Russia’s recent invasion of Ukraine is far from the first time Russia has exhibited hostilities toward Ukraine. Beyond the annexation of Crimea in 2014, Russia has been practicing and perfecting its cyber arsenal using Ukraine as a training ground for years. From physical infrastructure system attacks (like on Ukraine’s power grid), to devastatingly simple rogue worms that escape Ukraine’s borders (like the most expensive cyber attack in human history, NotPetya), Russia has a history of messing with Ukraine’s digital infrastructure. These are sophisticated and devastating cyber weapons. And they could end up in your inbox without you doing anything wrong.
What’s happening to Ukraine’s cyber defenses
Beginning on January 13, 2022, Microsoft Threat Intelligence Center (MSTIC) identified a new destructive malware operation (dubbed WhisperGate) which was targeting multiple Ukrainian organizations. This malware operates in two stages. Stage 1 will overwrite the Master Boot Record (MBR) of a hard drive with a ransom note that includes a Bitcoin address and a Tox ID (Tox is an encrypted messaging protocol). When the system reboots, the host computer displays the ransom note. Stage 2 locates common file types likely to contain user data and overwrites them. And, since WhisperGate overwrites rather than actually encrypting data, the data is not recoverable even if the ransom is paid.
On January 14, 2022, threat actors attempted to deface nearly 70 Ukrainian government websites, including sites for the Ukrainian Ministry of Foreign Affairs, the Ministry of Defense, the State Emergency Service, and others. And then on February 15, 2022, a large-scale DDoS attack targeted Ukraine’s armed forces, defense ministry, public radio, and the 2 largest banks for several hours. The attack managed to bring several vital services offline and left many Ukrainians unable to access their bank accounts, use mobile apps, or issue online payments.
How these cyber weapons could affect you
There has not y et been widespread evidence of Russia targeting companies or infrastructure outside Ukraine with active cyber weapons (at least, not yet). But that doesn’t mean these threats intended for Ukraine won’t wind up on your and your company’s doorstep.
That’s exactly what happened with NotPetya back in June of 2017. A worm designed to cripple much of Ukraine’s digital infrastructure escaped beyond the borders of Ukraine to wreak havoc on some of the largest companies on Earth. Maersk, Fed Ex, Merck and other companies lost upwards of $10 billion collectively to the worm. That’s the problem with an ever-connected digital world — everything touches everything else. And, when something get out of control, there really isn’t anything insulating you from it.
To that end, we’re advising all our clients to be on heightened alert when it comes to the social engineering vulnerabilities hackers exploit (phishing emails made to look like they’re from your boss, for instance). We also have an exhaustive list of vulnerabilities Russian-linked hacking groups (and their uncontrolled digital offspring) tend to use to gain entry into foreign systems that we’re leading each of our clients though to ensure their digital safety as much as is possible.
The bottom line is that the threat landscape changes quite literally every day. Cyber weapons aimed at Ukraine escape and devastate systems in countries with no link to a given conflict. That’s where we come in.
We’re experts in managing clients’ technology stack and cyber security. Your job is to run your business; our job is to make sure there’s nothing slowing you down from doing that. The greatest ability is availability, and if you’re losing working time for you and your team because your IT systems are down or you’re crippled by a cyber attack… your business starts hemorrhaging money. We’re here to ensure that doesn’t happen.
Drop us a line today, and let us show you how we can protect you and your company from cyber weapon collateral damage.