In parallel to the war on the ground in Ukraine, a Russian cyber war is targeting the country’s IT infrastructure and potentially the entire world.
During the writing of this blog, Russia’s invasion into Ukraine is still taking place on the ground, causing many casualties. Attacks on land, air, and sea have forced over 2 million Ukrainians to seek refuge out of the country. Russian forces intend to overthrow the Ukrainian government.
The physical war isn’t the only type of conflict that Russia is utilizing. Russia has also launched another powerful and destructive form of warfare: cyber attacks. On Putin’s command, government-operated cyber teams have unleashed computer viruses and other malware on Ukraine’s utilities and technical infrastructure in an attempt to cause chaos and harm.
A wiper is a computer virus that deletes all the data as soon as it enters a computer system or database. Unless a remote backup exists, losing information is hard to recover from. Imagine your Gmail account or Instagram feed being wiped clean. When wipers hit enterprises and government databases, the damage could be huge.
Russian wiping attacks have started even before the physical invasion. Russia focused on targeting government websites and banks in Ukraine. Cybersecurity Specialists named the first detected strain the “HermeticWiper” or “FoxBlade”.
HermeticWiper was found in hundreds of Ukrainian laptops on February 23rd, only hours before Russia’s invasion. This wiper not only deletes local data, but also damages the devices’ data recovery and reboot tools, so that mitigation is slower, if at all possible.
Experts recently uncovered another wiper, dubbed the “IsaacWiper”. IsaacWiper utilizes similar malware strategies as the HermeticWiper.
Governments using cyber warfare is not new, and in some cases it is used for better causes. For example, Israel allegedly hacked nuclear facilities to set back the progress of Iran in developing nuclear weapons. Iran has reported cyber attacks that caused power outages and destroyed infrastructure ever since 2007.
Malware Without Borders: Facing the Collateral Damage
Cyber attacks hardly stop at their intended computer target. They spread and are followed by collateral damage. Viruses and other malware are not aware where they operate and tend to spread across computer networks and the internet. One infected computer contaminates another, and with global connectivity, the other computer might be thousands of miles away.
Russia’s wipers disseminate through emails and instant messages. Hackers who program wipers do not direct them to cause harm in Ukraine alone. As wipers travel across the world through emails and instant messages, they might harm many other organizations and governments around the globe.
Russia is no stranger to this outcome, as the country has previously contributed to one of the world’s largest cyber attacks. NotPetya was Russian malware that wreaked havoc in 2017. Targeting Windows operating system, NotPetya could encrypt a hard drive’s file system and prevent the computer from working.
The target country most heavily afflicted was – not surprisingly – Ukraine, where the national bank and other institutions were compromised. However, the virus also instigated mass infection in France, Germany, Italy, Poland, and even the United States.
It is estimated that the NotPetya malware attack has caused damage of over US$10Bn. If precautions aren’t taken in time, HermeticWiper and IsaacWipter might cause a similar aftermath.
How Can We Avoid Others’ Cyber Wars
As scary as cyber warfare is, preventive cybersecurity measures can be taken to decrease the chances of impact.
Enterprises and institutions should always strengthen their cyber defense mechanisms. The IT infrastructure needs to be protected by firewalls and security systems. Operating systems and software should be constantly updated with new versions that patch vulnerabilities and increase cyber security. Having skilled teams of Cybersecurity Engineers and SOC Analysts, and DevOps Engineers is vital in ensuring cyber protection and immediate response to data breaches and cyber attacks.
In addition, companies should always have up to date data backups to make sure that even if data is lost, a recent iteration can be recovered to minimize the damage.
Cybersecurity is also important for everyday people. All of us need to be computer savvy and understand the risks to our computers, smartphones, and IoT devices. At the very least, make sure that your computers are secured by strong passwords, protected by antivirus and firewalls, updated with the most recent software, and backed up on a cloud. Avoid suspicious websites, emails, links, or pop-up messages from unknown sources.
Unfortunately, cyber warfare is here to stay, and even intensify. Countries, private organizations, and hackers are launching attacks daily for a myriad of reasons, and such attacks cause collateral damage around the world. This is why the world needs more cybersecurity talent to combat malicious attempts and protect us all from damage.
Wawiwa offers a variety of Cybersecurity reskilling programs for individuals (B2C) and shorter upskilling courses for enterprises (B2B). Programs provide opportunities for students to learn the industry’s needed cybersecurity skills through hands-on exercises, interactive cyber simulations, and curriculum that incorporates real life scenarios.
The B2B upskilling courses cover a wide range of specialties that allow current SOC Analysts and IT professionals to update their security skills. Incident response and recovery, forensic cybersecurity, advanced malware analysis, and many more topics are offered as on-demand courses for organizations.