The war in Ukraine is showing, as never before, a new front of attack: cyberwar. A new way of approaching a conflict that is also fought in the field but which still risks appearing distant and, therefore, less dangerous than it is. In reality, the Ukraine war is producing consequences beyond those now sadly known, including a dramatic humanitarian and economic crisis. The Ukraine conflict has implications for the cybersecurity of any company that operates even at a great distance from this country, including, of course, Italian companies.
Table of Contents
War in Ukraine: hackers line up
The first consequence of this cybersecurity war is that Russia and Ukraine’s main criminal and hacking groups – or in any case of Asian origin – have taken the field. To do so, they bluntly espoused one of two factions. These are groups that are largely connected to the main cybercrime activities of the globe. From today, therefore, companies could be not only economic targets but also political ones. Precisely for this reason, the choice of a potential attack could be based on more “geographical” motivations than in the past: targets considered “hostile” to one of the two factions are chosen.
More direct and powerful attacks
And this is how a wave of attacks against targeted targets is expected, with a much higher intensity. This implies, above all, the need to strengthen the defense perimeter against cyber threats. The war in Ukraine, for example, has brought DDoS (Distributed Denial of Service) attacks back into the limelight, seen as the simplest and most effective means of taking down almost all web services. An attack that is easy to launch but very complex to mitigate and for which a lot of preventive work is needed.
As the conflict continues, it is increasingly likely that hacker groups and cybercriminals will release threats that, until recently, were under development just to create even more havoc and try some desperate and decisive moves. This could lead to the spread of a large amount of malware and zero-day exploits that are difficult to detect immediately with traditional tools and techniques. Hence, the need to use advanced threat intelligence tools can promptly find unclassified malicious code and behavior.
The cyber world has peculiar characteristics could lead to a rapid escalation of conflict in the digital domain. In fact, a cyber war involving dozens of different states is conceivable because threats can hardly be isolated in a certain territory, and, as we now know, large groups of cyber-criminals have collaborators worldwide. And this, of course, has consequences for governments, critical infrastructure, businesses, and individuals.
On March 17, the National Cybersecurity Agency warned against Russian-made technological programs and products. Attention is focused on the Kaspersky antivirus, used by various Italian companies. The Kremlin could use the latter as a vehicle for cyber attacks on companies and public bodies. Acn’s invitation is to carefully analyze the international situation and the geopolitical framework, as technical malfunctions could escalate with the consequent risk of attacks on companies and systems by all Russian software and services.
The war in Ukraine is a conflict of “exploits.”
The race for digital arsenals leads to a dizzying increase in requests for zero days ready to attack an increasingly large mass of computer systems, if possible, from different points. Which, in practical terms, translates into cybercrime’s search for vulnerabilities to the most disparate software, even those that have so far been less manned and free from the aims of attackers.
This is one of the consequences of this cyber war that needs to be tackled with two complementary strategies. On the one hand, software and hardware development integrates more stringent review processes, with particular attention to the DevSecOps model. On the other hand, more careful, complete, and timely management of updates which, to date, still represents an effective solution for mitigating most of the threats. Especially right now.