Introduction
Russia’s invasion of Ukraine has increased the threat of cyberattacks on businesses and governments worldwide. Critical infrastructure, such as financial institutions, governments, and other utilities, become the obvious targets. Thus, cybersecurity is no longer only a technological issue; but has crossed into the sphere of geopolitics.
It would not be wrong to say that the constantly evolving cyberspace could be extremely detrimental to the health of world economies if it is not well-regulated. The impact and intensity of ransomware have escalated dramatically, posing ongoing financial, regulatory, operational, and reputational issues for businesses due to current geopolitical issues.
So, what can be done to tackle cybercrime due to geopolitical issues? For one, companies need to enhance their security and compliance controls to prepare for a shift in how attackers adapt their tactics.
But that is not all. Let us delve deeper into the role of geopolitics in cybercrime and how geopolitical issues pose several risks for businesses worldwide.
What are the geopolitical associated cyber threats?
We cannot guess what kind of attacks will develop or which will succeed. Still, given the history of previous international attacks, we must be on the lookout for:
- Advanced Persistent Threats (APTs): An advanced persistent threat (APT) is a generic term for an attack campaign in which an intruder, or a group of intruders, establishes a long-term illegal presence on a network to harvest extremely sensitive data. The result of such invasions include:
- Theft of intellectual property (e.g., trade secrets or patents)
- Sensitive information being compromised (e.g., employee and private user data)
- Critical organizational infrastructures getting sabotaged (e.g., database deletion)
- Site takeovers
- Malware: It is a term for viruses, trojans, and other disruptive computer programs used by threat actors to infect systems and networks to gain access to sensitive data.
- Ransomware: It is a type of malware that prevents a user or organization from accessing files on their computer. Cyber-attackers encrypt these files and demand a ransom payment for the decryption key, putting the target in a position where paying the ransom is the simplest and cheapest method to regain access to their data. Recent ransomware attacks have harmed hospitals’ capacity to offer services, paralyzed city government systems, and wreaked havoc on several organizations.
- Distributed Denial-of-Service (DDoS): A cyberattack in which an attacker floods a server with internet traffic to prohibit users from accessing connected online services and sites.
- Network attacks: Unauthorized acts on digital assets within an organization’s network are known as network assaults. Malicious actors commonly use network assaults to alter, destroy, or steal private data to access internal systems.
- Privilege escalation: A network attack allows an attacker to gain unrestricted access to systems within a security perimeter. A system administrator, for example, may have access to resources generally designated for kernel-level users but not their passwords. The attacker escalates this by getting a root-level permit and exploiting those privileges to compromise accounts with lower rights.
- Data anomalies: Any modification in a network’s standard communication is a data anomaly. Malware, inaccurate data packets, and communication changes caused by network difficulties, capacity bottlenecks, or equipment failures are examples of anomalies.
- Network anomalies: When a network behaves unusually, network owners must be able to sense that it differs from its typical behavior to discover network anomalies.
A cyber threat could also be a combination of any of the above.
State-sponsored cybercrimes
State-sponsored cyberattacks usually happen to extort information or exploit the flaws in a country’s infrastructure. The motivation is mostly political and economic. State-sponsored attacks usually employ typical generic tactics that do not involve any specific party. Some state-sponsored cyber threats include:
- Espionage: Stealing ideas or cutting-edge technology for financial benefit is referred to as espionage.
- Vital infrastructure disruption: Attacking critical infrastructure systems creates a lot of uncertainty and turmoil.
- Destruction: Overwhelming the system to reduce economic output or remotely directing it to wreak harm and devastation are both examples of destruction.
- Surveillance: a man-in-the-middle attack vector is ideal for acquiring intelligence. Furthermore, state-sponsored entities employ surveillance techniques to create disinformation campaigns capable of bringing down entire nations.
Preparing for a Potential Cyberattack
Governments throughout the world have agreed on specific general guidelines for cyber security preparations. Here are the critical cybersecurity practices to be followed during any geopolitical upheaval –
1. Patch Internet-facing and mission-critical software first:
All software and vulnerabilities, including outdated ones, should be patched. Take no shortcuts because you can get detected if you patch against known assaults in the wild. Patch anything connected to the internet or that manages your traffic, communications, or foreign company operations.
