In the wake of global conflicts, significant concerns about the security of critical domestic cyber operations have dominated the news. Yet, despite all the urgent alerts and notices, after several weeks of escalated scenarios of aggression, it seems the “big one” hasn’t quite hit. On one hand, our power is still on, our water still flows, and our kids can still walk over to the campus ATM and check their balances. Have our adversaries been holding back? Or is something else happening? Threat activity levels are higher than ever, and it is more likely that cyber chaos is lying in wait. Remember the peace of the Western Front — this is the time to worry the most.
There is little debate that the primary channel for conflicts in the world today is rooted in offensive cyber capabilities. In recent years, attacks from nation-states and state-sponsored groups have surged and include corporate espionage, ransomware schemes, supply chain software breaches, fundraising for terrorist activities, and more. At times it seems that cybersecurity is a cat and mouse epic battle.
The U.S. is The Target
Let’s be clear; it is not just Russia. Even the slightest indication of undermining security is an opportunity for adversaries and foes. China, Iran, North Korea, and even other actors that claim to be technically our allies will not let an opportunity for technological chaos go to waste. This is our modern Roman arena, and we are not viewed as the lions — we are viewed as the bait, and almost everybody is coming at us.
One simple fact of these threats is that a history of successful attacks begets continued attacks. Attack vectors, techniques, and tools are shared in private corners of the web. Successful campaigns also create digital wealth-based cryptocurrency schemes that can wage war, sponsor terrorist groups, and spawn new attacks and new attackers.
Russian offensive cyber operations are highly advanced, and we have seen how many experts have tracked the SolarWinds attack of 2020 to suspected Russian sources. This incident was a sophisticated infiltration of a major software supplier, and the discovery of this incident affected thousands of clients. Operations at that scale take time — incorporating full-cycle targeting, social engineering, payload, and surveillance over the course of many months.
From the beginning of the war in Ukraine, cyberattacks were first. A prelude to the land attack, these operations destructively took out government agencies, banking facilities, and other critical offices. These were official military actions, but Russia also wields a hidden force of citizens that will see cyber hacking as a form of patriotism and survival as the world continues to pressure economic sanctions upon the country. Attacks could persist for years beyond the cessation of violence.
Attack Signals Not Stopping
The first quarter of this year is behind us, and we are already seeing high activity in the number of novel methods emerge as well as a heightened and accelerated scale of cyber threat activities across the board. The company I lead has collected an 800% increase in threat activities since the war first started, and it is not abating in any sense of the word. We continue to work with high-level government agencies on a frequent basis to help protect the ecosystem of companies within our client base and beyond.
We have the Okta situation, new Android malware, reports of suspected Russian and Chinese capabilities to defeat two-factor authentications, and specific failure incidents, such as the report of a major storage provider going through the permanent loss of customer data. If it isn’t clear already, it one day will be — flaws and human interaction can weaken technology, but technology combined with the commitment to thorough security practices can close significant gaps.
There is definitive proof that global criminal and perhaps intelligence syndicates are driving this increased activity and the day of the lone hacker is history. Such is a global cyberwar. Companies cannot withstand this escalating onslaught alone. We must take up arms to protect what is ours. This is an invasion of an entirely different kind, and we must protect the homeland in the cloud, on our keyboards, our television, and mobile devices.
Preparation and Targets
We have so much to protect. First, our military and economic foundation are highly dependent on digital terrestrial and satellite technologies. The protection of the backbone is critical, and these are primary targets. However, the frontlines in this battle are everywhere we go, everywhere we live, and so right away and urgently, our national base of cyber readiness must get up to speed on security matters.
Only a comprehensive security strategy will solve this once and for all, but until then, we can steel ourselves from this persistent wave of threats with basic actions:
● Lockdown networks and systems
● Implement tested and validated backups
● Implement Multi-Factor Authentication
● Patch systems and software
● Turn on monitoring and alerting (everywhere)
On a personal level, pay attention to your passwords. Change them often and make them complex. Implement multi-factor everywhere possible. Keep aware of phishing attempts, malicious links, and every form of cybersecurity responsibility you bear for yourself and the companies you work for.
It is the natural order of things that big-name companies are going to hold a higher target value. Russia, like many other nations that wield cyber threat operations, is in a position where it can completely rely on symbolic victories in its cyber attack campaigns. You can count Coca-Cola, Exxon/Mobil, and even Tesla as organizations that are probably on heightened alert due to their very public business decisions launched in response to Russia’s attack.
The Silver Lining
Industry awareness of these threats has improved, and the fact that we have survived this long ties back to the hardening throughout the industry following two years of pandemic-driven challenges. The fires of that digital chaos and the improved response are positive historical touchstones. We will find that only a complete lifecycle of comprehensive security can protect what is truly essential.
Eventually, the Russian crisis on the ground will pass, but another crisis is looming. Silent digital attacks are a prelude to greater actions, and the stillness is a false sign of security. Russia, China, and other global adversaries are stacked up for a global confrontation, hoping that the weakest target may precipitate our fall.