Over recent weeks, all eyes in the cybersecurity community have been on Ukraine. The country has recently accused Russia of the cyber-attack that targeted two state banks and its defence ministry. Although the destructiveness of the attack was limited to a denial of service (DDoS), its likely goal was to cause panic and wear out the morale of the country ahead of Russia’s invasion of two rebel-held regions in eastern Ukraine on 22 February. In fact, tensions between the two countries are long-standing and Russia has been accused of a string of cyber-attacks against Ukraine since the 2014 war.
Most devastating of these cyber events was the NotPetya malware attack of June 2017. The “most economically damaging cyber-attack of all time”, it initially targeted Ukraine’s financial, energy and government sectors and it spread indiscriminately causing billions in financial damage to western and even Russian companies. Ciaran Martin, former Chief of the UK’s NCSC has warned that escalation between Russia and Ukraine risks another NotPetya-style incident and British officials are becoming increasingly concerned about “spillover” from heightened cyber-activity in Ukraine.
What’s more, the Ukrainian government has called on the hacker community to fight against the invasion, while Anonymous – the hacker group – has now declared a cyberwar on Russia. While NATO cannot be seen to be taking military action, it is also possible that they will be discretely supporting cyber efforts to halt the conflict. With all of this in mind, what would cyberwarfare look like in 2022 and where would we see the most effects?
Operational Technology targeting
In the case of a cyberwar, Operational Technology (OT) would be at the centre of attacks, as cybercriminals will look to target the connected infrastructure that keeps countries functional. This includes transport networks, warehouse machinery and even medical devices. The proliferation of the Internet of Medical Things (IoMT) in the healthcare industry means that criminals can hack and affect life-saving OT. Rather than simply holding IT systems to ransom, IoT, IoMT and OT cyberattacks could result in genuine loss of life. By targeting this kind of technology, such as life-support machines, a country could become crippled in a very short time frame. And if deployed at the same time as an invasion or physical attack, the results would be disastrous.
Supply chain vulnerabilities
Although cyberwarfare traditionally refers to state and state-sponsored actors, it is not just government bodies that would be at risk. Any small business part of the supply chain for publicly-owned organisations will also be seriously vulnerable as cybercriminals look to exploit them to penetrate the public sector. Recent attacks through third-party providers, like the cyberattack that affected James Hall and SPAR, show how hackers are leveraging back-door entrances through partner companies with less resource to secure their networks.
To overcome supply chain vulnerability, it is crucial for organisations to understand, evaluate and quantify the risk of working with third parties. Key measures can be adopted, such as well-defined security policies and frameworks, contractually-agreed liability around breaches and regular penetration testing. Implementing a Zero Trust architecture offers another possible solution to mitigating a supply chain attack. While trust is key for organisations, their suppliers and their service providers, eradicating the implicit trust given to internal users is becoming a necessary, stringent measure to protect against devastating cyber-attacks and the risk of cyberwarfare.
The SOC solution
Any effective security solution to protect organisations from the fallout of cyberwarfare can no longer be reactive. Instead, businesses should proactively protect their networks with consistent threat monitoring. Working with a cybersecurity partner will enable organisations to benefit from the aggregate value of wide, varied threat intelligence from across the entire threatscape. And with the ability to identify and neutralise an attack in less than six minutes, an outsourced Security Operations Centre (SOC) should be an essential part of a company’s cybersecurity strategy. Furthermore, the expertise and round the clock threat detection and response of an outsourced SOC is invaluable considering the cyber skills gap which currently affects 50% of businesses.
Cyberwarfare becomes an increasing possibility now Russia has invaded Ukraine. However, even if this does not occur right now, organisations around the world must be aware it is a possibility for the future. The best thing businesses can do is work proactively with expert partners to implement the measures now that will protect their IT, OT and supply chain.
By Rick Jones, CEO, DigitalXRAID