Alongside the war on the ground in Ukraine, a Russian cyber war is targeting the country’s IT infrastructure and potentially the entire world.
During the writing of this blog, Russia’s invasion into Ukraine is still taking place on the ground, causing many casualties. Attacks on land, air, and sea have forced over 2 million Ukrainians to seek refuge out of the country. Russian forces intend to overthrow the Ukrainian government.
However, the physical war isn’t the only type of conflict Russia is utilising. Russia has also launched another powerful and destructive form of warfare: cyber attacks. On Putin’s command, government-operated cyber teams have unleashed computer viruses and other malware on Ukraine’s utilities and technical infrastructure, attempting to cause chaos and harm.
A wiper is a computer virus that deletes all the data as soon as it enters a computer system or database. Unless a remote backup exists, losing information is hard to recover from. Imagine your Gmail account or Instagram feed being wiped clean. When wipers hit enterprises and government databases, the damage can be huge.
Russian wiping attacks had started even before the physical invasion, focused on targeting government websites and banks in Ukraine. Cybersecurity Specialists named the first detected strain the “HermeticWiper” or “FoxBlade”.
HermeticWiper was found in hundreds of Ukrainian laptops on February 23rd, only hours before Russia’s invasion. This wiper not only deletes local data, but also damages the devices’ data recovery and reboot tools, so that mitigation is slower, if possible.
Cyber attacks hardly stop at their intended computer target. They spread and are followed by collateral damage. Viruses and other malware are not aware where they operate and tend to spread across computer networks and the internet. One infected computer contaminates another, and with global connectivity, the other computer might be thousands of miles away. Russia’s wipers disseminate through emails and instant messages. Hackers who program wipers do not direct them to cause harm in Ukraine alone.
Russia is no stranger to this outcome, as the country has previously contributed to one of the world’s largest cyber attacks. NotPetya was Russian malware that wreaked havoc in 2017. Targeting the Windows operating system, NotPetya could encrypt a hard drive’s file system and prevent the computer from working.
The target country most heavily afflicted was – not surprisingly – Ukraine, where the national bank and other institutions were compromised. However, the virus also instigated mass infection in France, Germany, Italy, Poland, and even the United States.
It is estimated that the NotPetya malware attack cost over US$10 billion in damages. If precautions aren’t taken in time, HermeticWiper might cause a similar aftermath.
As scary as cyber warfare is, preventive cybersecurity measures can be taken to decrease the chances of impact.
Enterprises and institutions should always strengthen their cyber defence mechanisms. The IT infrastructure needs to be protected by firewalls and security systems. Operating systems and software should be constantly updated with new versions that patch vulnerabilities and increase cyber security. Having skilled teams of Cybersecurity Engineers, SOC Analysts, and DevOps Engineers is vital in ensuring cyber protection and immediate response to data breaches and cyber attacks.
In addition, companies should always have up to date data backups to make sure that even if data is lost, a recent iteration can be recovered to minimise the damage.
Cybersecurity is also important for everyday people. All of us need to be computer savvy and understand the risks to our computers, smartphones, and IoT devices. At the very least, make sure that your computers are secured by strong passwords, protected by antivirus and firewalls, updated with the most recent software, and backed up on a cloud. Avoid suspicious websites, emails, links, or pop-up messages from unknown sources.
Unfortunately, cyber warfare is here to stay, and even intensify. Countries, private organisations, and hackers are launching attacks daily for a myriad of reasons, and such attacks cause collateral damage around the world. This is why the world needs more cybersecurity talent to combat malicious attempts and protect us all from damage.
CTIA offers a variety of Cybersecurity reskilling programs for individuals (B2C) and shorter upskilling courses for enterprises (B2B). Programs provide opportunities for students to learn the industry’s needed cybersecurity skills through hands-on exercises, interactive cyber simulations, and curriculum that incorporates real life scenarios.