The Fog of Cyberwar

The temperature is rising in the ongoing Cyber Cold War as tensions increase between Russia and the United States. The US Department of Homeland Security (DHS) issued a warning that Russia may pursue a cyberattack against the US and cautioned government agencies and private companies to be prepared. 

Recent events in Ukraine indicate that cyberattacks play an important tactical role in nation-state conflicts, and underscore the importance of what we do, and why Defenders need to rise to meet the evolving challenges of today’s threat landscape. 

Cyberattacks in Ukraine

The situation in Eastern Europe has been tense as Russia appears to be preparing to invade the neighboring former Soviet Bloc state. A cyber attack launched in Ukraine caused concern that it might be the opening move in a broader military effort, but the attackers simply defaced dozens of Ukraine government websites and the embassy websites of key Ukraine allies. 

A couple days later, reports started to emerge that the website defacement was perhaps a distraction. Researchers revealed that several Ukrainian government agencies were compromised with more insidious malware. This attack is disguised to look like ransomware but is actually a wiper that will render any infected system inoperable if executed—an attack that evokes memories of the NotPetya attack against Ukraine in 2017, which we helped crush with a vaccine we shared with the public.

Ukrainian intelligence has attributed both the website defacement and the fake ransomware attacks to APT GhostWriter—a hacker group linked to Belarus intelligence. Belarus is a close ally of Russia and is currently allowing Russian troops to occupy the country for “military exercises” that conveniently place troops on a flanking front on Ukraine’s northern border. 

The United States continues to engage in diplomatic talks with Russia to urge the nation to back down, and is working closely with European Union and NATO allies to prepare a response if Russia decides to escalate the attack or invade its neighbor. The use of cyberattacks—both as a tool for fear and propaganda as well as a tool for espionage or tactical advantage—and using the façade of a standard ransomware attack for a nation-state assault highlight a shift in cybersecurity dynamics and demonstrate why cybersecurity is national security

Rising to Meet the Challenge

This is the world we live in today. Defenders are tasked with protecting an expanding and increasingly complex attack surface against sophisticated cyberattacks from adversaries who often have the advantage. It is important that Defenders rise to meet that challenge.

Whether it’s stopping cyberattacks from nation-state adversaries that are part of the fog of cyberwar, or preventing ransomware attacks from cybercrime syndicates, Defenders need tools that can see the entire malicious operation and predict what the adversary will do next. Defenders need Extended Detection and Response (XDR) because it expands visibility exponentially and improves situational awareness of suspicious or malicious activity and potential threats. 

Art Coviello, the former CEO of RSA Security and a respected pioneer in cybersecurity, recently joined the Cybereason Board of Directors. He shared, “What I saw in Cybereason was the completeness of its vision.  And it starts with the technology, the core ML capability, its ability to process incredible amounts of data real-time.

The relationship with Google that I saw starting to develop over the course of the summer with Chronicle allows Cybereason to complete the system and drive planetary scale, giving Cybereason an edge in XDR that absolutely no one else in the market is going to be able to compete with.”

Lior Div
About the Author

Lior Div

Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.

All Posts by Lior Div