Luiz is Director of Security Testing at Chess Group. He brings 15 years of experience of leading complex security testing engagements and manages Armadillo's team of 15 cyber security consultants. He has previously been seconded to internal test teams in retail banks, and also worked as part of the Security Operations Centre at the London 2012 games. Luiz's research interest areas include phishing, social engineering and ransomware. Luiz holds an MSc in Information Security from Royal Holloway, and is NCSC CHECK Team Leader, CREST Certified Infrastructure Tester and Certified Simulated Attack Specialist.
Luiz Simpson, Director of Security Testing, reviews the most recent news on cyber attacks, hybrid warfare and the conflict in Ukraine. He covers:
- Jump to The Conflict in Ukraine and Cyber Warfare >
- Jump to Information Warfare and Disinformation >
- Jump to Malware Spillage Beyond Borders >
- Jump to Russia Targeted by Anonymous >
- Jump to How to Protect Your Business and Data >
- Jump to Book Your Free Security Consultation >
Both sides in this conflict and activist groups have used information and hybrid warfare extensively. Here I cover what practical steps organisations can take to minimise their exposure to being targeted by such attacks.
Unsurprisingly Ukraine was targeted by cyber attacks before columns of armour rolled into its sovereign nation. Distributed Denial of Service (DDos) attacks have been ongoing for several years but intensified in the weeks ahead of the invasion.
Just days before the ground invasion HermeticWiper, a data wiper, was unleashed against a number of Ukrainian entities. The sole purpose of HermeticWiper was to erase disk storage and deny access to system data. It achieved this by leveraging endpoint and server configuration weaknesses, such as executing as a local administrative user.
Researchers also identified other suspected Ransomware variants with no decryption capabilities. This indicates monetising the tools may not have been the primary objective.
Information Warfare and Disinformation
Along with the technical exploits, information warfare, particularly disinformation, has been a known modus operandi of the Russian state for many years. The ability to target citizens from the other side of a continent 24/7 and without the ability to attribute the source easily make information attacks attractive and a disinformation weapon.
However, there have not been high profile cyber attacks on the West, which were widely reported and expected at the start of Russia’s campaign. Some commentators believe this might be down to infiltration of Russia’s cyber warfare capabilities, while others feel it’s merely a matter of time until these are unleashed. Time will tell which camp is right.
Of course, Ukraine being hit by suspected Russian cyber weapons is nothing new. Parts of Ukraine’s power grid were successfully attacked in 2015 by what is believed to be the first use of weaponised cyber attacks against electricity grids. The NotPetya ransomware from back in 2017 was explicitly designed to target users of MEDoc, an accounting package in use by 90% of Ukrainian businesses. It first compromised systems in Ukraine causing widespread havoc before further disrupting the world, including many multinational firms.
Warning against using Kaspersky
Stop More Threats Faster With SOPHOS, the #1 Rated Endpoint Protection
Using Kaspersky? Get 80% Off Sophos Today*
It is simply a matter of time before non-targeted cyber weapons affect users and systems in other nations. There are often relatively few operational security controls within malware to limit infection to specific geographies. This makes them more potent as they can remain active for months or years, long after a ground invasion has concluded. Ensuring systems are hardened and remain patched against weakness remains a key priority for security teams. This is arguably the single best defence against untargeted attacks.
Russia has also faced the brunt of cyber hacks in the form of defacement and Denial of Service (DoS) attacks. State-sponsored attacks are inevitable and will likely be difficult to attribute. However, the Anonymous hacktivist brand announced early after the invasion of Ukraine that they were actively targeting the Kremlin. They have claimed defacement of public web pages, including the Russian military’s public website, the takeover of state TV broadcasts and exfiltration of government data. This approach has marked a shift in tactics from an organisation more commonly known to carry out Denial of Service (DoS) attacks.
Don't make the cyber headlines
Gavin Wood, CTO at Chess, reviews the top five cyber security news from the last month and advises how to protect your data.
How to Protect Your Business and Data
The National Cyber Security Centre (NCSC) has recently provided updated actionable guidance on preventing cyber threats. The advice is aimed at businesses and organisations of all sizes and sectors. It provides actions to help mitigate risk and helps organisations understand the factors contributing to their cyber risk. The steps outline several key areas of an organisation’s cyber security, including:
- Patch management
- Access control and password management
- Logging and monitoring
- Ensuring your Internet footprint i3rt4fgnhms minimal and hardened
- Human-factors and procedural items such as ensuring users know how to report suspected phishing emails and ensuring backups are offline and recoverable
The first step you can take is to identify any gaps in your cyber security and ensure you have multiple layers of protection. Chess’s portfolio of products and services can help organisations obtain assurance on the effectiveness of many of these areas and assist them in quantifying risk to their data and assets. Our team looks after over 28,000 companies, from small businesses to large public sector organisations.
Please reach out if you want to talk about protecting your data from cyber attacks. Book your free 30-minute security consultation with one of our penetration testers. Get agnostic advice from industry experts on how secure your business. Request here >
2021 Top Security Vulnerabilities
Luiz Simpson, Director of Security Testing, summarised the top four vulnerabilities from last year.
Government Cyber Security Strategy: 2022 – 2030
Graham Foreman, Head of Public Sector Sales at Chess, comments on the new Government Cyber Security Strategy 2022 – 2030 and addresses the main challenges organisations may face.