2. Be ready for ransomware and data destruction:
Recovering from a cyberattack entails more than simply removing the threat. It also entails recovering from a tragedy. Validate your backups, as well as your recovery and continuity plans. Take the path of scenario planning for all your systems’ components with experts like Liventus professionals.
3. Prepare to respond quickly:
Acting fast is as important as taking the right action. Your systems should be placed, so they respond to a cyberattack or suspicious activity in the least time possible.
Consider what might happen if emails were to go missing. Consider who will be the incident management and ensure that all non-email contacts are current. In a crisis, emphasize how your teams, customers, and workers will be alerted.
4. Secure your network:
Running through every part of your network may seem inconvenient, especially if you are used to emailing links to team members and clients or utilizing a quick chat tool.
5. Audit access privileges:
SMBs (small and medium businesses) should identify which employees have access permissions to which systems and resources. Multi-factor authentication should ensure that any remote access to their networks is safeguarded. Employees who do not require access to high-level, sensitive controls are frequently granted broad access to the entire organization. All it takes for an attacker to gain access is for one of those employees to fall for a phishing scam.
Examine who has access to what portions of the organization and whether they require it. Make sure to delete any old user accounts created by ex-employees. Accounts like these should be terminated.
6. Do not implement brand-new cybersecurity measures that have not been thoroughly tested:
While a new and flashy tool may appear promising in enhancing your cybersecurity, it may add to your IT team’s headaches and result in unpreparedness.
In May 2022, the US Cybersecurity, and Infrastructure Security Agency (CISA) released an advisory on recently patched VMware vulnerabilities being exploited. The vulnerabilities in VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager put federal networks and systems at immediate risk. This allowed threat actors to gain full control of the compromised system.
Further, in the new emergency directive, CISA issued a warning that companies should immediately patch or remove VMware products affected by newly disclosed critical flaws.
7. Keep an eye out for phishing scams:
While online scammers exploited the global COVID-19 outbreak in its early days to defraud people of their money, the crisis in Ukraine will almost certainly result in phony requests for charitable donations that could end up in the hands of a cybercriminal.
To detect phishing emails, one must keep in mind the following:
1 Be aware of any unexpected requests for personal information.
2. Hover over URL links to make sure they are valid.
3. Double-check the sender’s email address and avoid opening email attachments from unfamiliar senders.
8. Verify and keep your cybersecurity guidelines updated:
Regardless of your business’s nature, you should regularly check the governance of your cybersecurity policy. Ensure a policy review is included in your company’s calendar, whether quarterly, semi-annually, or annually.
As the cybersecurity landscape evolves, IT professionals at small businesses should not be burdened with yet another project to manage. Give them the space they need—and they will care for themselves. Since cyberattacks are no small matter, they are best-taken care of when handed over to professionals like Liventus.
Cybersecurity Checklist
From essential communication technologies to emerging technologies like 5G, cloud computing, artificial intelligence, and quantum computing, cyber risks provide conduits for impacting a country’s national security, economic progress, and societal values.
Phishing assaults increased dramatically because of the COVID-19 pandemic. In 2021, phishing emails were responsible for almost 90% of all cyberattacks. As a result, businesses must implement a comprehensive cybersecurity strategy that not only attempts to avoid breaches but also educates staff on how to handle and respond to them.
This thorough cybersecurity risk mitigation checklist by the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) will assist your business in establishing a cybersecurity-focused workplace culture-
- MFA: For all remote access to internal systems and cloud services that offer vital services or host sensitive information, Multi-Factor Authentication must be used.
- Principle of Least Privilege: Permissions for a specific user account or process are confined to only those privileges that are required to accomplish their intended function
- Patches for critical vulnerabilities are prioritized for public-facing systems and applications.
- A web application firewall must be in place to protect public-facing web applications.
- Internal networks must be segmented suitably to confine an attack or virus to a subset of computers and prevent it from spreading.
- All supported endpoints and cloud workloads must have Endpoint Detection and Response (EDR) software installed.
- Backups should be currently stored offsite and have been thoroughly tested for their capacity to fully restore systems and data.
