Cyberwar- Week 1 of the Russian Invasion of Ukraine

So, after weeks of being on high alert to an increased threat from Russian state sponsored hacking groups, things have not really changed much here in the UK.

Our thinking behind this is that Russia are trying, somewhat, not to antagonise NATO in the same way NATO are trying to avoid World War 3 with Russia. Article 5 of the NATO Treaty was revised in 2018 to include Cyber Attacks as potential acts of war.

Ukrainian businesses and state-owned web assets have been targeted effectively by Russia and we have seen reports of limited collateral damage in the region, probably as a result of the transmission of Worms in a supply chain. The Wiper attacks that we first saw in January have now been modified and version 2 is overwriting he discs and partitions to hamper recovery.

To date we have seen one report of a state aligned attack in the UK, on a manufacturer of kettle components in the Isle of Man. The National Cyber Security Agency have however issued guidance for SME and even home users on making themselves more resilient in cyber defence.

Hacktivists in Internal Conflict

Interestingly, “Conti” a Russian centric hacking group, who were the most prolific and successful Crypto attackers last year, quickly came out backing the Russian Invasion, only shortly after to modify the statement. After an apparent internal feud, likely involving its Ukrainian sympathetic members, an entire chat history and their toolkit was dumped on the web. It is not apparent if Conti are currently operational, but it is likely to split now into numerous splinter groups. The proliferation of their tool kit is a concern in the medium term.

This incident has prompted a number of hacking groups to come out, distancing themselves from the Russian state. The likelihood is that there Is a realisation that they only profit from the payment of ransom. Ransoms are often paid by insurance companys and they will lean on Force Majeure if the encryption is seen as an action by the Russian state. They will not want to be breaching sanctions by making payments to Russia.

Meanwhile the large, western Hacktivist group, “Anonymous” decided to go vigilante on Russian state websites and the Ukrainian government posted a list of Russian media they would like hit by sympathetic Hackers. So the gloves are now off in the cyber fight. Again once these cyber tools are proliferated then they are unlikely to disappear at the end of this war.

Risks Remain High

So far nothing new. Why innovate when established attack vectors work so well? Passwords, Macro’s in documents and advert-ware are still the most common methods of delivery. Your firewalls and routers need to be patched right up to date, your staff aware of the risks and not frightened to say when they think something is wrong. Your data backups are essential and this must include a disconnected copy of your most recent back up.

IT Ambulance remains at your service to support your cyber security concerns.

Our thoughts remain with those affected by this conflict.