In this brief video, Nozomi Network’s security evangelist Roya GordonOpens a new window and Vincent D’AgostinoOpens a new window , the head of Cyber Forensics and Incident Response at BlueVoyant, discuss how the Russia-Ukraine conflict is shaping cybercrime and what organizations across sectors need to prepare for.
Read the full transcript of our conversation with Roya Gordon and Vincent D’Agostino here:
PLATE: How Has the Russia-Ukraine War Shaped Cyber Crime in Recent Months?Â
ROYA GORDON: The Russia-Ukraine conflict has definitely changed a couple of things in the cyber threat landscape. So, if you look back over the past few years, there has been more focus on, what I like to call, industry-agnostic ransomware attacks where ransomware was targeting everyone. If you were low-hanging fruit, then you were getting hit with ransomware. And I was thinking to myself, you know, threat actors forget about OT-specific malware and ransomware, which, at a point, was very alarming for the industry. Even the ransomware attack on Colonial Pipeline sent a message to threat actors that ransomware can still affect physical environments. It doesn’t have to be a super complex piece of malware or ransomware.
VINCENT D’AGOSTINO: I think many people would think that this is the first time we will see traditional warfare coupled with a potentially monstrous cyber attack. Instead, what we’re seeing is quite the opposite. We’re seeing a decrease in attacks from Russia and Ukraine to other parts of the world, presumably because the two countries are now occupied with physical warfare. I think that was a very interesting turn of events that have played out thus far. The real question is that prior to this invasion, I would say we were, in fact, in a state of attack for many years. So when you talk about the U.S. being mainly targeted with billions of dollars worth of ransomware attacks growing at up to 50% per year, this highlights that we were under attack.
PLATE: Would Russia-sponsored Cyber Attacks Escalate if Russia Fails To Achieve Its Military Objectives?
ROYA GORDON: With the whole Russia-Ukraine war, we see threat actors starting to flex their skills again. So with Industroyer 2, Incontroller, now malware that is targeting industrial control systems and critical infrastructure again, it’s as if threat actors are saying- don’t get it twisted, we’re still highly skilled, and we will attack and target critical infrastructure when we’re good and ready. And clearly, I am paraphrasing, but that’s just my take on what I am seeing in the cyber threat landscape today.Â
Another point that I want to note is that this war is changing who you view as stakeholders in wars. Before, it was the military and government. Now, it is private companies and critical infrastructure. So it will be interesting to see how this precedent reshapes military standard upgrading procedures moving forward.
VINCENT D’AGOSTINO: The question that remains is that if this military conflict does not play out as anticipated, will Putin revert to a more ironically, a more traditional of what we’ve seen over the last past few years, at least a traditional type of attack, which is going back to the cyber-based attacks targeting U.S.-based companies, including potentially infrastructure? And I think that’s a very distinct possibility because countries like the U.S. and even Ukraine are very comfortable and adept at dealing with traditional warfare but have not figured out how actually to combat acts of cyber terrorism or cyber-attacks in such a coordinated way, presents a much more complicated problem. So absolutely, that may be something we see in the coming months, depending on how this conflict plays out.Â
PLATE: What Are the Sectors and Organizations That Nation-state Hackers Are Targeting the Most?Â
VINCENT D’AGOSTINO: So if you are in terms of the question sectors in organizations the nation-states are targeting. I would say if this is a question being asked in the context of the Russia Ukraine conflict, any organization that is pledged allegiance or shown support for one side or the other is going to become more of a target. And any organization that actually may contain information intelligence regarding the war efforts that may benefit one party or the other is going to be a target more now than they were before.Â
PLATE: What kind of cyber attacks should critical infrastructure organizations in the E.U. and the U.S. prepare for?
ROYA GORDON: I suggest doing a pen test. Use scanning tools that threat actors are using to find access factors, get to them first and remediate them right away. Definitely have visibility into O.T. environments, and catch hackers camping out. Usually, before an attack is launched, hackers have already gained access, sometimes weeks or months before. So being able to get alerts of anomalous behavior within O.T. environments is key. Finally, keep up on cyber hygiene. It seems more simple, but there have been a lot of cyber attacks launched just because of a lack of identity access management or using easy passwords. So do these things, and you are already positioning your company to be more cyber resilient.
Do you think the Ukraine-Russia conflict will lead cybercriminals to change their attack TTPs? Let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
MORE ON THE UKRAINE-RUSSIA CONFLICT
- What’s the Way Ahead in the Ukraine-Russia Influenced Cyberwar?
- Russian-Ukraine Conflict: Shining a Spotlight on Critical Infrastructure Security
- Ukraine-Russia Conflict: Will It Worsen the Global Semiconductor Shortage?
- Rise of Hacktivism: The Evolving Role of Hacktivists In the Ukraine-Russia Conflict