With a world polarized by the illogical war, cyberspace is where anyone with a computer can launch attacks on anything.
On 15 February, the website of the Ukraine’s ministry of defence; their army, and the interfaces of two major banks were attacked.
According to Minister of Digital Transformation Mykhailo Fedorov, the attacks were aimed at destabilizing, sowing panic and creating chaos in the country.
However, it can safely be said that the attacks in cyberspace were not a surprise because the war on this front has, actually, never paused. For years, Russia has been using its cyber weapons on Ukraine, among attacks by other nations and threat actors targeting major sectors such as ports, supply chain, healthcare, finance, and other industries for espionage and intelligence agendas.
For instance, in January this year, major European ports were attacked, while India’s Jawaharlal Nehru Port Trust (JNPT) was hit with a ransomware attack resulting in full system outage at one container terminal. Even when the Wiper malware—a new and sophisticated strain of a data-wiper—was targeted at Ukraine, it had also impacted contractors in Latvia and Lithuania.
This could be just the beginning, sending chills down the governments of other countries with fears that the situation could spill over into their boundaries. Nations such as the US, France, Britain and Germany are at higher risk side of cyberattacks. The USA and Britain are already sounding an alarm to suspicious activity from Russia on their networks, while Estonia’s Prime Minister has reminded the European nations of the cyber threat escalations.
Preparing for the impact
The attacks could escalate beyond simply hacking a government computer to taking control of agriculture drones, energy supplies, important ports, air traffics, healthcare institutions and all sorts of digital disruptions.
So, what does it mean for the cybersecurity heads of governments and industry? With a world polarized by the illogical war, cyberspace is where anyone with a computer can launch attacks on anything: including an unsecured IoT device or a cyber-complacent tiny firm in the supply chain of an industrial control system.
Looking at the history of cyberattacks, all CISOs and cyber defenders can expect more APT group activities comprising malware, ransomware, DDoS attacks, network attacks, privilege escalation exploits, data/network anomalies, and exploits of zero-day vulnerabilities and unpatched code flaws. Some or all of these weapons can even come as a combination.
To brace for the worst, the following best practices remain:
- Patching up all software and hardware vulnerabilities
- Following the methodology of security, recovery and assurance to establish comprehensive security 24x7x365, with no room for exceptions
- Testing and validating backups, recovery plans and continuity plans
- Training and reminding all personnel on cyber awareness even in their personal cyber personas
- Ensure scenario planning on every component of every system
- Ensuring rapid incidence response to threat intelligence, intrusion detection, threat containment, disclosure, communications and recovery
- Mandating similar cybersecurity standards from the entire supply chain
As supply chain attacks have shown, every organization must act with extreme urgency to secure its IT infrastructures 24/7/365, regardless of how small its size: cyberattackers love plucking low-hanging fruitto gain entry into their main targets.