The unprecedented cyberattacks on the Ukrainian Army, defense ministry, and two large banks (Privatbank and Oschadbank) in many ways mark the dawn of a new era of geopolitically motivated cyberattacks. Even if it has or has not come from sources originally attributed to, the whole episode presents many reasons for concern.
- If a non-state actor is involved, then the ease with which the attacks were carried out is certainly surprising
- If an APT group affiliated with one of the states involved in the crisis has carried out the attack, then the latest cyberattacks are part of a series of attacks that have occurred over the last few months since the crisis began
- If the attack was carried out by an actor belonging to a country that is not part of the conflict in any way, then this attack that comes during a season of heightened tensions in the region could tip the scales and cause the first shots to be fired in the conflict due to the sheer scale of provocation. Now, that may not happen in this case, but these attacks could provide a sort of a playbook for other states and their APT groups to emulate to create geopolitical tensions quickly
- Attacks on financial services and defense websites is clearly part of an act designed to send a message to some stakeholders involved in the conflict
- Cyberspace has now become a primary frontier where geopolitical adversaries can fire salvos without exchanging bullets or shots on the actual frontlines on the ground. While some may see this as a way of releasing accumulated geopolitical stress, there is a possibility of such acts spiraling into a full-fledged conflict, if left unchecked
- Cyberattacks have become a tactic for generating added pressure on the defense forces and the economy of an adversarial state. In the case of Ukraine, we have been reporting a rise in inbound cyberattacks since 2019. Reconnaissance attacks carried out during times of peace by APT groups may generate data and weaknesses that could be exploited during times of geopolitical stress or a conflict
- With expanding definition of critical infrastructure, a range of citizen-facing services will be turned into targets by adversarial states and actors backed by them. Citizens may even be targeted directly
- Lastly, such attacks can serve to deflect attention from another crisis or challenge that the adversarial entity may be planning to unleash in the short or long term
All of the above are possibilities that could play out. So how can such cyberattacks on critical defense and financial services infrastructure be kept at bay? To defang a cyberattack, you need to not just detect these attacks but detect them early enough. What is even better is if you can catch these adversaries red-handed while they attack targets of low value that serve as traps.
Large-scale decoys that mimic multiple elements of such infrastructures can be deployed to confuse and trap cybercriminals. They could also deflect sophisticated cyberattacks from APT groups and evolved hackers. The architecture for such decoy and deception technology involves the simultaneous use of simulation and dissimulation.
Simulation involves creating a shadow or fake infrastructure through mimicking, inventing, and decoying fake digital infrastructure that appears authentic enough to keep the intruder engaged in the worthless pursuit of data or access to other resources. Dissimulation covers hiding, digitally camouflaging, and masking data and digital assets to hide them from hackers.
Both these measures can help keep critical infrastructure safe by deflecting cyberattacks and confusing the hackers.
Sectrio has evolved multiple models to create such decoys at scale. We are today working with financial, industrial, and critical infrastructure operators globally to create scaled decoys that can be launched faster and keep your digital assets safe from cyber adversaries.
Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence
Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio.
Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center
Get access to enriched IoT-focused cyber threat intelligence for free for 15 days
Download our CISO IoT and OT security handbook