As State-Backed Cyber Threats Grow, Here’s How the World Is Reacting

With the ongoing conflict in Eurasia, cyberwarfare is inevitably
making its presence felt. The fight is not only being fought on the
fields. There is also a big battle happening in cyberspace. Several
cyber-attacks have been reported over the past months.

Notably, cyber attacks backed by state actors are becoming
prominent. There have been reports of a rise of ransomware and
other malware attacks such as Cyclops Blink^[1], HermeticWiper^[2], and BlackCat^[3]. These target businesses
as well as government institutions and nonprofit organizations.
There have been cases of several attempts to shut down online
communications and IT infrastructure.

The ongoing list of significant cyber incidents^[4] curated by the Center
for Strategic and International Studies (CSIS) shows that the
number of major incidents in January 2022 is 100% higher compared
to the same period in the previous year. With the recent activities
in cyberspace impacted by the emergence of the geopolitical tumult
in February, it is not going to be surprising to see an even more
dramatic rise in the number of significant incidents.

Here’s a look at how state-backed cyberattacks are shaping up
this early into 2022 and what the world is doing in response.

Worsening malware problem

The ransomware and other malware problem are getting worse,
according to acclaimed cybersecurity leader and technologist Dan
Lohrmann. In his blog post for Government Technology, he pointed
out the significant rise of criminal copycats that deliver malware
through software updates, the increase in mobile malware attacks,
the packaging of malware with other threats that target specific
organizations, and the weaponization of malicious software.

Malware weaponization is particularly alarming in light of the
geopolitical conflict the world is facing right now. State threat
actors are not only using ransomware, viruses, spyware, and other
malicious software to attack other governments. These are used
across the board as they can significantly impact economies when
businesses suspend operations to deal with the infection.

Organizations are routinely reminded to fortify their security
posture with a variety of defenses and strategies. Malware
prevention, detection, and mitigation software tools are a must.
From firewalls to antiviruses to comprehensive enterprise anti-malware software^[5]
capable of addressing various malicious software threats, it is
important to put in place the right tools to stop malware infection
or at least enable effective mitigation.

In addition to having reliable anti-malware solutions, it is
important to follow cybersecurity best practices, have a carefully
crafted incident response plan, and keep regularly updated with the
latest cyber threat intelligence. It is encouraging to know that
even before 2022, organizations have already expressed intentions
to boost their cybersecurity with the corresponding increases in
spending. One study^[6]
found that 4 in 5 companies are planning to spend more on obtaining
reliable security controls, security testing, and other
cybersecurity investments.

To address the rapidly growing malware problem, organizations
such as the United States Cybersecurity and Infrastructure Security
Agency (CISA) already regularly provide updates on the latest
malware threats and guidance on how to deal with them. What’s
different now with the rise of state-backed threats is that they
more aggressively oversee the cybersecurity practices of government
and private entities to ensure adequate defenses.

Digital shelling/bombing vs. everyone

Shelling and bombing have been two of the most common words in
the news lately, as reports of the military aggression against
Ukraine dominated the past week. These deadly attacks have targeted
everyone, not only military installations but also civilian
structures.

In the digital realm, there are versions of these destructive
attacks out to render devices useless or dysfunctional. One of the
most recent examples of which is the HermeticWiper malware. This
malicious software has been reported to be used against Ukraine to
destroy the country’s IT infrastructure and resources. However, it
is already spreading to other parts of the world.

This custom-written malware affects Windows devices as it
manipulates the Master Boot Record (MBR), leading to a boot
failure. With a payload size of 114KB, it is relatively small, but
it is enough to inflict deadly damage. This malware initially
focuses on corrupting the first 512 bytes of a drive or the MBR. It
then enumerates the partitions of the drives infected and corrupts
them.

CISA and the FBI have already raised the alarm on HermeticWiper
and other threats. “We are striving to disrupt and diminish these
threats, however, we cannot do this alone. We continue to share
information with our public and private sector partners and
encourage them to report any suspicious activity. We ask that
organizations continue to shore up their systems to prevent any
increased impediment in the event of an incident,” FBI Cyber
Division Assistant Director Bryan Vorndran said.

To address the threat of destructive malware, the solution may
not be that difficult. PCMag’s Lead Analyst for Security Neil J.
Rubenking says that an updated antivirus or anti-malware system can
be enough. The leading antiviruses do an excellent job catching the
malware and preventing it from causing any harm.

Cybersecurity stocks on the rise

This is not surprising, but it is worth noting how the
cybersecurity industry appears to be benefiting from the crisis
that has led to greater cyber threats across the world. Cybersecurity stocks enjoyed
gains^[7] as the threat of a
significant ramp-up of cyberwarfare looms over governments and
businesses.

The cybersecurity sector had been in the red for a time, but it
went back to black at the end of February as fears of more
aggressive state-sponsored attacks grip businesses and public
institutions. ETFMG Prime Cyber Security ETF HACK closed at $57.39
on February 28. This price shows a 2.4 percent gain over the past
year. The S&P 500 index SPX closed with a 0.2 percent gain on
the same day while Nasdaq Composite Index COMP gained 0.4
percent.

It would not be a stretch to say that the explicit declarations
of major hacker groups have also sparked interest in cybersecurity
stocks. Anonymous declared cyberwar against Russia. In a tweet, the
group said that it is “currently involved in operations against the
Russian Federation” with the Russian government as the target.
However, the group also warned that “there is inevitability that
the private sector will most likely be affected too.”

The world is currently in a precarious and volatile situation,
no thanks to troublemakers offline and online. The world is
responding to the increase of cyber threats relatively well,
although only time will tell if governments and the private sector
have done enough to improve their security posture to formidably
face off with more aggressive, frequent, and sophisticated
attacks.