This war is more cyber than military!

Regardless of the ethical dilemma, everyone's news feeds, thoughts, debates are all around the war at Eurasian geography between Ukraine and Russia since couple of weeks. I sincerely stand with the innocent victims across the border getting hassled by the inhuman measures of the states.

In this battle, we can observe the intensity of cyber warfare becoming virulent in the region even before invasion. The anatomy of the attacks are highly sophisticated and the impacts are incredibly severe given the fact Ukraine already having highly defensive digital infrastructure (thanks to historic Russian cyber attacks) and Russian cyber forces involved in state driven command and control in full swing.

Modern warfare is becoming more hybrid with simultaneous attacks both on physical and digital worlds.

The Ukrainian security experts are struggling to respond to the cyber threats as much as their military defence on the field. The attacks are continuously undermining the Ukrainian government, intimidating and demoralizing the Ukrainian population, causing confusion and disrupting the everyday lives of Ukrainian citizens. With the politically driven economic sanctions and SWIFT restrictions from NATO powers, they are now at the threat of fresh cyber attacks from Russian sources.

Local governments, businesses, and corporations have been warned by U.S. officials to be on the lookout for cyberattacks.

In this post, I tried summarizing some of the prominent attack methods used in the ongoing cyberwar for swift awareness.

Operation Armageddon - Cyber espionage

Various cybersecurity firms identified that cyber espionage attack named 'Operation Armageddon' or 'Gamaredon' by Russian state sponsored ShuckWorm group has been continuously active in the region with growing coverage. The objective of this operation is to steal information that can provide insight into near term Ukrainian intentions and plans. The name of the operation is primarily due to the author’s name used in a Word document used in the attacks; this campaign has been active since mid-2013. The attack vector is mainly Phishing through which malwares are delivered to the Ukrainian connected devices/endpoints thereby remotely manipulating them. Ukrainian security researchers finding it extremely difficult to hunt this campaign and mitigate as there is a constant mutation across IoCs(indicators of Compromise).

DDoS attacks on Public digital infrastructure

A common adversary attack method followed by threat actors is to bring down your target network infrastructure by bombarding with distributed volume requests. A series of distributed flood of attacks have been fueled by Russian groups to knock out the Ukrainian government websites and major banks so that Ukrainian army is devoid of internet communication. It was reported that at least 10 Government sites were brought down through DDoS attack before invasion by generating massive influx of requests to their servers and networks so that the services are unable to handle actual requests.

On the other side, popular hacker group called 'Anonymous' (supporting Ukraine in the war) claimed that it has generated multiple similar DDoS attacks on Russian Government systems & state-funded media platforms and brought down their services intermittently. We can expect continuous DDoS attack incidents from both the sides in the coming days with severe strategic public service interruptions.

Introducing 'HermeticWiper' - a sophisticated malware

In the fst week of invasion, leading security researchers discovered a new malware called 'HermeticWiper' (named after the fraudulent digital certificate signature by Hermetica Digital Ltd.) penetrating Ukrainian systems. This is basically a wiper malware designed to completely wipe out any storage device it infects. The threat actors have been deploying this malware through campaigns into Ukrainian infrastructure to corrupt and clean up as many data stores as possible. The HermeticWiper is malicious to the extent that it corrupts MBR (Master Boot Record) of every device it penetrates so that the storage device is both unbootable and unrecoverable. The malware initiates a system shutdown after the corruption process is complete. This is spreading fast in Ukraine's prominent banking systems and interrupting multiple transactions and failovers.

Cyberwar is no more a future threat, we are living in the era of active cyber sabotage.

Many similar attack methods are taking central stage in this 21st century warfare sending a strong message to the government and enterprises of the world. Unless they are prepared to shield their digital infrastructure, they cannot survive geopolitical tensions regardless of their military muscle power. Protecting digital assets is as important as protecting the people's lives for responsible states.

'Hope' is the only key to unlock Peace in this 'War' obsessed planet!