Cybersecurity concerns around the Russia-Ukraine conflict

To any of those worrying about the cybersecurity situation happening over between Ukraine and Russia, Nclose’s Co-Founder & Technical Director, Martin Potgieter, weighed in his speculation and opinion of what is currently and could potentially happen.

Who is currently being affected?

At the time of writing this, according to many large news outlets, cybercrime – for the time being – is predominantly between Russia and Ukraine cybercrime groups and governments, but this is cyberwarfare, which can quickly spread elsewhere. According to Potgieter “What we are seeing at the moment is that a few of these cybercrime groups are either taking sides or imploding amongst themselves due to their Eastern European links with one another. Something else we have noticed is a strain of malware termed “wiperware”, which is an evolution of ransomware that is used to permanently destroy data – but again the main targets are between Ukraine and Russian points of interest. More importantly, this malware is not a new form as it existed before the war, so many security technologies are able to detect variants of it.”

Why have we not seen any major cybercrime from this conflict?

Potgieter adds, “There has been some cyber-attacks but nothing on a massive scale outside the Russian and Ukraine conflict. The reason we may have not seen a massive cyber-attack in the Ukraine-Russia conflict, is because of the potential consequences between two countries should they decide to wage a full-scale cyber-attack against one another. The assumption is no one knows how badly it would escalate following a major cyber-attack, and it could have a devastating affect for both sides, which is something neither wants, very similar to the use of nuclear weapons. We have seen numerous news outlets in Russia being blocked and information leaving Russia being heavily monitored – the use of certain words such as “invasion” and “conflict” in Russia to describe the war, being something that can get you a fine or even a jail sentence.”

What could potentially happen?

“A concern that could materialise, is that the sanctions imposed on Russia could force cybercrime syndicates to think outside the box. The cybercrime channels these syndicates operate in could become compromised and these sanctions may affect their revenue streams, resulting in possibly new forms and types of ransomware, or make criminals more aggressive in their techniques, methods and operations” Adds Potgieter.

“This domino effect could potentially lead to a rise in cybercrimes, as these criminal organisations try to maintain their operations, we could see more non-traditional approaches within the cyber space as desperation can force innovation in these sorts of unique circumstances.”

What can you do now?

“This is an industry that can change overnight, and we have to adapt the same way the cybercriminals do. Anything our client’s need with regards to information regarding the conflict, we will do our best to give them that information as we receive it – transparency is important to us. We are tracking the situation on a regular basis. Regardless of if there was a cyber-war or not, we would continue with the same approach we always have and apply those same cybersecurity principles and practices. We need to continue with our strategies which should include patching vulnerabilities, making sure backups are resilient, testing our IR processes, locking down networks and systems, enforcing strong authentication and many of the other principles that are constantly spoken about.” says Potgieter.

Conclusion

“To sum up, not a great impact, particularly for African businesses. By no means are we letting our guard down but if things continue as they are, we should continue to focus on the basics that we know improve security” adds Potgieter.

“My focus at the moment is what new types of cybercrimes could form from this, the wiperware strain is something that deletes data, so would be difficult to monetise or is there something more to it. However, something like wiperware could be the catalyst for something more sinister or new that could be monetised, but unfortunately only time will tell. This is something we need to continue to monitor. Sometimes in a scenario like this, the best thing to do is to think like a cybercriminal, and what their plans would be. This is an evolving situation, and we are closely monitoring it.”

Need to Mitigate a Cyber Risk?