Risk Management
Lessons from the Russian Cyber Warfare Attacks
Trend Micro experts discuss how the prominence of cyberwarfare in a hyper-connected world is a call for enhanced cyber risk management.
Cyberwarfare tactics may not involve tanks and bombs, but they often go hand-in-hand with real combat.
The Russian invasion of Ukraine is a prime example. Before Russian troops crossed the border, Russian hackers had already taken down Ukrainian government websites. And after the conflict started, the hacktivist group Anonymous turned the tables by hacking Russian media to shut down propaganda about the war.
In these unprecedented times of targeted attacks against governments and financial institutions, every organization should be on heightened alert about protecting their critical infrastructure and digital attack surface.
With the Russia-Ukraine conflict as a backdrop, two Trend Micro security experts – VP of Threat Intelligence Jon Clay and Chief Cybersecurity Officer Ed Cabrera – recently discussed cyberwarfare techniques and how they’re an important reminder for every business to proactively manage cyber risk.
Cyberwarfare tactics are increasingly effective
While we haven’t witnessed a pure cyber war with only digital fighting, typical cyberwarfare tactics — such as hacking government websites, spreading misinformation on social media, and installing malware to steal data — are taking on a bigger role in physical conflicts. In a world where people and critical infrastructures are hyper-connected, malicious hackers have an abundance of targets.
Take the Colonial Pipeline ransomware attack of 2021 and the Ukraine power grid hack of 2015. Both are acts of cyberwarfare that successfully cut off a critical asset: power. Another vital asset in any conflict is communication: Russian hackers have followed a strategy of disrupting communication by shutting down Ukrainian government sites and airing false reports on Ukrainian TV channels. Both were successful tactics that prevented citizens from receiving important information.
“[Cyberwarfare tactics] serve a real purpose if you’re able to knock down power or communication,” said Trend Micro’s Ed Cabrera. “The way to obtain dominance in any conflict is to take out the command and control. And what is that? Power and communications…You’ve now created enough opportunity on the physical side to come and do more damage.”
Misinformation is power
Information warfare and propaganda are nothing new. But social media and 24/7 news cycles have made it much easier to spread misinformation, much to the delight of nation-state hackers and hacktivists.
Misinformation campaigns on social media often start, and continue to fuel, conflicts. With the aid of ubiquitous connectivity, social media and online news sites, hackers can quickly spread fake news and images that manipulate public perception.
“Everybody's got a phone, right? So, hackers are able to instantaneously provide some type of propaganda or misinformation around the globe…We also see the deep fakes of audio and video,” said Cabrera.
Clay further supported this point by saying: “The [Russians] could have done a deep fake of [Ukrainian president] Zelensky saying something that would have sent his country into a panic.”
Cyberwarfare and the need for infrastructure protection
“Cyberattacks that complement kinetic warfare are harsh reminders to every business and government leader to do everything they can to protect their infrastructure,” said Cabrera.
“Hands down, our focus needs to be on anything that disrupts our own critical infrastructure and supply chains,” he said. “You can think about this from a military perspective, but it also applies to us from a day-to-day business operations perspective.”
Cabrera emphasized that the U.S. financial sector is more mature than other sectors but given how tenuous the economy is in 2022 – inflation, a looming recession, supply chain slowdowns – a successful cyberattack would have a massive impact. He recommends that organizations, regardless of size, follow the “Shields Up” guidelines issued by Cybersecurity and Infrastructure Security Agency (CISA) to prepare for cyber incidents amid potentially malicious activity against the US.
Managing risk in times of cyberwar
With cyberwarfare tactics becoming another layer of risk to deal with, it’s even more critical for organizations to stay resilient in the face of global events. Here are five security best practices organizations can start to implement now.
- Patches and Updates. Ensure your security systems are updated with the latest critical patches and versions.
- Leverage multi-factor authentication. Make sure you’ve configured your security solutions according to best practices from the vendor, including widespread use of multi-factor authentication (MFA).
- Implement extended detection and response. As outlined in real-world testing activities, like the MITRE Engenuity ATT&CK evaluations, detecting and responding across layers to a cyberattack is a fundamental requirement for managing cyber risk. If you’re not using some form of extended detection and response (XDR) or managed XDR today, you are at much higher risk.
- Monitor your network traffic. Pay close attention to unrecognized network traffic (both inbound and outbound) and watch for sophisticated new phishing attacks. Follow-up quickly on security alerts and conduct more close investigation as necessary.
- Reduce your attack surface. Whether it’s a financially motivated group or a nation state, when attackers encounter a smaller attack surface, it means less risk for your organization. Reducing attack surfaces includes patching and Zero Trust techniques for better visibility into the true state of identities, devices, cloud assets and things.
For more information regarding attack surface risk management, check out the following resources: