Ukraine conflict to shape cyber threat landscape in 2023. Motive of state-sponsored attack on critical infrastructure heads beyond simple tactical, intelligence and economic gains.
In mid-August, South Staffordshire PLC, the parent company of South Staffs Water, a small independent utility that supplies water to 1.6 million customers, including 35,000 businesses, in central England came under a cyber attack. Luckily, it did not affect the company’s ability to supply safe water.
Last month, several major U.S. airports suffered a distributed denial-of-service (DDoS) attack at the hands of Russia-based cybercriminal group Killnet. The attack took down the websites of these airports for a few hours affecting passengers’ ability to book airport-related services and receive flight scheduling updates.
A “Prestige” ransomware has been targeting transportation and logistics companies in Ukraine and Poland.
An Iranian cyber threat actor executed an attack that set off emergency rocket sirens in Israel.
State-sponsored threat actors have targeted 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).
Ukraine war: The dawn of hybrid war
On February 23, 2022, a day before Russia invaded Ukraine, the cyber security world entered the dawn of a new age of conflict.
While Russia has been attacking Ukraine’s digital infrastructure since its annexation of Crimea in 2014, the attacks increased in volume and intensity damaging Ukraine’s public, energy, media, financial, business, and non-profit sectors.
In retaliation, Ukraine has used its cyber might to attack Russia’s critical infrastructure taking down targets ranging from Russia’s stock exchange and reportedly stealing data from the Russian Wagner Group. It has also got help from the U.K. who has been helping defend the country against Russia’s cyber attacks, and gave a £6.35 million support package to protect Ukraine’s critical national infrastructure and vital public services.The U.S. government and private sector are also providing critical cybersecurity assistance to Ukraine.
The implication of the global help to Ukraine has led to the belief that Russia might launch cyber attacks against nations who are supporting Ukraine leading to escalation of the conflict in the region.
For instance, Killnet targeted the aerospace and defense company Lockheed Martin, calling them “terrorists” for supplying the M142 High Mobility Artillery Rocket System (HIMARS) to the Ukrainian armed forces. The group has also claimed responsibility for launching cyberattacks against NATO member countries including Estonia and Lithuania.
Considering the serious nature of these threats, nations and organizations have stepped up to prepare for disruptive cyberattacks and espionage attempts.
According to cybersecurity firm Mandiant, “the after-effects of Russia’s invasion of Ukraine and the barrage of cyber attacks would be felt globally. There will also be an uptick in Russian cyberattacks in 2023 on Asia Pacific countries that have sanctioned the nation.”
The UK government has already warned that Russia might launch a potentially devastating wave of cyber attacks against UK critical infrastructure, such as energy supplies and air traffic control.
US President Joe Biden last week issued a warning to American business leaders, telling them to strengthen their companies’ cyber defenses immediately, according to reports from CNN.
India’s critical infra susceptible to attacks
On 4th September 2019, the Kudankulam Nuclear Power Plant, one of India’s most advanced such stations, was under a cyber attack. On October 12, 2020, a power grid failure in Mumbai, Maharashtra, resulted in a massive power outage, stopping trains on tracks.
On 6 April 2022, American cybersecurity firm, Recorded Future revealed that Chinese state-sponsored hackers had targeted India’s power grids in Ladakh. In July this year, cyber attackers hit the flood monitoring system in Goa, The ransomware attack prevented the ability to back up data, with attackers demanding Bitcoin in return for decryption of data.
Last month, power generation company Tata Power faced a cyber attack on its information technology (IT) infrastructure affecting some of its systems.
India’s critical infrastructure, involving gas and water supply, and security installations, may be more open to cyber attacks than what has been previously evaluated, according to a report released by cyber-security firm CloudSEK a couple of weeks back.
The report titled ‘Abysmal State of Global Critical Infra Security: Supply of Gas, Water, & Govt. Services at High Risk’ cited the vulnerabilities of the water quality management software of an Indian conglomerate, the Union Government’s mail server and the Central View Dashboard, and a private gas transport company as examples of the potential extent and impact of cyber attacks on the IT assets of the country’s critical infrastructure.
According to an article by Foreign Policy Analyst, Vaasu Sharma, India’s vulnerability to cyber-attacks, primarily, has its roots to lack of governmental control, in line with, the constitutional right of freedom of expression, overflow of information, be it in internet or media/social platforms. In contrast, China enjoys full control over the flow of information. To protect itself, India will need to maintain a proper balance between democratic principles and national security.”
