Demo
Will Cyber Operations Ever Replace Conventional Conflict Tactics? - Talion

As ransomware attacks continue to increase amidst the global conflict, organisations may question the power of cyber attacks in correlation to physical warfare. Do cyber operations have the potential to wipe out war as we know it? Will our soldiers and enemies become masks behind a screen?

This #RansomAware Wednesday, we’re looking at the impact of the arrest and extradition of a NetWalker ransomware affiliate, alongside the exploitation of unskilled Ukrainian hackers, and whether the global conflict is promoting or hindering their cyber efforts – questions that have risen amongst our threat intelligence team as these events have hit the news.

 

Want to listen instead?

Head over to our Threat Set Radio – Episode #161.

 

Does Arresting Ransomware Affiliates Reduce Cyber Impact?

Recently, many organisations have been up against the threat of Ransomware as a Service (RaaS) groups – based on a subscription model, affiliates use already-developed ransomware tools to execute ransomware attacks. The Netwalker strain, which first made its appearance last year, is responsible for a number of high-profile attacks, including 17 ransomware attacks that caused damages of at least $2.8 million. The affiliate was originally sentenced to 138 months in a Canadian prison, where he was found with 719 Bitcoin when arrested, valued at approximately $28.1 million. In January of this year, he was extradited to the US to receive additional charges.

 

Handcuffs on a Laptop

 

There are 2 key points worth noticing in the above scenario:

  1. The efforts of law enforcement to arrest these affiliates – this is vital to deter individuals from joining RaaS groups going forward, as affiliates will be wary of hefty charges if caught.
  2. Affiliates are extradited to face their charges – many are questioning Putin’s motives behind arresting the REvil affiliates. Was it a strategic move? Is he utilising them towards his own hybrid warfare tactics?

 

Overall, it seems that the arresting of ransomware affiliates is having a positive impact; many operations shut down and went extremely quiet, due to the attention of law enforcement but also the question as to whether these operations are worth the risk for affiliates. Cyber operations are perhaps losing their initial power to government constraints.

 

Exploitation of Unskilled Ukrainian Hackers

Whilst the arresting of ransomware affiliates may cause a hesitation for future cyber operations, there is still defining evidence that threat groups are taking advantage of the conflict in Ukraine to exploit unskilled Ukrainian hackers. SEO poisoning techniques have been deployed on open-source sites advertising DDoS tools that target Russian or pro-Russian websites. An Advanced Persistent Threat (APT) group have been identified selling a DDoS tool intended for use against Russian websites on Telegram, however, once deployed by unwitting users, the installed stealer malware infects the user instead of the intended target.

The above is a prime example of cyber criminals being opportunistic in taking advantage of the conflict for their own monetary gain, whether that is through themed email lures on news topics, or malicious links purporting to host relief funds or refugee support sites. Without conventional warfare, cyber criminals would not have the same advantages.

 

The Spread of Misinformation

Whilst cyber-attacks, such as ransomware, are prevalent, there is no denying that investment is also heavily focused on the spread of disinformation over hacking attempts.

  • Russia have accused Ukraine of stockpiling chemical and biological weapons – a fake claim that perhaps foreshadows their own capabilities
  • FancyBear, who works for the Russian intelligence services, is focusing on compromising media outlets to skew the spread of legitimate news and promote fake news – destructive attacks are not being observed

 

Hands holding mobile phone with fake news message on a blurred night city as background

 

It is clear that law enforcement is making progress in fighting off RaaS groups with arrests and extraditions, but threat groups are not disappearing anytime soon. Cyber operations and conventional warfare seem to go hand in hand – when war is at play, cyber criminals exploit individual vulnerability for their own monetary gain. It only takes one global event to set up their perfect attack environment.

Organisations must, therefore, be extra vigilant when receiving unsolicited emails and information in regards to the Ukraine conflict. Is it from a reliable source? Are the links trustworthy?

 

#RansomAware banner

 

To join us in further discussion, head over to our #RansomAware page for more insight into fighting ransomware, and don’t forget to join our LinkedIn group too.

 
Leave a comment

Filed in Blog, by Talion. 0 comments
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
24x7x365 UK-based Security Operations Centre
Talion
Service underpinned by market leading threat intelligence team
Talion
Continually developed threat relevant content, backed by SLAs
Talion
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Talion
Experts in SIEM and SOAR technology
Talion
UK-based Senior Leadership
I'm ready
Request a more in-depth demo.
Discuss your cyber security needs
Fill in the form below and one of our team will be in touch to arrange your demo.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Send us a message

Give us a brief description of what you’re looking for and we’ll put you in touch with the best person.