacements, distributed-denial-of-service attacks, and destructive malware. Cybersecurity experts around the globe have kept tabs on the cyber events, warning clients and organizations to secure their systems without delay.

On Feb. 23, Researchers at Symantec and ESET first Tweeted the discovery of a new wiper malware dubbed “HermeticWiper” used against Ukraine. Symantec researchers observed use of the malware against an organization in Lithuania as early as Nov. 12, 2021, and said, “With an invasion now underway, there remains a high likelihood of further cyberattacks against Ukraine and other countries in the region.”

Offering a technical breakdown of the malware, cybersecurity firm SentinelOne commented, “After a week of defacements and increasing DDoS attacks, the proliferation of sabotage operations through wiper malware is an expected and regrettable escalation.”

In a Feb. 24 webcast, experts from Secureworks said they had long “expected any invasion would have a cyber component.”

The wiper attacks “make no pretense” of being ransomware events and clearly aim to destroy data with little hope of recovery, but could contain an element of espionage as well, according to Mike McLellan, director of intelligence at Secureworks. 

“Noisy things like wiper attacks and DDoS can act as a smokescreen for something more stealthy,” he said.

While the cyberattacks currently appear to be focused on Ukraine, the United States and its allies should be prepared for retaliatory attacks over severe economic sanctions announced by President Joseph Biden following the invasion.

Sen. Mark Warner (D-VA) said in an Axios interview Russian cyberattacks could trigger expanded conflict with NATO countries.

"If you unleash not one, but five, or 10, or 50, or 1,000 at Ukraine, the chances of that staying within the Ukrainian geographic border is quite small ... It could spread to America, could spread to the U.K., but the more likely effect will be spreading to adjacent geographic territory ... [such as] Poland,” said Sen. Warner.

On Twitter, he added, “This is not something to take lightly – cyberattacks don’t have borders.”

U.S. House Intelligence Chair Rep. Adam Schiff (D-CA) expressed similar concerns in a news briefing.

“We have seen in the past Russia deploy attacks at a particular target - those tools get into the wild and they cause global damage,” he said.

According to McLellan of Secureworks, attacks targeting the U.S. would require “a significant escalation” between the West and Russia. However, threat actors unrelated to the situation in Ukraine could take advantage of the unfolding conflict to infiltrate systems, he warned.

Jen Easterly, head of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said on Twitter, “While there are no specific threats to the U.S. at this time, all orgs must be prepared for cyberattacks, whether targeted or not,” citing the 2017 NotPetya attack that brought commerce to a halt and caused billions in damage for corporations around the world.

To help prepare organizations of all sizes, CISA launched “Shields Up,” a program with guidance for preventing, detecting, and minimizing the impact of cyber events.

Cybersecurity firms working closely with the insurance industry advised businesses to protect themselves by reviewing their business continuity plans and ensuring the fundamentals of cybersecurity are in place, including up-to-date patching programs, endpoint threat detection, antivirus programs, and multi-factor authentication.

Managing Editor Erin Ayers can be reached at erin.ayers@zywave.com

SecurityScorecard, Inc.
Advisen