With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months.
Notably, cyber attacks backed by state actors are becoming prominent. There have been reports of a rise of ransomware and other malware attacks such as Cyclops Blink, HermeticWiper, and BlackCat. These target businesses as well as government institutions and nonprofit organizations. There have been cases of several attempts to shut down online communications and IT infrastructure.
The ongoing list of significant cyber incidents curated by the Center for Strategic and International Studies (CSIS) shows that the number of major incidents in January 2022 is 100% higher compared to the same period in the previous year. With the recent activities in cyberspace impacted by the emergence of the geopolitical tumult in February, it is not going to be surprising to see an even more dramatic rise in the number of significant incidents.
Here's a look at how state-backed cyberattacks are shaping up this early into 2022 and what the world is doing in response.
Worsening malware problem
The ransomware and other malware problem are getting worse, according to acclaimed cybersecurity leader and technologist Dan Lohrmann. In his blog post for Government Technology, he pointed out the significant rise of criminal copycats that deliver malware through software updates, the increase in mobile malware attacks, the packaging of malware with other threats that target specific organizations, and the weaponization of malicious software.
Malware weaponization is particularly alarming in light of the geopolitical conflict the world is facing right now. State threat actors are not only using ransomware, viruses, spyware, and other malicious software to attack other governments. These are used across the board as they can significantly impact economies when businesses suspend operations to deal with the infection.
Organizations are routinely reminded to fortify their security posture with a variety of defenses and strategies. Malware prevention, detection, and mitigation software tools are a must. From firewalls to antiviruses to comprehensive enterprise anti-malware software capable of addressing various malicious software threats, it is important to put in place the right tools to stop malware infection or at least enable effective mitigation.
In addition to having reliable anti-malware solutions, it is important to follow cybersecurity best practices, have a carefully crafted incident response plan, and keep regularly updated with the latest cyber threat intelligence. It is encouraging to know that even before 2022, organizations have already expressed intentions to boost their cybersecurity with the corresponding increases in spending. One study found that 4 in 5 companies are planning to spend more on obtaining reliable security controls, security testing, and other cybersecurity investments.
To address the rapidly growing malware problem, organizations such as the United States Cybersecurity and Infrastructure Security Agency (CISA) already regularly provide updates on the latest malware threats and guidance on how to deal with them. What's different now with the rise of state-backed threats is that they more aggressively oversee the cybersecurity practices of government and private entities to ensure adequate defenses.
Digital shelling/bombing vs. everyone
Shelling and bombing have been two of the most common words in the news lately, as reports of the military aggression against Ukraine dominated the past week. These deadly attacks have targeted everyone, not only military installations but also civilian structures.
In the digital realm, there are versions of these destructive attacks out to render devices useless or dysfunctional. One of the most recent examples of which is the HermeticWiper malware. This malicious software has been reported to be used against Ukraine to destroy the country's IT infrastructure and resources. However, it is already spreading to other parts of the world.
This custom-written malware affects Windows devices as it manipulates the Master Boot Record (MBR), leading to a boot failure. With a payload size of 114KB, it is relatively small, but it is enough to inflict deadly damage. This malware initially focuses on corrupting the first 512 bytes of a drive or the MBR. It then enumerates the partitions of the drives infected and corrupts them.
CISA and the FBI have already raised the alarm on HermeticWiper and other threats. "We are striving to disrupt and diminish these threats, however, we cannot do this alone. We continue to share information with our public and private sector partners and encourage them to report any suspicious activity. We ask that organizations continue to shore up their systems to prevent any increased impediment in the event of an incident," FBI Cyber Division Assistant Director Bryan Vorndran said.
To address the threat of destructive malware, the solution may not be that difficult. PCMag's Lead Analyst for Security Neil J. Rubenking says that an updated antivirus or anti-malware system can be enough. The leading antiviruses do an excellent job catching the malware and preventing it from causing any harm.
Cybersecurity stocks on the rise
This is not surprising, but it is worth noting how the cybersecurity industry appears to be benefiting from the crisis that has led to greater cyber threats across the world. Cybersecurity stocks enjoyed gains as the threat of a significant ramp-up of cyberwarfare looms over governments and businesses.
The cybersecurity sector had been in the red for a time, but it went back to black at the end of February as fears of more aggressive state-sponsored attacks grip businesses and public institutions. ETFMG Prime Cyber Security ETF HACK closed at $57.39 on February 28. This price shows a 2.4 percent gain over the past year. The S&P 500 index SPX closed with a 0.2 percent gain on the same day while Nasdaq Composite Index COMP gained 0.4 percent.
It would not be a stretch to say that the explicit declarations of major hacker groups have also sparked interest in cybersecurity stocks. Anonymous declared cyberwar against Russia. In a tweet, the group said that it is "currently involved in operations against the Russian Federation" with the Russian government as the target. However, the group also warned that "there is inevitability that the private sector will most likely be affected too."
The world is currently in a precarious and volatile situation, no thanks to troublemakers offline and online. The world is responding to the increase of cyber threats relatively well, although only time will tell if governments and the private sector have done enough to improve their security posture to formidably face off with more aggressive, frequent, and sophisticated attacks.