The temperature is rising in the ongoing Cyber Cold War as tensions increase between Russia and the United States. The US Department of Homeland Security (DHS) issued a warning that Russia may pursue a cyberattack against the US and cautioned government agencies and private companies to be prepared.
Recent events in Ukraine indicate that cyberattacks play an important tactical role in nation-state conflicts, and underscore the importance of what we do, and why Defenders need to rise to meet the evolving challenges of today’s threat landscape.
The situation in Eastern Europe has been tense as Russia appears to be preparing to invade the neighboring former Soviet Bloc state. A cyber attack launched in Ukraine caused concern that it might be the opening move in a broader military effort, but the attackers simply defaced dozens of Ukraine government websites and the embassy websites of key Ukraine allies.
A couple days later, reports started to emerge that the website defacement was perhaps a distraction. Researchers revealed that several Ukrainian government agencies were compromised with more insidious malware. This attack is disguised to look like ransomware but is actually a wiper that will render any infected system inoperable if executed—an attack that evokes memories of the NotPetya attack against Ukraine in 2017, which we helped crush with a vaccine we shared with the public.
Ukrainian intelligence has attributed both the website defacement and the fake ransomware attacks to APT GhostWriter—a hacker group linked to Belarus intelligence. Belarus is a close ally of Russia and is currently allowing Russian troops to occupy the country for “military exercises” that conveniently place troops on a flanking front on Ukraine’s northern border.
The United States continues to engage in diplomatic talks with Russia to urge the nation to back down, and is working closely with European Union and NATO allies to prepare a response if Russia decides to escalate the attack or invade its neighbor. The use of cyberattacks—both as a tool for fear and propaganda as well as a tool for espionage or tactical advantage—and using the façade of a standard ransomware attack for a nation-state assault highlight a shift in cybersecurity dynamics and demonstrate why cybersecurity is national security.
This is the world we live in today. Defenders are tasked with protecting an expanding and increasingly complex attack surface against sophisticated cyberattacks from adversaries who often have the advantage. It is important that Defenders rise to meet that challenge.
Whether it’s stopping cyberattacks from nation-state adversaries that are part of the fog of cyberwar, or preventing ransomware attacks from cybercrime syndicates, Defenders need tools that can see the entire malicious operation and predict what the adversary will do next. Defenders need Extended Detection and Response (XDR) because it expands visibility exponentially and improves situational awareness of suspicious or malicious activity and potential threats.
Art Coviello, the former CEO of RSA Security and a respected pioneer in cybersecurity, recently joined the Cybereason Board of Directors. He shared, “What I saw in Cybereason was the completeness of its vision. And it starts with the technology, the core ML capability, its ability to process incredible amounts of data real-time.
The relationship with Google that I saw starting to develop over the course of the summer with Chronicle allows Cybereason to complete the system and drive planetary scale, giving Cybereason an edge in XDR that absolutely no one else in the market is going to be able to compete with.”