Written by Siebe De Roovere
4 Insights on the impact of the conflict in Ukraine on cyber threats in Belgium
Many organizations are worried about the cybersecurity implications for their own security because of the war in Ukraine and if and how they should boost their security.
We also see that many security companies are eager to use this crisis to profile their solutions.
In this blog, we try to distinguish between the sense and nonsense of cybersecurity messaging in the context of current geopolitical tensions.
Insight 1 – Is cyberwarfare new?
No, cyber attacks organized by governments to achieve geopolitical goals are not new and these types of attacks have been used in the past by both Western and Eastern powers. Famous attacks in the past include the NotPetya malware that was deployed by Russia to disable the Ukrainian critical infrastructure during a previous phase of the conflict in 2017, as well as the malware that was used by presumably the NSA to shut down Iranian Nuclear facilities.
Insight 2 – Are there new cyberthreats?
The answer here is simultaneously yes and no. No because we are seeing the same types of attacks that we already know about, such as DDOS and malware attacks. Yes, because some new variants of these types of attacks have surfaced in the Russian attacks on the Ukrainian government. The use of new variants in cyber warfare is a trend we do see more often, just think of the NotPetya malware that surfaced in a previous attack on Ukraine in 2017.
The following new threats were identified by the international security community:
- A new wiper malware has been deployed. This is a type of computer virus that penetrates users’ systems and can delete data there.
- Backdoor malware (SockDetour), that allows data leakage, has been identified.
- Also Web Defacement and Supply chain attacks were spotted. Web Defacement are attacks in which the hackers penetrate a website and replace content on the site with their own messages for propaganda purposes. In a supply chain attack, the attacker intrudes on his enemy through a vulnerability in a software the victim is using.
Insight 3 – Is there an increased risk for Belgian companies?
The Western economic response to the Russian invasion, as well as Western Hacktivism by organizations such as Anonymous make it likely that there will be a Russian backlash.
The CCB (Centre for Cybersecurity Belgium) reports that certain criminal organizations are openly aligning themselves with the Russian regime and offering their help. They are threatening to launch attacks in countries that are trying to target Russia.
We are a likely target as Belgium was put on a list of nations hostile to Russia.
However, at present, the Centre for Cybersecurity Belgium (CCB) has no concrete indications of a direct attack on Belgium. However, this threat is under constant evaluation and additional measures will be taken if necessary. It useful to monitor the website of the CCB regularly to stay up to date with the latest warnings.
Insight 4 – How should we protect ourselves?
These new threats do not fundamentally change how an organization needs to secure itself. Yesterday’s best practices also remain today’s best practices.
At Toreon, we believe in a structural and lasting approach towards information security, rather than in one shot actions, inspired by fear. Our advice thus is to stay the course and continue to implement your long-term cybersecurity roadmap.
However, In light of this situation, some shifts in priorities can be made.
- It is recommended that you prioritize reviewing your security status. This includes conducting technical assessments (such as penetration tests and threat models) on business critical applications, systems and servers to detect breachable vulnerabilities.
- It is also a good idea to re-evaluate your incident management and business continuity plans and response capabilities for if your organization would be compromised. This allows for a fast recovery when a breach would take place.
- A good look at your cloud security configuration is also recommended as these environments can be easily attacked from any place in the world and the security of these environments can often be increased trough the implementation of quick win fixes (e.g. enablement of MFA).