With the recent spotlight on economic sanctions against Russia, you may be questioning how this affects the susceptibility of countries falling victim to cyber-attacks around the world. What are the recent cyber-attacks businesses must be aware of, where do they originate from, and how can we know who is behind them?
Economic sanctions are presented as an alternative means of punishing a country without resorting to war. This is to encourage a country to change their unwanted actions, often residing when a country is deemed a perceived threat to the security of another, or the country treats its citizens unjustly. Sanctions most commonly manifest as commercial or financial penalties, such as restricting trade items or freezing assets.
Economic sanctions are often imposed on two types of audiences:
The Lazarus Group is a key example of sanctions against a specific group. Sanctions were imposed on a North-Korean malicious cyber group by the US Department of OFAC in 2019 due to malicious cyber activity on critical infrastructure. The intention was that this would prevent any future cyber-attacks from following, however there was a new wave of self-spreading cyber-attacks in 2020, infecting victims with sophisticated homegrown ransomware, dubbed ‘VHD’. It used credentials previously harvested from its victims, allowing the Lazarus Group to gain access to password-protected systems on their networks.
Could these economic sanctions have had the opposite effect?
As of recent times, sanctions against State Governments and wealthy influencers have been more prevalent; the economic sanctions placed upon the Russian state government by the US, UK, EU, among others, has proven that imposing sanctions upon a whole nation has a wider impact; civilians are affected too. Outside of sanctions issued by governments against nation states are a form of sanction whereby organisations restrict the sale of their products. These ”tech sanctions” that American corporations have imposed to restrict Russia’s digital technology has caused brands such as Apple to completely shut down their stores, preventing anyone from purchasing items direct from the company.
Pair this with the economic fallout of government sanctions and individual citizens are squeezed into a place of pressure and tension by the punishment placed upon their country. Could this cause them to act out and drive the increase of cyber-attacks as a result? Does this lead to vigilante hacktivism in a similar vain to Anonymous targeting Russia, and do existing cyber-criminals become more motivated to carry out attacks against the West in response to economic pressure felt by their follow citizens?
Due to the pressure placed upon Russian individuals amidst the crisis, cyber warfare has hit a peak, as seen in the following events:
1) DDoS attacks – on 23rd February 2022, before Putin mobilised into Ukraine, DDoS attacks infiltrated the websites of Ukraine’s Defense Ministry and one of its major commercial banks, PrivatBank, flooding the victim’s servers with connection requests.
2) HermeticWiper – on 24th February, a new data was unleashed against a number of Ukrainian entities, bypassing Windows security features and gaining access to many low-level data-structures on the disk.
3) Conti Ransomware – having pledged their alliance to Russia, Conti ransomware attacks have reportedly accelerated to more than 1,000 against US and international organisations, with notable attack vectors including Trickbot and Cobalt Strike.
4) Viasat Outage – unidentified hackers have reportedly disrupted broadband satellite internet access in Ukraine from Viasat’s KA-SAT, causing around 10,000 terminals across Europe to be knocked out.
The UK’s National Cyber Security Centre have said that organisations should “bolster their online protections [as] there has been a historical pattern of cyberattack on Ukraine with international consequences.”
“One of the difficulties with cyber instances is that there are blurry lines between private actors and government actors. It’s not always easy to tell who’s who. We can trace attacks back to a geographical location but actually knowing who is sitting on the other side of that keyboard or who they’re working for or who they’re being paid for is very difficult to know.”
– Madeline Carr, Professor of Global Politics and Cybersecurity at UCL says, on the BBC Sounds Episode
As a result, the NCSC are encouraging organisations to stay vigilant of the increase in cyber-attacks, especially in a time where sanctions are causing increased pressure on individuals in countries such as Russia, causing them to act out amongst the chaos.
Take a look at one of our most recent blog posts for guidance on what actions your business can take to reduce risk.
Call us directly and we’ll put you in touch with the most relevant cyber expert.
Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.