With the ongoing conflict in Eurasia, cyber warfare inevitably makes its presence felt. The battle is not fought only in the fields. There is also a great struggle going on in cyberspace. Several cyber attacks have been reported in recent months.
Above all, cyber attacks supported by state actors are becoming increasingly important. There have been reports of an increase in ransomware and other malware attacks such as Cyclops Blink, HermeticWiper, and BlackCat. These are aimed at companies as well as state institutions and non-profit organizations. There have been instances of multiple attempts to shut down online communications and IT infrastructure.
The rolling list of significant cyber incidents, curated by the Center for Strategic and International Studies (CSIS), shows that the number of significant incidents is 100% higher in January 2022 compared to the same period last year. With recent activity in cyberspace impacted by the rise of geopolitical unrest in February, it will come as no surprise to see an even more dramatic increase in the number of significant incidents.
Here’s a look at how state-sponsored cyberattacks are shaping up so early in 2022 and what the world is doing in response.
Malware problem worsening
The problem with ransomware and other malware is getting worse, according to recognized cybersecurity leader and technologist Dan Lohrmann. In his blog post for Government Technology, he pointed to the significant increase in criminal copycats spreading malware via software updates, the rise in mobile malware attacks, the packaging of malware with other threats targeting specific organizations, and the weaponization of malware .
Arming malware is particularly alarming given the geopolitical conflict the world is currently facing. Government threat actors don’t just use ransomware, viruses, spyware, and other malicious software to attack other governments. These are widely deployed as they can significantly impact economies as companies shut down operations to deal with the infection.
Organizations are routinely reminded to strengthen their security posture with a variety of defenses and strategies. Software tools for malware prevention, detection and mitigation are a must. From firewalls to antivirus to comprehensive enterprise anti-malware software that can block various malicious software threats, it’s important to have the right tools in place to stop malware infections, or at least enable an effective block.
In addition to reliable anti-malware solutions, it’s important to follow cybersecurity best practices, have a carefully crafted incident response plan, and keep up to date with the latest cyber threat information on a regular basis. It’s heartening to know that even before 2022, organizations have indicated their intention to increase their cybersecurity with corresponding increases in spending. A study found that 4 in 5 companies plan to spend more on robust security controls, security testing, and other cybersecurity investments.
To address the fast-growing malware problem, organizations like the United States Cybersecurity and Infrastructure Security Agency (CISA) are already providing regular updates on the latest malware threats and guidance on how to deal with them. What is different now with the rise of state-sponsored threats is that they are more aggressively monitoring the cybersecurity practices of governments and private entities to ensure adequate mitigations.
Digital shelling/bombing against everyone
Grenades and bombing have been two of the most used words in the news lately, as reports of military aggression against Ukraine have dominated the past week. These deadly attacks have hit everyone, not just military installations but civilian structures as well.
In the digital realm, there are versions of these destructive attacks designed to render devices unusable or inoperable. One of the most recent examples of this is the HermeticWiper malware. It has been reported that this malicious software is being used against Ukraine to destroy the country’s IT infrastructure and resources. However, it is already spreading to other parts of the world.
This specially written malware affects Windows devices as it tampers with Master Boot Record (MBR) resulting in boot failure. With a payload size of 114 KB, it’s relatively small, but enough to inflict lethal damage. This malware initially focuses on corrupting the first 512 bytes of a drive or the MBR. Then the partitions of the infected drives will be listed and corrupted.
CISA and the FBI have already raised the alarm about HermeticWiper and other threats. “We strive to disrupt and mitigate these threats, but we cannot do it alone. We continue to share information with our public and private sector partners and encourage them to report suspicious activity. We urge organizations to continue to strengthen their systems to prevent major disruption in the event of an incident,” said Bryan Vorndran, assistant director of the FBI’s Cyber Division.
To face the threat of destructive malware, the solution might not be that difficult. Neil J. Rubenking, Lead Analyst for Security at PCMag, says an updated antivirus or anti-malware system can be enough. The leading antivirus programs do an excellent job of catching the malware and preventing it from causing any harm.
Cybersecurity stocks on the rise
This isn’t surprising, but it’s worth noting how the cybersecurity industry seems to be benefiting from the crisis that has led to greater cyber threats around the world. Cybersecurity stocks posted gains as governments and businesses face significant increases in cyber warfare.
The cybersecurity sector was in the red for a while, but returned to the black in late February as fears of more aggressive state-sponsored attacks gripped businesses and public entities. The ETFMG Prime Cyber Security ETF HACK closed at $57.39 on Feb. 28. This price shows an increase of 2.4 percent compared to the previous year. The S&P 500 index SPX ended the same day up 0.2 percent, while the Nasdaq Composite Index COMP was up 0.4 percent.
It wouldn’t be an exaggeration to say that the explicit statements made by major hacker groups have also sparked interest in cybersecurity stocks. Anonymous has declared cyber war on Russia. In a tweet, the group said it was “currently engaged in operations against the Russian Federation” with the Russian government as the target. However, the group also warned that “the private sector will most likely be affected as well”.
The world is currently in a precarious and volatile situation, no thanks to troublemakers offline and online. The world is responding relatively well to the rise in cyber threats, although only time will tell if governments and the private sector have done enough to improve their security posture to face more aggressive, frequent, and sophisticated violent attacks.