Russia is keeping up its attempts to turn cyberspace into a battlefield by attacking its adversaries with a type of malware known as wiper, which destroys the hard drive of infected computers, erasing all data and programs, and causing enormous damage to companies and organizations, Spanish cybersecurity firm S21sec says in a study.
“Let’s recall that the targets of these attacks are generally public or private sector organizations that are always within the critical infrastructure category, such as transportation or telecommunications,” Salvadoran consultant and cybersecurity specialist with IT governance organization ISACA San Salvador Mario Orellana told Diálogo on August 30. “If you don’t know or are unsure if what you are doing to protect yourself is enough, then you let your guard down and vulnerabilities occur.”
The exploitation of these vulnerabilities is the common factor in most cyberattacks. During the first half of 2022 alone, S21sec identified 11,925 security threats worldwide. Of those, 2,051 occurred in March.
“These destructive attacks are carried out by APT [Advanced Persistent Threat] groups, sponsored by governments with strong technical capabilities,” the report says. “The scope of the attacks extends to other countries and international organizations that are not actively engaged in armed conflict.”
The Global Threat Landscape Report 2022 of FortiGuard, the intelligence and research organization at Fortinet, a U.S. cybersecurity company, identified at least seven new types of wipers during the first six months of 2022, which were used against government, military, and private organizations in Ukraine.
For its part, the S21sec report underlines that the distribution of wipers from Russian APTs poses one of the main threats due to their cyber destructive potential. There has been an increase in the activity of these groups since the Russian invasion of Ukraine, carrying out infection campaigns with destructive malware and cyber espionage programs.
“The high number of cyberthreats identified in the first half of 2022 poses high risk for both public and private entities, evidencing the lack of security in the structure of the affected organizations,” said Sonia Fernández, head of the S21sec intelligence team. “The Russian-Ukrainian war brings with it a paradigm shift in the cyber scenario, which requires that cybersecurity becomes a priority for companies and institutions, in order to reduce vulnerabilities and safeguard their activity.”
Given the capabilities of Russian APTs and their latest activities in scenarios of geopolitical disputes, it is likely that they will maintain high activity level with potential cyberattacks and diversification, posing high risk to critical infrastructures, S21sec warns.
Fortinet emphasizes that malwares that restrict access to certain files on groups of computers and demand ransom in exchange for removing this restriction are the main threat. Teleworking, encouraged since the beginning of the COVID-19 pandemic, may be an important factor. In the first six months of 2022, 10,666 variants of cyberattacks have been recorded compared to 5,400 in the last half of 2021.
“We telework a lot; most of the time the devices we use are connected to poorly protected networks,” José Laguna, engineering director at Fortinet Iberia told Spain’s El País newspaper. “The cell phone, tablet, or work computer you use at home are not connected to the work network, which could also suffer an attack, but at home these devices are easier to attack and that’s why cyber attackers concentrate their efforts there.”
According to Spanish newspaper El Economista, Microsoft’s Threat Intelligence Center warned that Russia has 128 targets in 42 countries, mainly in Europe and countries that make up the North Atlantic Treaty Organization (NATO).
In account of the above, Orellana stresses the importance of implementing short, medium, and long-term actions to detect, protect, react, and recover from any type of Russian cyberattack.
“The current situation between Russia and Ukraine will not be the only conflict we will face. Anything that could be aimed at incapacitating, jeopardizing, or damaging a country’s critical or productive infrastructure is a target,” Orellana said. “Countries must delegate someone or an institution within their government structure to be in charge of managing the crisis. This person must […] promote the protection of assets, detect anomalies, react, and recover from any attack.”