Before, national security measures mainly involved arms, missiles, and weaponry. Now, with the increased dependence on IT for defense, they have evolved to include cybersecurity as one of their key elements. While most countries around the globe have adopted best practices to mitigate cyber threats, some are at higher risk than others due to a lack of proper enforcement of IT policies, cybersecurity protocols, and laws.
Before delving into the IT security measures companies should take to mitigate the increasing threat of cyberattacks in the current climate, let us take a look at three major cyberattacks that governments have combated in the past 12 months and how they recovered.
One of the biggest cyberattacks in 2021 was the ransomware attack on Colonial Pipeline, the largest refined oil pipeline in the United States, which carries oil and gas from Houston, Texas to New York Harbor regularly. This attack is infamous for its simplicity and speed. It started with a simple VPN account password that was exposed due to a Colonial Pipeline employee reusing it for another account. Some sources guess that the attackers probably obtained the credentials off the dark web.
The attack began on May 6, 2021 when the attackers infiltrated the pipeline's digital systems and stole 100GB of data within a day. The FBI identified the attackers as DarkSide, a Russian ransomware group. The ransom note was sent on May 7 and demanded the organization pay 75 bitcoins, which roughly translates to $4 million.
The pipeline had to go offline immediately, close all its operations, and shut down for nearly a week. Colonial Pipeline delivers more than 45% of the fuel on the East Coast and is the supplier of jet fuel, diesel, oil, and fuel for military purposes. Therefore, the repercussions of the attack were heavily felt, with several airlines postponing flights, citizens stocking up on fuel in a crazy frenzy, and fuel prices increasing overall.
Unsure of how deep the intrusion was and not wanting to take any chances, CEO Joseph Blount paid the full ransom amount to the attackers a day after the ransomware note had been discovered by an employee after logging in to his system. In return for the ransom, the company received a decryption key that allowed it to unlock the encrypted files, but a week would pass before it could restart the pipeline. This attack ultimately cost the company millions of dollars.
The Biden-Harris administration declared a state of emergency, and the Department of Justice (DOJ) put together a Ransomware and Digital Extortion Task Force to investigate the attack. The task force managed to recover 63.7 out of the 75 bitcoins paid to DarkSide, valued at $2.3 million. Blount later acknowledged the FBI's key role in recovering parts of the ransom and said he was grateful for its "swift work and professionalism" in responding to the attack.
According to a DOJ press release, the FBI had a time-tested approach to following the money that enabled it to access the Bitcoin password and recover most of the ransom. An affidavit from an FBI special agent revealed that it had used a blockchain explorer to track the addresses through which DarkSide had received the money.
Spain's MITES was hit with a cyberattack on June 8, 2021, and this was not the first time it faced a cybersecurity breach. This happened shortly after the Ryuk ransomware attack on MITES' State Public Employment Service (SEPE) in March that targeted almost 700 government agencies and took down SEPE's systems.
Not a lot of details were revealed about the breach, and despite being under attack, the official website continued to function normally. The ministry stated the following on Twitter: "MITES has been affected by a computer attack. The technical managers of the Ministry and the National Cryptological Center are working together to determine the origin and restore normality as soon as possible."
The ministry had a similar response to the SEPE attack that targeted the workstations of remote employees. Gerardo Gutiérrez, the director of SEPE, claimed that no confidential or personal data relating to payroll information or unemployment benefits was lost and that the ministry was working on restoring the services.
Ukraine has been one of the biggest victims of Russia's consistent bullying and cyberwarfare right from the dissolution of the Soviet Union in 1991. It became more aggressive with the Armageddon phishing attack in 2013. Other notable attacks over the years, like BlackEnergy, Industroyer, NotPetya, and WannaCry, had worldwide repercussions and make up an intense history that ultimately led to the ongoing war between both countries, with Ukraine's decision to join the European Union and NATO aggravating Russia further.
Before launching a full-blown war, Russia began its assault with a series of cyberattacks from January to March 2022, with threat actors using malware like WhisperGate and Saint Bot to render systems useless across several organizations in Ukraine. In February, several Ukrainian government organizations and banks faced continuous DDoS attacks, and malware called HermeticWiper was detected on several computers by the Microsoft Threat Intelligence Center. Disguised to look like ransomware, HermeticWiper is known to destroy data from the master boot record and other drives.
As the war on Ukraine escalates, hacking groups have started pledging their loyalties to either Ukraine or Russia. Anonymous, a decentralized hacktivist group that targets government institutions, announced in late February 2022 that it is standing by Ukraine. Since then, the group and its affiliates have been targeting Russian websites, hacking news and radio sites, and leaking data. Other groups that have waged cyberattacks on Russia and shown their support for Ukraine include GhostSec, IT Army of Ukraine, AgainstTheWest, SHDWSec, Belarusian Cyber-Partisans, KelvinSecurity, ContiLeaks, and Secjuice.
Some powerful groups like Conti have taken Russia's side in the war. Its message in one of the underground forums reads, "If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use [all] possible resources to strike back at the critical infrastructures of an enemy." In retaliation, an insider, who is believed to be Ukrainian, leaked over 400 internal communications from Conti. The collective responsible for leaking this information is now being called ContiLeaks.
Similar threats against Ukraine have been issued by groups like Stormous Ransomware, Digital Cobra Gang, and The Red Bandits. Sandworm, FreeCivilian, Zatoichi, Killnet, XakNet, and more have also announced fealty to Russia. With the escalating war between the countries that has been going on for decades, it is not surprising to see these opposing hacking groups at war with each other.
Ukraine's stance of defending itself has inspired help from several superpowers and international agencies. Apart from openly condemning Russia and Putin for his actions and from extending refuge, resources, and diplomatic support, several countries have offered cyberdefense support to the war-torn nation. While the EU deployed a cybersecurity response team to help detect and respond to threats, Romania and Bitdefender signed a pro bono partnership to help Ukraine.
Ukrainian hacking forums saw the nation asking for help from the hacking community to support its cyberdefense. A Google Docs link was shared where volunteers willing to help could sign up. According to Bloomberg Quint, over 400,000 people have come forward to show cyberdefense support.
In response to Russia's actions and in anticipation of more cyberattacks, the White House has released a fact sheet consisting of immediate actions that American companies should take and long-term cybersecurity measures they should put in place.
The recommendations consist of ensuring basic protocols like multi-factor authentication, encrypting data, backing up data, executing drills, educating employees, and deploying modern security tools for investigation, detection, and response. For the long term, the Biden-Harris administration insists on making cybersecurity a foundational part of all companies.
"Bake it in, don't bolt it on," says the sheet.
A modern SIEM tool like Log360 will help you stay vigilant in these troubled times by continuously monitoring system activity to detect cyberthreats.
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.