When describing the war in Ukraine recently, NPR’s cybersecurity correspondent, Jenna McLaughlin, stated this: “It’s now been 18 months of fighting. The focus has rightfully been on dead and wounded, but there’s still real concern about how sophisticated cyberattacks paired with things like missiles and drones can inflict real damage. That’s especially true with the power grid, an increasing concern as Ukraine prepares for another harsh winter. While some Ukrainians are fighting on the frontlines, others are using their digital skills to volunteer. And that includes career cybercriminals.”
Russia, Ukraine, and OT Cyberattacks
What this ongoing conflict has taught us is that cybersecurity has become another battlefront, and some of the prime targets are critical infrastructure operators. Even before the official start of the war, Russia had been poking hard at Ukraine for the past several years via cyberattacks on the country’s critical infrastructure. But when the world’s foremost on cyber stepped up to assist Ukraine to both understand what happened during those incidents and to lend assistance to prevent them, it seemed that Russia decided to test new ways to infiltrate OT. In. In fact, Mandiant just uncovered OT attacks that Russian group Sandworm executed against Ukraine in October of last year. According to Security Week’s reporting, Sandworm cracked an “end-of-life MicroSCADA control system and issuing commands,” which led to disruptions including a power outage.
Researchers into the Russian case note that this type of methodology represents a rising sophistication in OT cybercrime capabilities, which is a trend that is only likely to expand in 2024. Google Cloud’s new global Cybersecurity Forecast raises concerns over nation-state actors. In addition to interest in the United States’ 2024 election, the forecast warns that cyberattackers may employ such tactics as wiper malware, sleeper botnets, and zero-day exploits to mount ambushes. But one tech emergence that could really fuel activity is generative AI. While Google Cloud predicts that generative AI will play a larger role for threat actors, it may also be a useful tool in defending against attacks.
Israel, Hamas, and Cybersecurity
Unfortunately, we now have another war where we could possibly see all or some of this play out. The world has now witnessed more than a month of fighting between Israel and Hamas. In this time period, security teams have recorded an increase in cyberattacks against Israeli businesses, government agencies, and energy and telecommunications organizations. Politico also reports that hacking campaigns led by groups potentially connected to Iran and Russia before the October 7 strike by Hamas attempted to impact websites, the Israeli electric grid, and a missile defense system.
Although the cyber warfare that has unfolded in the Russian and Ukrainian conflict has yet to occur with Israel and Hamas, the worry is certainly there. And with advanced methods available and risk to OT networks, the call to action to implement strong cybersecurity measures has never been louder. Therefore, large-scale efforts such as the NSA’s guidance to enhance OT and OSS security as well as private sector products designed specifically to protect OT and IT environments like those offered by DYNICS are more important than ever.
- “An inside look at Ukraine’s cyber war with Russia” – Jenna McLaughlin, NPR
- “Russian Hackers Used OT Attack to Disrupt Power in Ukraine Amid Mass Missile Strikes” – Ryan Naraine, Security Week
- “Google Cloud’s Cybersecurity Trends to Watch in 2024 Include Generative AI-Based Attacks” – Megan Crouse, TechRepublic
- “The Hamas-Israeli war is also being fought in cyberspace” – David Strom, Silicon Angle
- “How hackers piled onto the Israeli-Hamas conflict” – Antoaneta Roussi & Maggie Miller, Politico
- “NSA and U.S. Agencies Issue Best Practices for Open Source Software in Operational Technology Environments” – National Security Agency/Central Security Service, Press Release