Increased cyber strikes as part of the bigger battle could have disastrous consequences for IT infrastructures of firms all across the world, regardless of their political leanings.
Last week, just a few hours before Russia marched into Ukrainian territory, several websites of Ukraine's banks and government agencies were disabled by a DDoS attack that many believe was launched by Russia. But this was just the beginning of the cyber war between the two countries.
A devastating wiper attack targeted computer systems in Ukraine as well as two neighboring nations, Latvia and Lithuania, following the earlier attack on Ukraine revealed last month.
These attacks began with a DDoS attack as a diversionary strategy before deploying HermeticaWiper, a harmful malware. HermeticaWiper, like the previous virus, is designed to overwrite files on systems, rendering them inoperable.
According to many reports, future cyber assaults against the United States and Western European organizations may be launched in retribution for greater sanctions or other political actions imposed on the Russian government.
According to a report, one in five Fortune 500 companies rely on Ukraine's IT outsourcing sector. Experts suggest that organizations might not be directly attacked by the hackers but could still feel the impact.
Cyber security experts advise that all enterprises take proactive measures to protect themselves from this potential threat.
While the current attacks appear to be aimed against the Ukrainian government, financial institutions, and websites, the current crisis has the potential to spread to many other locations around the world, causing companies and infrastructures to go down as a result of collateral damage.
"For instance, given how interconnected and interdependent our technologies are, a large-scale attack on a hosting provider in Ukraine could impact businesses working with that hosting provider the world over, leading to a domino effect of system shutdowns, and more," said Vicky Ray, Principal Researcher, Unit 42 at Palo Alto Networks.
In the midst of the conflict, the hacker collective Anonymous declared cyber war on Russia. On its social media account, the hacker collective claimed to have knocked down dozens of Russian websites.
Cloud and Data Center providers at risk?
The trend of assaults on cloud services is expanding as cloud becomes the default IT architecture for enterprises, relieving them of the burden of owning and managing physical infrastructure.
Cloud services have been targeted before (SolarWinds, Capital One), and this isn't the last time. Experts believe that data saved in the cloud is more vulnerable than data housed on-premises systems. Failures from both cloud service providers and end-users exacerbate these vulnerabilities.
There are a variety of cloud deployment strategies, but the cloud provider is critical to the technology's security. CSPs' decisions in developing these technologies have a direct impact on an organization's security posture. This means that if a major cloud provider–Azure, AWS, or Google–has a weakness in its servers, firms that use their services may be affected as well.
In a Foreign Policy article, the authors observed that "security is largely an externality for these cloud companies, because the losses due to data breaches are largely borne by their users. As long as a cloud provider isn't losing customers by the droves—which generally doesn't happen after a security incident—it is incentivized to underinvest in security."
According to a survey, the stocks of cloud service providers only see a minor and transitory decline after a public security breach.
Many experts warn that, in the midst of ongoing cyber warfare, cyber-attackers could take advantage of the current situation to disrupt, disable, or destroy crucial IT infrastructure. Fleets of hackers and opportunists aren't uncommonly attacking stressed, already red-alert public, enterprise, and common user databases.
One can only image how much damage an organization could suffer (in terms of business, data privacy, and confidence) if its internal networks were hijacked and left stranded for a few minutes. When political ambitions promote cybercrime and controversially support it, it's impossible to say who will be affected and to what extent.
The security issues have been exacerbated by the modern remote work approach. Organizations are already dealing with a slew of personal endpoints, or devices, spread across a variety of locations connected to their official networks.
Due diligence is sometimes carried out, however it is frequently overlooked by medium-sized businesses. Cybercriminals have a lot of opportunity to lurk in organizational databases thanks to such dispersed networking flaws.
According to a spokesperson from a large cloud provider, "In the current scenario, it is imperative for cloud services providers, hosting and managing databases and workloads for thousands of companies, to amplify their internal cybersecurity postures.
Data centers are always a top target for cybercriminals since they are the hubs or hosting locations for millions of businesses, tens of thousands of large-scale businesses, hundreds of cloud platforms, and hundreds of government databases.
Pankit Desai, Co-founder & CEO, Sequretek feels that data centers are a lucrative target for cyber attackers. "These are supply chain focused attacks and here modus operandi is 1 to many i.e one target with an intent to impact many entities. The attack could come in a rudimentary form like bringing down the power supply to the data centers,"
"War or not, when it comes to datacenter service providers, it's always imperative and important to invest in and integrate the most advanced, military-grade security frameworks for utmost protection 24/7/365. Such always-on maximum security mode is a need and a responsibility that we DC operators abide to and continue doing, without a slack" said an expert from a major cloud company.
What can we do?
The difficulty for most businesses will be to ensure that they are prepared to deal with the large number of cyber-attacks that may occur during this period. So, what should businesses do if it's too late?
Be prepared to respond quickly
In the event of a cybersecurity incident or an interruption in essential infrastructure, organizations must establish designated points of contact in crucial areas.
Patching critical software
Companies should ensure that all of their apps, systems, operating systems, and databases are patched and updated to the current vulnerabilities, according to Desai. Hackers are able to exploit third-party vulnerabilities, which results in a large number of attacks. He also recommended IT executives to be proactive in their awareness of publicly disclosed vulnerabilities.
Prepare for Ransomware and/or Data Destruction
Ray of Palo Alto Networks observed that "The preparation required to prevent and recover from these attacks is similar in either case. Testing back-up and recovery plans is critical, as well as testing continuity of operations in case a network or other key systems are disabled in the attack,"
Educating employees
Desai of Sequretek recommends that businesses educate their employees and users about the websites they visit. "When it comes to opening incoming emails, they should be cautious. Open emails that come from a reputable source and don't contain a malicious attachment ".
Source: CIO.com
Read more: