Russian Cyberattax - What We Know, Why it's Terrifying

Russian Cyberattax - What We Know, Why it's Terrifying

Bremaine

This stream breaks it down for you and explains what the cyber att4ck5 from Russia are and if we should worry #infosec #properlyparanoid

When I started doing my research about the global threat of cybersecurity just a few weeks ago, I never anticipated that the world itself would be turned upside down and the fear of people's right to exist would be put into question. I, like many people, are concerned about the current events but unfortunately it's not my wheelhouse. So instead let's talk about a threat to global security which a few weeks ago was equated to a scary fairy tale, Baba Yaga, told by herds of nerds with thick rimmed glasses traveling in swarms from conference to conference screaming about the imminent threat yet never listened to. It is truly unfortunate that the scary monster hiding under the bed has exceeded our expectations and unlike Baba Yaga and the boogeyman, turned out to be far more real than any of us would have ever imagined. You’re not Paranoid, it’s proper.

{{ I cover topics like Linux and open source culture, gaming and tech in a way that's uniquely geeky, accessible, and fun! Taking a look at the world around us and making the choice to be positive and proactive while we find solutions. If you want to see more content like this, don't forget to hit like and subscribe! }}

—--

Even though it seems like everything is happening all at once, the current news cycle is rotating around just a few things right now, with one of the biggest being Russia's invasion of Ukraine. There are high-level think tanks working on this 24/7 right now, and the only real certainty is that "they are probably doing everything they can to figure out how to avoid World War III". That whole "mutually assured destruction" thing is pretty intense when you realize the main reason there hasn't been a third world war is that even the ruling classes figure glassing the planet with nukes is kinda counterproductive to their own goals.

—--

Remember when the Java™ log4j vuln gave hackers access to devices and networks? One of the biggest concerns is how many systems and networks could have lurkers ready to trigger anything from data exfiltration to catastrophic attacks. This is kinda like that, only now we've been made aware that state-sponsored Russian hackers have lurked over data streams including US Department of Defense information - and they're not all gone, either. With tensions having escalated to actual war, we've seen Microsoft identify a potentially nasty bit of malware named "FoxBlade" and bring it to government attention. Hacker group Anonymous launched an operation against Russia, leaking the Russian Ministry of Economic Development database (since recovered by Russia) and leading the DoS charge with as many netrunning cavalry as they can muster.

There are (at least) three different levels of cyberwarfare involved between the different actors in this situation so far:

1. Type one consists of the acronym agencies and bureaus, always somewhere on a chain of command, state run hacking. This is what most people think of when they think of a hostile foreign power committing cyberattacks: full-monty governmental reach the likes of which are portrayed in movies. There's been plenty of this going on back and forth, but we're not gonna be hearing much about it.

2. Type two is where we find state-sponsored, non-governmental organizations (or NGOs) that are encouraged but without the explicit backing of the government. While some of these NGOs are small-scale with narrow specializations, there are also global orgs of skilled experts like Janes, an open-source defense intelligence giant.

3. Type three are our independents and opportunists taking advantage of lax cyber laws and enforcement in Russia with intent to profit. Independents and for-hires are the ones hacking for ransom right now. There are also larger-scale hacking projects such as Ghostwriter, named by Mandiant in 2020 and the hacker group has been active up through current events with Ukraine.

What we're seeing coming out of Russia in reference to Ukraine is multi-layered. The DNS attacks are suspected from types 1 and 2, so we're seeing heavy state and state-sponsored influence. Considering we're talking about nations at war, this stands to reason but of course that's not all that's going on. The unaffiliated operators on type 3 are doing more than their fair share in causing unrest, resource insecurity, and pretty much any issue they can. Many of these particular attacks are coming from oligarch-backed groups and their main job is to make money for the oligarch employing them. Believe it or not, most of their initial infiltration happens from phishing and tracker insertions via email. I gotta stress to you this is not sophisticated next-level hacking they're doing. They just gain access, perch up out of the way, and… watch. This is akin to someone sitting across the street from an ATM and just observing everyone. Arguably creepy but not actively doing anything, just watching. They know that one day someone is gonna drop a 20 as they put their wallet away and maybe, just maybe, an ATM card will get left in the machine. That's the "catch-what-you-can" mode of phishing, more or less ubiquitous in today's online environment and most people have encountered the attempts in their email. On the other hand, spear-phishing is a much more targeted form of phishing tactic that has been used at higher levels and more dangerous scope with US Department of Defense contractors as the targets. We’ll talk more about targeted attacks and their implications in part two, coming up on [airdate]!

The year is 2022 and we really are using words like cyberattack and cyberwarfare unironically: this is now real life. It's not just in theaters of warfare or upper echelon corporate intelligence that we need to be paying attention to. You can look at the macro and consider how much of our infrastructure is hackable. Things like consumer electronics and medical equipment are on the micro but still exploitable to devastating effect. Given how fast cybersecurity concerns are moving right now, well - most of us aren't actors on a global stage, but we still need to be careful. The usual common sense rules like not clicking on random links in emails and taking practical measures to protect our sensitive information. You don't have to deep dive into hardcore hacking to build a competent privacy toolkit, either.

Check out some of my other Properly Paranoid privacy vids on how you can start securing yourself on a personal level right now, and it would mean a lot for you to hit that subscribe button and the bell so you don’t miss out on part II, complete with credential stuffing and more!

Stay safe out there, and I’ll talk nerdy to you later!

And look out for Part 2, which will be dropping here.