Cyberwarfare is becoming more prominent with the current conflict in Eurasia. This fight goes beyond the battlefield. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months.
Increasingly, state-backed cyberattacks are being reported. There have been reports of a rise of ransomware and other malware attacks such as Cyclops Blink, HermeticWiper, and BlackCat. They target both businesses and government agencies, as well as non-profit organizations. There have been several instances of attempts to stop online communication and the IT infrastructure.
The ongoing list of significant cyber incidents curated by the Center for Strategic and International Studies (CSIS) shows that the number of major incidents in January 2022 is 100% higher compared to the same period in the previous year. It is likely that cyberspace will see more significant incidents due to the impact of recent geopolitical turmoil in February.
Here is a glimpse at the state-backed cyberattacks that are emerging this early in 2022, and how the world responds.
Worsening malware problem
The ransomware and other malware problem are getting worse, according to acclaimed cybersecurity leader and technologist Dan Lohrmann. In his blog post for Government Technology, he pointed out the significant rise of criminal copycats that deliver malware through software updates, the increase in mobile malware attacks, the packaging of malware with other threats that target specific organizations, and the weaponization of malicious software.
Malware weaponization is particularly alarming in light of the geopolitical conflict the world is facing right now. State threat actors are not only using ransomware, viruses, spyware, and other malicious software to attack other governments. These are used across the board as they can significantly impact economies when businesses suspend operations to deal with the infection.
Organizations are routinely reminded to fortify their security posture with a variety of defenses and strategies. Anti-malware detection and mitigation tools are essential. From firewalls to antiviruses to comprehensive enterprise anti-malware software capable of addressing various malicious software threats, it is important to put in place the right tools to stop malware infection or at least enable effective mitigation.
In addition to having reliable anti-malware solutions, it is important to follow cybersecurity best practices, have a carefully crafted incident response plan, and keep regularly updated with the latest cyber threat intelligence. It is encouraging to know that even before 2022, organizations have already expressed intentions to boost their cybersecurity with the corresponding increases in spending. One study found that 4 in 5 companies are planning to spend more on obtaining reliable security controls, security testing, and other cybersecurity investments.
Organizations such as the United States Cybersecurity and Infrastructure Security Agency provide regular updates about the most recent malware threats and offer guidance on how they can be dealt with. What’s different now with the rise of state-backed threats is that they more aggressively oversee the cybersecurity practices of government and private entities to ensure adequate defenses.
Digital shelling/bombing vs. everyone
Shelling, bombing and military aggression in Ukraine have been the top news stories of recent weeks. The attacks on civilian buildings and military structures have been devastating.
In the digital realm, there are versions of these destructive attacks out to render devices useless or dysfunctional. The HermeticWiper malware is one of these latest examples. This malicious software has been reported to be used against Ukraine to destroy the country’s IT infrastructure and resources. It is spreading rapidly to other countries.
This custom-written malware affects Windows devices as it manipulates the Master Boot Record (MBR), leading to a boot failure. With a payload size of 114KB, it is relatively small, but it is enough to inflict deadly damage. This malware initially focuses on corrupting the first 512 bytes of a drive or the MBR. The malware then lists the infected partitions and corrupts them.
CISA has already warned about HermeticWiper, and other threats. “We are striving to disrupt and diminish these threats, however, we cannot do this alone. We continue to share information with our public and private sector partners and encourage them to report any suspicious activity. We ask that organizations continue to shore up their systems to prevent any increased impediment in the event of an incident,” FBI Cyber Division Assistant Director Bryan Vorndran said.
To address the threat of destructive malware, the solution may not be that difficult. According to Neil J. Rubenking, PCMag’s Security Lead Analyst Neil J. Rubenking believes that an up-to-date antivirus system or antimalware program can suffice. The leading antiviruses do an excellent job catching the malware and preventing it from causing any harm.
Cybersecurity stocks on the rise
This is not surprising, but it is worth noting how the cybersecurity industry appears to be benefiting from the crisis that has led to greater cyber threats across the world. Cybersecurity stocks enjoyed gains as the threat of a significant ramp-up of cyberwarfare looms over governments and businesses.
The cybersecurity sector had been in the red for a time, but it went back to black at the end of February as fears of more aggressive state-sponsored attacks grip businesses and public institutions. ETFMG Prime Cyber Security ETF HACK closed at $57. 39 on February 28. This price shows a 2. 4 percent gain over the past year. The S&P 500 index SPX closed with a 0. 2 percent gain on the same day while Nasdaq Composite Index COMP gained 0. 4 percent.
It would not be a stretch to say that the explicit declarations of major hacker groups have also sparked interest in cybersecurity stocks. Anonymous declared cyberwar against Russia. The group tweeted that they were “currently engaged in operations against Russia Federation”, with the Russian government being the target. The group warned, however, that it is “inevitable that the private sector too will be affected.” “
The world is in an unstable and precarious situation right now, thanks to both online and offline troublemakers. Although the world has responded well to cyber threats, it is still unclear if the governments or the private sector are doing enough to enhance their security to withstand more frequent and sophisticated cyber attacks.