- All systems and applications that have reached the end of their useful lives must have been decommissioned and turned off.
- The organization’s incident response plans must be updated, and a crisis communications contact list should be created with current emergency contact information.
- Continuity of Operations and Disaster Recovery Plans must be up to date and ready to go in the case of a service interruption.
Going Beyond the Basics
Every business must move quickly to secure its information technology infrastructure. In a recent speech, President Biden warned that cyber-attacks could lead to a “real shooting war.” A breach, no matter how tiny the organization, can result in a national security emergency, as seen in the SolarWind incident.
The right strategy is to incorporate security, recovery, and assurance methodologies into a comprehensive security mission. They must be on guard 24 hours a day, seven days a week, 365 days a year, with no exceptions.
Protecting clients also entails safeguarding their data. The Cybersecurity Checklist offered by Liventus helps small businesses create a cybersecurity program that will:
- Protect assets against cyber assaults by identifying and assessing cybersecurity threats
- Recognize when their systems and assets have been hacked
- Prepare a reaction in the event of a compromise; and
- Plan to retrieve assets that have been lost, stolen, or are otherwise unavailable.
The Cybersecurity Risks of the Russia-Ukraine Conflict
With the escalating geopolitical tensions between Russia and Ukraine, the US government has issued a warning to its citizens about potential Russian cyberattacks. As a result, businesses must prepare themselves and develop incident response strategies as geopolitical tensions rise.
The best strategy to deal with the future threat of state-sponsored cyberattacks is to quickly implement CISA-recommended measures and increase cybersecurity posture.
Cyberattacks are already underway because of the Russia-Ukraine war-
- Attacks on media businesses, banks, and government websites using volumetric distributed denial of service (DDoS).
- Malware activity, such as viruses, Trojan horses, ransomware, and spyware can steal, encrypt, and erase important information, as well as alter or hijack basic computing processes and monitor end users’ computer behavior.
- Groups like Gamaredon use targeted and persistent phishing campaigns.
- To create panic, a disinformation campaign using SMS messages was launched.
- Attacks on other cyber-physical systems.
Attacks that are likely to occur because of the Russia-Ukraine war include:
- The exploitation of dormant exploits and access, such as BlackEnergy was utilized in 2014 and 2015 to attack Ukraine’s electric grid.
- Cyber-physical systems (CPS) that run vital infrastructure operations are appealing targets.
- Due to the potential for widespread international disruption, cloud providers and undersea cables that underlie internet connectivity are also targets. Russia successfully tested its internet infrastructure’s ability to be isolated from the rest of the world in 2019.
Unlike a physical battle, cyber warfare has no geographical limits. Since the Russian invasion began, at least three energy businesses in Germany have been targeted in cyberattacks. Also, cybercriminals from regions including China take advantage of this sort of hostile environment to spread threats.
Non-state actors such as the Anonymous hacker have also hit the headlines in collective fighting pro-Russian Conti ransomware.
Final Thoughts
At Liventus, we recognize that the demand for cybersecurity is growing like never before as digital services, eCommerce platforms, and new technologies emerge now and then. As an enterprise, your business might be vulnerable to intrusions like ransomware, adware, malware, and spyware. Liventus can help in safeguarding your enterprise security through compliance controls. To ensure the highest quality of code architecture, our code goes through three phases of testing-
● Static- We check for bugs in software without running it.
● We ensure proper behavior via a dynamic check.
● We conduct penetration testing to assess the system’s security.
How do we make sure that our coding is secure?
The safe security practices at Liventus ensure standard and compliant cybersecurity. We use an agile development process to provide custom software with a results-driven approach. At each stage of development, our code is analyzed both statically and dynamically while we put in security by ensuring the following compliances:
- PCI DSS – Liventus ensures that payment processing is PCI compliant and that your customers’ personally identifiable information is fully secured possible.
- Type 2 SOC 2 – Liventus is subjected to annual SOC 2 Type 2 audits to guarantee that our methods and procedures meet the industry’s highest standards.
- GDPR (General Data Protection Regulation) in the EU – Liventus understands how to comply with the GDPR to preserve EU individuals’ data and privacy.