Summary:
“Ukraine should brace for more Russian wiper and ransomware attacks, concluded a panel of cyber threat intel experts and government officials in a report assessing the cyber dimensions of Moscow's ongoing war of conquest against its European neighbor. The report, commissioned by the U.K. National Cyber Security Center, finds the tempo of destructive cyberattacks has ebbed and flowed across the first year of the Russian invasion. Participants in a daylong workshop convened by the European Cyber Conflict Research Initiative and granted anonymity for candor "anticipated the increased use of throwaway or single-use wipers," the report states. They also predicted an uptick in commercial ransomware attacks. "The ability to bootstrap criminal capabilities to provide new attack opportunities will prove increasingly important, as operator burnout threatens to become a real challenge for Russia," the report says. Espionage and destructive attacks have each assumed primacy in observable Russian operations in apparent rough correlation with Moscow's warfighting priorities such as disrupting operations of the Kyiv government or responding to Ukraine's counteroffensive. Changes in Russia's military leadership have also led to changes in cyber strategy. Gen. Valery Gerasimov, appointed in January as the overall commander of the Ukrainian invasion, "has been a strong proponent of using information operations to influence both people and institutions," the report says. Russian doctrine doesn't draw clear distinctions between information operations and cyberattacks, the reports says. They have the same objective of destabilizing Western institutions and creating psychological effects. Despite periods of relative quiet, Russia overall has found a wiper method that works for it, the report concludes: "pure wipers" that lack worming capabilities, are easy to change and manipulate quickly and are quick to build and launch. Directly targeted wipers avoid the possibility of spillover, a mistake the report says Russia initially made with the AcidRain attack it deployed against ViaStat in the first hours of the invasion” (BankInfoSec, 2023).

Analyst comments:
“Attendees agreed Russia is unlikely to see multifunctional wipers such as NotPetya emerge in the coming months, although they disagreed about whether that's because Russia lacks the resources to develop more sophisticated malware or because Russia is conserving its cutting-edge attack capabilities for the future. The report cautions against assuming too much coordination between Russian-speaking criminal groups and the Kremlin even as some participants said that the Russian government "can very quickly create linkages with criminal actors if and when it so chooses." The line between state and nonstate actors is blurring as is the boundary between cybercriminals and hacktivists. Ransomware is "increasingly politicized," the report says” (BankInfoSec, 2023).

Mitigation:
The report underscores the ongoing and evolving threat of Russian cyberattacks against Ukraine, and the need for countries to be prepared to defend against and respond to these attacks. Wiper attacks are a type of cyberattack that are designed to completely erase or destroy data on targeted systems or networks. Here are some measures that can help prevent wiper and ransomware attacks:

Implement a robust backup and disaster recovery plan: A good backup plan can help you recover your data if it is lost due to a wiper attack. Make sure you have multiple copies of your data in different locations, and that your backups are up-to-date and tested regularly.

Use strong authentication and access controls: Limit access to critical systems and data to only those who need it, and ensure that users are using strong passwords and two-factor authentication (2FA) wherever possible. This can prevent unauthorized users from accessing or manipulating data.

Keep software and systems up-to-date: Regularly patch and update your software and systems to ensure that they are secure and up-to-date with the latest security fixes. This can help prevent attackers from exploiting known vulnerabilities.

Use endpoint protection software: Implement endpoint protection software, such as anti-virus and anti-malware, on all devices connected to your network. This can help detect and prevent malware infections that can lead to wiper attacks.

Train employees on cybersecurity best practices: Educate employees on how to recognize phishing emails, suspicious websites, and other common attack vectors. This can help prevent attackers from gaining access to your network through social engineering or other means.

Monitor your network for suspicious activity: Implement network monitoring tools that can help detect and alert you to suspicious activity on your network. This can help you identify and respond to potential attacks before they can do serious damage.

Source:
https://www.bankinfosecurity.com/cyber-experts-predict-more-harmful-cyberattacks-in-ukraine-a-21726