Firms urged to improve cyber resilience as governments anticipate rise in state-sponsored attacks - MyCena

The invasion of Ukraine is the culmination of years of careful preparation from the Russian state. This is according to Julia O’Toole, founder and CEO of MyCena Security Solutions.

Historic cyberattacks have given the Russian government critical advantages in the build-up to the Russia-Ukraine conflict. Strategic cyber-advantages were gained in several areas, convincing Russia of its own cyber-supremacy, she explains. 

Cyber-advantage one: Cyberwar practice runs

The Russian military has been testing and perfecting cyberwar techniques for years, not least against their Ukrainian neighbour, of which the most devastating was the NotPetya cyber-attack.

This was directed against Ukraine’s financial, energy and government institutions in June 2017 but also indirectly affected many other businesses, causing hundreds of millions of pounds in losses.

The attack highlighted the risk associated with having their own country’s digital infrastructure connected to the world. Consequently, Russia created its own internet network that can be disconnected from the rest of the world when needed.

This was tested in June and July 2021 and again in January 2022, a few days after a dozen Ukrainian government websites were hit by a data wiper attack disguised as ransomware.

Cyber-advantage two: Financial gains through ransomware

According to a report by Chainanalysis, nearly three-quarters of traceable ransomware revenue in 2021 (around $400 million worth of cryptocurrency) was laundered through Russia. This means cyber insurers could well have unknowingly propped up Russian military coffers.

Cyber-advantage three: Deep penetration into western governments’ digital infrastructure

A recent string of high profile cyberattacks and vulnerabilities, including the SolarWinds attack and the log4j vulnerabilities, has enabled Russian cybercriminals to scan, steal and crucially stay inside organisations.

According to O’Toole, “the SolarWinds attack reportedly gave Russia access to data from about 100 U.S. government agencies, critical infrastructure entities, and private sector organizations.”

Expect more cyber attacks

In anticipation of escalating cyberattacks, organisations should take immediate action to secure cyber-resilience, warns O’Toole.

”In the current cyberwar, a cyber-resilience strategy is more urgent and necessary than ever,” she says. ”The question is how?”

Practising good password hygience and protecting network access is an important first step.

“Russia has gained its cyber-advantages fundamentally through the inherently weak digital access models deployed by organisations today,” says O’Toole. ”We know that nine out of ten attacks involve legitimate passwords, with password phishing responsible for 83 per cent of all cyberattacks in 2021.

“People changing their passwords from DomSmith123! to Dom$mith1234 after a cyberattack will not stop a malicious actor from logging in again.”

It is not too late to protect your network access and secure cyber resilience. According to O’Toole, organisations can quickly organise themselves to take back command and control of their digital network, stop passwords phishing and prevent ransomware attacks. Starting with applying physical security rules to their cybersecurity:

  1. Don’t let employees make and share their own (digital) keys. To ensure passwords can’t be seen, shared, or phished by anyone, they can be encrypted from end-to-end (creation, distribution, use, expiry).

  2. Don’t put all systems behind a single door with one key to open everything. To ensure (cyber) resilience, segment access to every system so that if one is breached, for example in a supply chain attack, the breach is isolated by default and won’t affect other systems.

Practise deceptive intelligence

O’Toole continues, “Intelligence has always been a key advantage in war. So has deceptive intelligence. By breaking the ENIGMA code, Alan Turing and the team at Bletchley Park helped the allies intercept the Nazis’ encrypted communications, create false information to then be intercepted by their opponents, and consequently shortened the war.

”Imagine today if organisations leveraged the rise in phishing attacks to deceive criminals with false information about their intentions and positions. Simultaneously, access from legitimate users would be protected with end-to-end encrypted passwords that can’t be seen, shared or phished. These organisations would be immune to passwords attacks, ensuring the integrity of their network and confusing their opponents in the process.”

“From a financial standpoint, removing selected Russian banks from the SWIFT system and freezing their central bank assets will have a massive impact on Russia’s ability to sustain its aggression.

”Through preventing ransomware attacks, organisations could also prevent cryptocurrency theft from offsetting the financial sanctions and shorten the war,” she concludes.