Since the beginning of the invasion of Ukraine, cyberspace has become a hot and messy war zone. And this war could soon generalize to all those who support the country under the bombs. To say it are well eight Five Eyes cybersecurity agenciesthe spy alliance of the five Commonwealth nations (Australia, Canada, New Zealand, United Kingdom and United States) which have issued a worrying warning about the increase in cyber attacks conducted by Russian nation state actorsthat is, state-sponsored hackers and Kremlin-sympathetic criminal groups such as the infamous Conti and the managers of the Emotet botnet, called Mummy Spider.
In fact, many cybercriminal groups already participating in the Russian war effort have launched retaliatory campaigns against Western and Ukrainian companies using destructive malware, ransomware blackmail, or DDoS attacks, along with other espionage and sabotage initiatives.
Digital warfare
From Anonymus to the military, which are the hacker groups active in the Russia-Ukraine conflict
by Andrea Daniele Signorelli
The notice issued on Wednesday bluntly stated that Russian state-sponsored cyber actors have the ability to compromise computer networksstay crouched in critical infrastructure, steal sensitive data, disrupt and sabotage industrial control systems with specialized malware to manipulate them, acquire data and destroy the machinery they command.
“This activity could occur in response to the unprecedented economic costs imposed on Russia, as well as material support provided by the United States and US allies and partners,” the sources say.
The damage of cyberwar
If a computer can stop a tank and electronic warfare proper can shoot down a drone or interrupt military communications with jamming, a cyberattack can interrupt the delivery of essential services and make civilian casualties.
In fact, a successful cyber attack can block the supply of water and electricity, derail a train and turn off the traffic lights in the city but also interfere with the waste collection cycle and with all the activities that characterize the functioning of a smart city. . We have had many examples. Attacks on Israeli desalination plants by pro-Iranian groups, Chinese industrial espionage, the Wannacry ransomware that blocked British healthcare for days, the Colonial Pipeline’s gas supply shutdown last winter in Texas and many, many, others.
War
Tanks, missiles and planes but still no real devastating cyber attack
by Alessandro Longo
Ukraine itself has been targeted by cyberattacks since 2014. In that case, the Black Energy malware, operated by Russian hackers, was hidden in power point documents and in an attachment that indicated a list of weak passwords to change sent to the six state railway companies. The same trick was used to attack three Ukrainian electricity companies on December 23, 2015, leaving 225,000 people without electricity. A scenario repeated in 2016 with another virus, CrashOvveride.
These are techniques well known to Russian hackers who continued to practice on Western targets in all these years with the most imaginative names such as Apt29, accused by the British cybersecurity agency of having tried to steal research on potential vaccines for the coronavirus; Cozy Bear, CozyDuke, The Dukes, responsible according to FireEye and Eset for the espionage against the US Congress and the American Democrats, and then Nobelium, Strontium and Yttrium, the group that according to Brad Smith of Microsoft would have compromised the global provider of technology services Solarwinds , reaching the doors of the American Nuclear Agency, in short, a very long list published a few days ago by the American Cybersecurity Agency Cisa.
War in Ukraine
Mykhailo Fedorov: “Cyberwar works better than bullets”
by Pier Luigi Pisa
With the war, they take advantage of the chaos
In this situation of war and taking advantage of the international chaos, other groups linked to Russia continue to pursue financial objectives and boldly propose to attack large American companies such as Coca Cola.
As also noted by Italian cybersecurity companies, another critical sector according to the FBI is food and agriculture engaged in this period in the sowing and harvesting season: “IT actors can perceive cooperatives as profitable targets with a willingness to pay due to the sensitive role they play in agricultural production.”
Israel vs Iran: the new war front is cyberspace
Arthur of Corinth
For the Five Eyes, the perpetrators of the attacks work for five governmental and military realities of Russia: the Federal Security Service, FSB (formerly KGB), the International Intelligence Service, in abbreviation SVR, and then the Chief Directorate for the information, GRU (Armed Forces), the GRU Center for Special Technologies (GtsST), the Ministry of Defense and the Central Institute for Chemistry and Mechanics, (TsNIIKhM).
Tips for protecting critical infrastructures
The security advisory contains a list of actions to protect critical infrastructure:
-
Update systems and fix known vulnerabilities
-
Adopt multifactor authentication
-
Monitor the protocols that allow remote access to the terminals
-
Train employees and create risk awareness
Finally, it is no coincidence that the alarm was disclosed in correspondence with the rebirth in the Darkweb, on April 19, by the REvil group, author of the attacks on the food giant JBS and the Colonial Pipeline, and dismantled thanks to cooperation between Russia and the United States. A cooperation that, according to Oleg Khramov, deputy secretary of the Security Council of the Russian Federation, would have been interrupted on 7 April 2022 due to the unilateral closure of the communication channel by the US.