27 September 2023

No holds barred in a heightened cyber war

Start the conversation

Shmuel Gihon* offers insights into how organisations can protect themselves against the threat of an increased level of cyber-attacks from Russia.

While the United States continues to send billions of dollars in military aid to support Ukraine in its fight against Russia, an unseen parallel conflict has been taking place in cyber-space.

At the start of the conflict, the Administration of President Joe Biden earmarked $US10 billion ($A13.5 billion) in emergency funding from Congress in aid, including support of Ukraine’s cyber defences.

Another $US28 million ($A37.7 million) was allocated to bolster the Federal Bureau of Investigation’s response to Russian cyber threats stemming from the war in Ukraine.

Even criminal cyber groups are joining in the escalating cyber conflict.

The romantically-named Belarusian Cyber Partisans, for example, was previously known as the Belarusian Railway Ransomware gang.

Early in the conflict, the Cyber Partisans used a back-door vulnerability they had identified while conducting a previous ransomware scam to take down the systems running the Belarusian national rail system.

This forced Belarus to manage its national rail system manually, crucially delaying the delivery of much-needed arms, supplies and food rations to Russian forces fighting in Ukraine.

Not all cyber groups are pro-Ukraine.

The Conti group, the most active of the international ransomware gangs, has already threatened the US with “retaliatory measures” for its support of Ukraine.

However, close to the start of the conflict, a Ukrainian cyber researcher managed to hack extremely sensitive data from Conti, thereby allowing the authorities to identify the gang’s ringleaders.

Unfortunately, Conti has since regrouped.

As in the conflict taking place on the ground, hundreds of thousands of ordinary citizens have joined the fight.

Deputy Chief of Ukraine’s State Service of Special Communication and Information Protection, Viktor Zhora estimates that Ukraine’s volunteer IT ‘international brigade’ now includes up to 400,000 specialists from Ukraine and beyond.

Members are largely recruited via Telegram with potential recruits given a free VPN line, via a co-operation with ClearVPN, to ensure their anonymity.

Cohorts of these cyber recruits are now executing distributed denial of service attacks on Russian targets, such as those recently conducted by the pro-Ukrainian Georgian group, BlackHawk.

Conversely, the pro-Russian hacking group, The Red Bandits, have been systematically leaking all the sensitive Ukrainian intelligence they can lay their hands on.

Telegram has become a battlefield as well as a recruiting ground in the cyber conflict.

Pro-Russian hacking groups have begun to orchestrate phishing campaigns that focus on important people in sectors such as healthcare, finance, utilities, and aviation.

Today’s professional phishing scams can take weeks or even months to execute and we have yet to see their eventual impact.

It’s still early in the global cyber conflict now beginning to take place, with both sides testing one another’s defences before a full attack.

The consequences of such an attack could include widespread power outages in major cities, hacked banks having to bar their doors to customers, and airports across the country grinding to standstill.

As yet, there have mercifully been no real full-scale attacks impacting people’s ordinary lives.

One reason why Russian President, Vladimir Putin may so far have held back from using his country’s full cyber capability for a full-scale attack on the US has been a fear of what might result..

This is mainly about when a cyber-attack becomes serious enough to trigger the NATO Alliance’s Article 5, which says that an attack against one NATO nation constitutes an attack against all.

However, given the Russian leader’s increasingly reckless policy of aggression, such attacks are considered likely in the future.

In an ironic parallel to the very real fight going on in cities such as Kyiv, that American organisations must now shore up their cyber defences against pro-Russian hackers.

As many of the world’s most infamous hacker groups work out of Russia with the blessing of the State, it’s often hard to distinguish criminal gangs from politically-motivated State-sponsored hacker groups.

The groups frequently pose as criminals to give Putin a spurious deniability.

To defend themselves from such threat actors, organisations must make their staff fully aware of the constant danger of a fully-fledged cyber-attack.

They must stress the importance of not opening attachments in unsolicited emails, and also treating any social networks to which they personally belong with extreme caution, as they are often infiltrated by Russian hackers.

Organisations in vulnerable sectors should invest in proactive intelligence gathering.

Ideally, this involves taking the fight to Russia’s cyber gangs by infiltrating the secret forums and chat rooms in the dark web and on Telegram, where they are now planning and orchestrating potentially devastating cyber-attacks.

*Shmuel Gihon is a threat intelligence researcher, working for the Israeli software company, Cyberint.

This article first appeared on the SC Media website.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.