Ukraine conflict puts organizations’ cyber-resilience to the test
Russia’s invasion of Ukraine has provoked a massive rally of hackers to join both sides of the conflict and take up arms in the cyber-war. As has been the case in cyberattacks of recent years, the consequences of this will affect organizations way beyond the initial intended target. For example, in June 2017 French company Saint-Gobain was forced to halt its operations as a result of the NotPetya attack, a Russian cyberattack targeting Ukraine that resulted in over €80 million of losses in company revenue.
As a result of a sharp increase of cyber-attacks since the beginning of the conflict, from DDoS, new data wipers, phishing campaigns and malware, organizations worldwide should take immediate action to improve their cyber-resilience and limit the damages that any spillover could have on their business.
The influx of inexperienced cybercriminals creates a new sense of vulnerability for both businesses and citizens. With IT and OT/ICS highly connected to critical infrastructure, the impacts of a cyberwar will be wide reaching and potentially devastating.
In the last 18 months, we have seen water plants and oil pipeline systems breached, luckily without mass poisoning or infrastructure explosions. But where nation-state hackers may show restraint, "freelancing hackers" may not. With heightened cyber-risks, there is an urgent need for organizations to become cyber-resilient. And this needs to start with recognizing why cybersecurity has not worked in the past.
Common cybersecurity weakness
The primary reason why it is so easy for criminals to take command and control over a network is because there are inherent weaknesses in the traditional approach to network security.
In a physical environment, organizations distribute keys to the employees, not the other way around. But in their digital environment, organizations let employees create their own keys, blindly transferring power of control to their employees. Employees can share, lose, reuse their passwords without organizations knowing if and when that happens.
Nine times out of ten, criminals don’t need to hack in, instead they log in, using tactics like phishing, social engineering, credentials stuffing, password spraying. In fact, password phishing was responsible for 83 per cent of all cyberattacks in 2021. And having employees regularly changing their passwords from DomSmith123! to Dom$mith1234 or any other variation after a cyberattack will not stop a malicious actor from logging in again.
Organizations are not only losing the battle for command and control. They have also made it easy for criminals to maximize the impact of any breach by centralizing access behind a single door. After escalating privileges to a local or domain admin, criminals can take control of the whole network. Once inside a network, they can 'stay and spy', install data wipers, lock files, halt operations, and launch a ransomware attack.
Current cybersecurity strategies that only prioritize network perimeter security with investments focused on detection, response, patching and crisis management, have also been ineffective by design. In the same way that you can’t spot a new COVID variant before it is circulating, it is mechanically impossible to fix vulnerabilities before they are discovered, meaning it is impossible to prevent cyberattacks or zero-days.
Ransomware attacks also work to prolong the conflict through funding further cybercrime. According to a report by Chainanalysis, nearly three-quarters of traceable ransomware revenue in 2021 (around $400 million worth of cryptocurrency) was laundered through Russia. After removing selected Russian banks from the SWIFT system and freezing their central bank assets, cryptocurrency gained through ransomware could offset the financial sanctions and help sustain Russia’s army for longer.
Protect network access and ensure cyber-resilience
Organizations urgently need to regain command and control over their networks and enhance their cyber-resilience. This requires an overhaul of the approach to security.
The fundamental change required is to apply physical access security rules to their network. Firstly, don’t let employees make and share their own passwords. Secondly, don’t aggregate all systems behind a single door with one key that can open everything, instead segment system access. That way, if one password is stolen while others remain out of reach, a breach is contained by default. And finally, ensure all passwords stay encrypted from end-to-end, during creation, distribution, storage and use, so that no one can see, share, or phish them. Using a zero-trust, credentials-based system means that only a legitimate user can access their credentials through multiple levels of security.
It is not too late to make digital infrastructure cyber-resilient with access segmentation and security. Organizations must now take responsibility for the security of their own networks, or risk getting caught in the cyber crossfire.
Image credit: Elnur_/depositphotos.com
Julia O'Toole, founder and CEO of MyCena Security Solutions, urges businesses to bolster their cybersecurity to avoid getting caught in the cyber crossfire of the Russia-Ukraine conflict.