A One-Sided Cyberwar with Russia
OR That’s Not Yogi Nor Does He Want Your Pic-i-nic Baskets
Am I the only one feeling early 80s vibes? What has possessed the superpowers of the world into this standoff? Beijing won’t stand by idly if things get hot, but not likely before the Olympics end on February 20th. Sure, Communist USSR is gone, but Russia changed its logo (flag) and allowed their different countries to become independent temporarily. AT&T did the same thing. Then Ma Bell bought all her children and was back to delivering the world’s most expensive and terrible customer service.
History buffs say it is like 1939, with a hint of 1914 and 1927 sprinkled in because, hey, “May you live in interesting times.” A hot war destroys lives far beyond the field of battle, but this war would be different. It would be the first attack from a global superpower where the first shots fired would be binary, not bullets. Know the dangers, but fear not!
Business As Usual – Russia ranks top in the world for cyberattacks for multiple reasons. Mainly, the State openly sponsors hackers to attack everyone. Chaos is their business, and business is booming. They have turned Ransomware into an automated cash cow. Estimates indicate state-sponsored hacking groups from Russia made well over $1 billion in 2021!
All Hackers Welcome – Security reports say most attempts come from Russia, but very few are from one of the state-sponsored groups. Why? Russia promotes the healthiest array of proxies, open VPNs, and Tor servers in the world. A snot-nosed 13-year-old in Des Moines can cyberbully his gym teacher online, and the attack appears to come from Moscow.
Blocking Countries – The above image from Google shows countries that filter Google. The American Registry for Internet Numbers (ARIN) provides ownership and geolocation of IP addresses in the United States. Other global databases exist, some more accurate than others. Firewalls with active Intrusion Detection/Prevention Services (IDPS) can block by known country IP address blocks. If you’re not already doing this for all traffic, inbound and outbound, turn it on now. However, this isn’t foolproof since hackers can proxy through any country. An active Security Operations Center (SOC) partner is key to staying on top of threats.
You Are Not It – Russian hackers openly attacked politicians and government systems in Estonia. But Corporations and even the government will not be the target of Russian attack groups known as CozyBear, Sandworm, and Palmetto Fusion (NOT a new restaurant at the mall). They attack where countries are vulnerable. Ask Ukraine. Sandworm has been harassing them for years, knocking out electricity, utilities, and infrastructure.
Ukraine As A Blueprint – If history is correct, Russian hackers will have no problem accessing the US electrical grid and other infrastructure because of our neglect. This has been their modus operandi against other countries. The sobering reality is that they likely already have their fingers in many major public, private, and government networks.
Anatomy Of An Attack – Forensics finds most Ransomware attacks begin up to a year before the encryption of files and a ransom demand. When a hacker avoids detection in the first 24 hours, they know you’ll likely never detect them. They can now take their sweet time. During that year, hackers steal every useful file from a company and determine from those files how much their insurance will pay in ransom. Yes, really. Then, they steal personal data from every network user. When they no longer have anything to take or a savvy security team sniffs them out, they encrypt everything. Now, imagine ransomware that encrypts or securely deletes your files without an option to recover and leaves a patriotic rant about Mother Russia on every phone, laptop, server, website, and television.
The World’s First Coordinated Nationwide Attack – Propaganda rules say to start with a stark warning to every email, SMS, text, and phone available in America and their Allies that the attack is about to begin. Ransomware and Distributed Denial of Service (DDoS) attacks on high-profile Corporate, government, and military targets, flood through. Cell towers stop transmitting. VoIP and hosted Cloud services fail (bye-bye AWS, SalesForce, Google). Banking and card services fail, leaving you with no money, especially when they target the SWIFT network. What’s SWIFT? It’s a key to all this – research it! GPS, television, and data devices lose connectivity to satellites. Vulnerable power grids, water delivery systems, and other utilities are shut off and locked out for some. Pray you are not on an airplane or on life support in a hospital. Social media silenced (well, there’s one good thing). Finally, the Internet itself, for those still with electricity, grinds to a halt.
Timing – 1 PM EST on Wednesday. Why? Everyone in the continental US will be at work or school, away from home, and stuck. Panic will ensue as people rush home or fight over empty toilet paper shelves. Timed during an arctic blast will escalate the danger. Another favorite time? Friday night at midnight, when everyone is snuggled in bed with furry blankets. Mother Bear Russia won’t let you know anything is wrong til Monday morning.
Alone, In The Dark – Communications, severed. Temperature dropping. Food and water dwindling. Priorities changed. The Government is not coming to help. What now? Don’t panic. Take 5 minutes and ask if you are prepared as an individual, family, or business to be without the Internet for a day, week, or month. Then ask the same question about water, natural gas, and electricity. China recently told its citizens to stock up to 1 month of food. How many hours of food do you have at home or the office?
Unprecedented – For businesses, do you have physical, offsite data backups? Updated continuity, disaster, or incident plans? How will you protect your employees, customers, vendors, investors, and others? Can you shelter anyone in place? Will you send them out alone? These are risks few think about but should. Every attack listed above has occurred in reality. This isn’t hypothetical.
The World’s Reaction – None. Fake news, they’ll cry. Russia simply deflects, saying the attack came from Iran, China, or North Korea. The hackers must have used their proxies and VPNs to make them look guilty. If you’re nonchalant about protecting your infrastructure and you get hacked, you just as easily became an unwitting proxy for Russia.
There’s Always Hope – You can protect yourself without resorting to prepping. I always recommend having enough resources for weeks at home and work. From the cybersecurity angle, 1) upgrade your computers, 2) ensure you have endpoint protection that uses kernel extensions on ALL devices (computers, servers, tablets, IoT, mobile, etc), 3) get penetration tested, and 4) upgrade your edge (Internet-facing) routers and firewalls for full Intrusion Detection Prevention Services (IDPS), blocking all inbound and selective outbound traffic. Training is key as social engineering, and email phishing are still the primary attack vector. An always vigilant Network and Security Operations Center (NSOC) partner pays for itself tenfold compared to one security incident.
Politicians will not warn you to avoid panic, disrupting their illusion of control. Government and industry want you to forget they have done nothing to protect vulnerable utilities from cyberattacks. Insurance companies paying cyber ransoms funded this! Do these organizations and agencies care about you or only themselves? It is up to the individual, family, and business to prepare. You can make it, but you need to prepare now! It’s not the zombie apocalypse, but you could find yourself riding a horse out of Atlanta.