Levels of intensity are on the rise in the Crimea crisis with cyber-warfare being one of its main drivers. Dozens of networks in the Ukraine are infected, government systems among them, with malicious software that secretly performs surveillance, sustains privileged access to networks and databases and may even opt to shut systems down altogether.
Alongside this advanced piece of malware, DoS and DDoS attacks continue to overwhelm servers hosting public and governmental platforms. Confirmed reports claim Ukrainian Members of Parliament have had their mobile phones disabled due to IP-based attacks. Most disturbingly, attacks that have not been registered yet, are posing the biggest threats.
Forensic analysis of the malware now known as Snake provides indications that the source destination is near Moscow, owing to instances of Russian language and a time stamp deduced from its programming. This many-headed monster previously surfaced in successful attacks on military systems in the U.S. Its signature has since been listed in antivirus software.
Despite even receiving a status of notoriety, having been discussed in Foreign Affairs magazine by its referral name Agent.BTZ, the makers have been able to elude protective measures by bringing in new components. As we ventured in a previous post, in the Russian Federation professional cyber criminals apparently act as mercenary forces supporting the Kremlin by directing their malware tools on Ukrainian systems.
The cyber-aggression is not entirely one-sided, given that Anonymous is #OpRussia continues to leak state documents. The Americans will actively monitor the impact of the snake. In private circles they may even welcome a further escalation, all the while watching and learning what the intentions and capabilities of Putin’s henchmen are. Quite plausibly, the NSA will be directed to employ its trick book, and this time vis-à-vis a sizable and worthy opponent.
In their tracks NATO is posturing. A partnership with Ukraine that includes exchanges of cyber security practices, should make NATO a player that is privy to inside information. Dutch Defense minister Hennis–Plasschaert recently stated NATO was close to including cyber-attacks within the territory of member-states as an article 5 casus belli.
Facts on the ground show Lithuania is being hit hard by attacks attributed to Snake, meaning that a cyber-intervention shouldn’t be too far away. Despite that in reality, obviously it’s not going to happen. Even it were somehow possible to jump in the middle of that arena, nothing could be done short of physical destruction of Russian hardware.
Everyone More Exposed
In such a stalemate, the risk turns again towards Western-Europe. Measures, if only symbolic, will need to be taken and NATO may get its way with an emboldened mandate to patrol the cyber domain. Now the U.S. military and financial dominance within the organization will provide a blueprint as to what can be expected. In short, NSA’s monitors return, and this time they’ll bring an invite.
Beyond what effect such a fatal blow may have in terms of privacy and civil liberties, it will obfuscate the information security market to its detriment. When a small sample of vendors are privy to critical information about security issues, which under the guise of Official Secret Acts cannot be shared, it will hinder the security community in becoming knowledgeable. Sharing attack vectors, best-practices and lessons learned are the fuel to our security engine, and hence, our security.
But all may not be lost. Not yet, anyway. There is more to it than hoarding information. An information overload generally results in a lack of actionable intelligence. In crisis situations one should not be mesmerized by the snake’s eyes while it’s constricting your room for maneuvering to crush you.
Therefore, make sure to monitor your systems, upkeep patching and keep your ear to the ground, but don’t miss the chance to be proactive in activating your organizational landscape. Preparation is key. Contact your security vendors on how they plan to deal with the Crimea issues, keep in touch with your supply chain and partner organizations on whether anything out of the ordinary occurs, and even lobby your political representative to fill this gap in national security.
All these actions may help close the information gap: not sharing the information is not a matter of policy and bad intentions, more a habit.
Your organization will definitely be at a disadvantage when it is multinational, since cyber defense is molded in the frame of nation states. In this case you may be at the mercy of NATO’s blue helmets. And don’t forget about the NSA, you won’t find a more attentive listener.
About the Authors:
Peter Rietveld is an authority in the field of Computer and Information Security, with near to twenty years’ experience as a system architect, developer, penetration tester and cryptanalist. As a security advisor at Traxion he consults organizations in ICT, the aviation industry, telecom, finance, government agencies and health care. His forward-looking publication on the future of access control is online available under the Dutch title ‘Toekomst van de Toegang’. Currently he’s working on a thought-provoking new book on cyber-doctrines. For years, he’s been a regular contributor to Security.nl with timely and insightful commentary on issues in IT security.
Diederik Perk is a business consultant at Traxion, involved in policy, research and publishing in the fields of Information Security, Computer Security and Cyber Security. After previous employment at the Department of Defense, Office of the Public Prosecutor and several other organizations, he’s currently operating within IAM and RBAC-centered projects in the financial sector. His publications include regular contributions to Cyberwarzone.com and TheHollandBureau.com.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Attacking the ROI of Advanced Persistent Threats
- Governance: Understanding Where You Are and What is Important
- 4 Clues to Get Executive Support for Information Security
- Dealing With Unrealistic Security Expectations from the Executive Office
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock