This article was last updated March 22, 2022 for new information
Much of SWK’s Cybersecurity News Recap for March 2022 will focus on the developments coming out of the recent Russian invasion of Ukraine, as the world watches in expectation of a conclusive action from either side, including on the cyber front. The shadow of the conflict is also influencing several other top stories of the month, such as the monumental cyber breach reporting regulations that have passed through the US Congress with bipartisan approval. SWK Technologies will continue to keep you updated on the most pressing cyber concerns coming out of these current events – here is what we know so far:
The 2022 Russia-Ukraine War
After a significant troop build-up towards the end of 2021, the Russia Federation initiated a ground invasion of Ukraine in early 2022, kicking off a conflict that many experts had predicted would inevitably include cyber warfare. Despite a preceding offensive of various cyber attack methods against government and financial sector IT systems, the digital onslaught seemingly fell off as the physical war commenced – though the evolution of the situation reflects how complex it is to measure such impacts at first.
Below is a comprehensive breakdown of how the cybersecurity front has played out during the conflict:
January – March 2022 Cyber Attacks
Starting in mid-January, Ukrainian computers were the target of several waves of cyber attacks that continued on and off up to shortly after the invasion commenced. The first of these were a two-pronged assault that consisted of mainly information warfare coupled with seemed like an actual ransomware campaign. However, the latter was revealed to be hiding a more discrete data destruction offensive employing malware that would not allow files to be recovered.
Wiper Malware
The discovery of the wiper malware set off an alarm among observers, with at least three separate attempts recorded by security researchers as of March 14, though some investigators have hinted at signs of others still being looked into. This particular type of program can behave somewhat like a ransomware infection, but once files are corrupted instead of exfiltrating them it begins to replace them empty data, effectively destroying the information contained.
US & Ukraine Cyber Attacks Uncovered
Even while the offensive cyber war seemed to be slowing down, researchers uncovered evidence of several other cyber attacks targeting Ukraine, the US and other allied countries such as Poland. Organizations such as Google picked up on network activity from hacker groups they routinely monitor, many of which are known to have coordinated directly with Russian security services. The movements signaled that Russia is likely using its allied threat actors to keep an eye on the Ukrainian military and any nations providing assistance, as well as to keep them off-balance to delay deployment of resources.
Satellite Warfare
Satellite networks have become both tools and casualties of the cyber war being conducted within Ukraine, with at least one major hack coupled with political jockeying over third-party communications and imaging creating an atmosphere of uncertainty. The same day Russia invaded, a major European provider had its modems hacked, disrupting telecommunications all over Ukraine and prompting an investigation by US and French intelligence agencies. Hacktivist collective Anonymous soon followed up with their own disruption of the Russian space agency’s satellite network, while celebrity CEO Elon Musk donated antennas for his SpaceX company’s Starlink satellites.
IT Army of Ukraine
After suffering a succession of devastating cyber attacks since 2013, Ukraine’s cyber defense strategy has transformed into a very proactive campaign of response counterattack, bolstered by people and resources from around the world. What has been labeled the “IT Army of Ukraine” by one of the country’s top technology officials has been persistently working against both suspected cyber attack activity and Russian information warfare being conducted abroad and domestically.
International Mix of Hackers
The nature of the conflict has highlighted the blurred lines of national loyalties in such clandestine warfare, especially as most of the world either condemns Russia or prefers to remain neutral, including some of the Kremlin’s past allies. While Ukraine has received help from volunteers from many nations, cybercriminals that have proclaimed solidarity with the Russian invasion have paid for it with internal dissent. However, there remains a fear that some parties may aid Russia in cyberspace much more quietly, or even take advantage of the situation to get away with espionage or cyber attacks unnoticed.
Cyber War vs Hacktivism
The part of the cyber war that has been easiest to quantify is the hacktivism campaign being undertaken by both sides, but has seen significant strides from those opposed to the invasion. Along with the aforementioned Anonymous initiative and the IT Army of Ukraine, many volunteers from both outside and even within Russia have attempted to challenge the information war being waged by Russian security services and state media. These actions include defacing several Russian government websites with messaging that challenge’s the regime’s version of events as well as directly with Russian citizens through social media, along with several other methods used to disseminate information within Russia that would not otherwise be accessible.
Hacker Uncovered in Ukraine
Ukrainian security service agents detained a culprit they accused of hacking on behalf on the invasion forces, by hijacking Ukraine’s mobile phone traffic and relaying messages to and on behalf of the Russian military. These activities reflect another unique factor within the war – both Russia’s troops and Ukrainian guerrillas are using smartphones to communicate, with the former suffering from what some observers claim as inadequate radio equipment and corruption. This is also thought to be a major reason why Russian-allied hackers have not taken down Ukraine’s infrastructure as they have in the past – they need telecommunications up and running for themselves.
Phishing Scams Taking Advantage
While some ransomware gangs proclaim neutrality and noninvolvement in the ongoing conflict, several cybercriminals have attempted to take advantage of the crisis with phishing campaigns masquerading as charities. Most of these seem to be trying to leverage the goodwill of potential victims outside of the warzone, asking for donations to help Ukrainians in need. However, in a noteworthy twist, some volunteers are using the same tactics to spam Russians with information about the war blocked by the regime.
Companies Caught in the Crossfire of Cyber War
As many global enterprises leave Russia in droves, those technology firms founded or still based in Russia have been caught in the crossfire as many businesses and governments look on their solutions and integrations with new scrutiny. One such example is the antivirus provider, Kaspersky, which has been accused by Germany’s cybersecurity agency of being a potential vector for spying by Russia.
Russian Hackers May Have Gone Quiet
There are many theories as to why the cyber warfare segment of the invasion has not blown up, with the biggest being errors on Russia’s end, the resources and manpower poured into Ukraine’s cyber defense, and Russia having to go on the defensive themselves. However, there remains evidence that Russian-allied hackers are still in fact trying to breach systems across Ukraine and NATO members – including the US – and the cyber espionage side of their methodologies has proven much more discreet.
President Biden Makes Statement Warning of Cyber Attacks
On March 21, 2022, the administration of US President Joseph Biden released a statement warning the country of activity observed that could preclude cyber attacks against American private sector targets from Russian nation-state hackers in retaliation for economic sanctions. The announcement also included a request for businesses to implement network security best practices ASAP, encouraging “everyone to do their part” to combat hacking attempts affecting the nation.
Stay Up to Date with the Conflict & Other Cybersecurity News
SWK Technologies is watching the cybersecurity aspect of the situation closely, and will continue to keep you updated on any new developments that could affect your security posture. If you have any questions or concerns about your organization’s current network protections, please reach out to us as soon as possible.
Contact SWK here to learn more about how the ongoing conflict could impact your cybersecurity and what steps you need to take to prepare yourself if any spillover occurs.
Get More Cybersecurity News Updates