Digital transformation has not only profoundly transformed our daily living practices but also changed to a certain extent the concept of perspectives on warfare. Today, states are less eager to engage their soldiers in armed conflict or launch major military operations. Indeed, states tend to engage in cyber warfare instead of destroying physical targets of perceived threats.
Cyber wars target the critical data possessed by states, as well as the access security systems protecting where critical data is stored. The loss of stacks of critical data may render different systems that maintain the social order, especially finance and health, inoperable, as well as cause data breaches leading to the disclosure of individuals' personal data.
In order to protect the public infrastructure, which is indispensable for the smooth provision of public services and performance of day-to-day activities, states need to adopt a strong cybersecurity strategy. To have a strong cybersecurity infrastructure, states first need to establish an advanced data security system and then put this system under protection with legal regulations.
In order to better explain the damage and destruction inflicted on states by cyber warfare, it may be useful to take a look at how political and military tensions between Ukraine and Russia extended to the cyber world.
One of the first examples of how the crisis between Ukraine and Russia extended to the digital realm was Sandworm ATP targeting the central electrical transformers in Ukraine, triggering an electrical collapse. It was found that in the attack targeting electrical transformers operating with devices using Windows, Linux, and Solaris OS operating systems, a new Industroyer variant named Industroyer2 was used.
On the other hand, the inquiry conducted by ESET researchers revealed that other malware such as CaddyWiper, AwfulShred, OrcShred, and SoloShred were also used in this Russian cyber-attack. It remains unclear how the cyber attackers hacked these systems and traveled from the IT infrastructure to the ICS network consisting of high-voltage substations throughout Ukraine.
Another potential outcome of the conflict between Ukraine and Russia concerns other states. The top cybersecurity officials of the United States emphasize the Russian threat to the national infrastructure in which critical data stacks are stored. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said that the economic sanctions imposed on Russia by the United States and its allies may provoke Russian cyber attackers to target the energy and financial sectors in Western countries.
Also, the relevant authorities in the United States moved forward with an indictment against the hackers working for the Russian government, who have been carrying out cyberattacks targeting global energy companies for six years. The first indictment, returned in June 2021, is about Evgeny Viktorovich Gladkikh, who worked as a computer programmer at the State Research Center of The Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics. In the indictment, Gladkikh is charged with hacking industrial control systems (ICS) and operational technologies (OT) between May and September 2017. Gladkikh was also among those held responsible for the cyberattacks on the Middle East oil refinery.
The second indictment returned in August 2021 mentioned the names of three members of the Dragonfly group. Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov allegedly had unauthorized access to the networks of energy companies between 2017 and 2021.
Cyberwars in which ransomware and malware are used as weapons to target many spheres of public infrastructure, namely the energy sector, health sector, telecommunications sector, and infrastructure services that directly affect the quality of daily life. These cyber-attacks stand out as elements of the war of reputation between states, and the party who takes the upper hand through such attacks is thought to gain a moral advantage. Also, millions of personal data obtained through ransomware or malware attacks in cyber wars are kept by states for financial gain and the right chunks of data can be ransomed.
For example, the United States Department of Health and Human Services (HHS) warned health organizations to take the necessary measures against ransomware attacks known as Hive. The department cautioned that personal health data public health institutions keep are, maybe, under threat.
Similarly, the federal agents in Hawaii announced that they disrupted a cyberattack on a critical undersea cable that links Hawaii and the Pacific to critical telecommunications, including internet and cable streaming. The agents, who acted on a tip from their counterparts on the mainland, became involved in the international investigation of the incident, which ended with international law enforcement partners in several countries making an arrest.
Finally, it is worth reminding that the Hive ransomware attack and its derivatives target Microsoft Exchange servers that are vulnerable to ProxyShell security weaknesses to deploy malicious back doors to cybersecurity infrastructures, including the Cobalt Strike beacon. Hive ransomware attacks are carried out to perform network reconnaissance, steal privileged account information, leak critical data, and disturb file encryption payloads. Thus, these attacks make it easier to steal data from the network, apart from rendering the network extremely vulnerable.
IT networks where critical data are stored and protected against malware and ransomware-like attacks need to be secured in the best way possible. In order to ensure the security of the data of IT networks, it is very important to monitor the users with privileged access in these networks 24/7 and to record all the movements on the network. Although malware and ransomware attacks are generally carried out externally, it is worth emphasizing that recently, cyber attackers have been employing the method of hacking privileged accounts and turning them into internal threats.
The transformation of privileged accounts into internal threats not only renders the IT network vulnerable to constant peeking but also harms government institutions and organizations by causing the disclosure of critical data of millions of people at the most unexpected moments. The use of Privileged Access Management systems is of critical importance in minimizing this threat. According to the Cost of a Data Breach 2021 report by IBM, the average time required to identify and eliminate a data breach is 287 days. While it takes an average of 212 days to detect the breach, it takes an average of 75 days to eliminate it. On the other hand, the average time required to detect and neutralize a breach through an initial attack vector is 341 days. While it takes an average of 250 days to detect such a breach, it takes 91 days to neutralize it.
All these developments indicate that these attacks will not come to an end any time soon; however, you can prevent potential cyberattacks and consequent data breaches with Kron’s PAM solution Single Connect. Contact us to get detailed information from our team about Single Connect, a PAM solution featured in Privileged Access Management reports prepared by the world's most prestigious research companies such as Gartner, Forrester, KuppingerCole, and Omdia.