Monday, September 26, 2022

Cyberattacks escalate in Ukraine-Russia conflict; attackers living-off-the-land

Date:

Cyberwar or cyberattacks has been playing a crucial role in the Ukraine-Russia war. It is opening a new dimension of modern warfare.

The “special operation” in Ukraine continues to characterize the threat landscape from a Hacktivism and Cyber Espionage standpoint. Multiple targets in Lithuania and Latvia (and in the United States as well) were hit with DDoS attacks launched by pro-Russia attackers, while on the opposite front, the IT Army of Ukraine launched a wave of attacks against at least 80 Russian cinemas. The Russian Space Institute was also hit by a separate operation.

Over 300 cyberattacks

CyberPeace Institute, an independent and neutral nongovernmental organization whose mission is to reduce the harm from cyberattacks on people’s lives, has been monitoring how cyberattacks and operations tied to the conflict have been affecting civilians since Russian Federation forces first invaded Ukraine. The institute’s Cyber Attacks in Times of Conflict Platform documented more than 300 cyberattacks and operations tied to 36 threat actors affecting 27 countries. The institute tracks such attacks across four core categories: destruction, disruption, data weaponization, and disinformation and propaganda.

But infosec VC funding drops

Meanwhile, Infosec (information security) VC (venture capital) investment felt the full effect of market volatility in Q2. Funding slumped 44.6% QoQ (quarter-on-quarter) to $3.2 billion, reverting to 2020’s typical level of quarterly deal activity, per a Pitchbook Emerging Technology review report. The median late-stage valuation remained steady over Q1, at $190.0 million. Mega-deal volume continued to decline, with only 11 mega-deals closed, the lowest total since Q4 2020. Of those that did close, all but two came from application security, identity & access management, and security operations, demonstrating the shifting boundary of security teams to web applications and access control policies.

Though investments in Web3 remain robust

Web3 (Web3 is a term describing a future internet built on decentralized blockchains, which are the ledger systems currently used by cryptocurrencies) security continued to be a driving theme for venture funding even in a bear market for cryptocurrency. Early-stage investment remained robust, with both median deal size and valuations continuing to increase YoY, led by Sequoia Capital’s five early-stage investments. The research believes a slowdown in early-stage investment may materialize as market conditions remain depressed. The VC exit market ground to a halt in Q2, as the research tracked only $162.0 million in disclosed exit value across a paltry 13 exits.

Infosec M&A to increase

In line with the low disclosed deal values, it is expected that undisclosed deal values were low due to market conditions. Infosec incumbents backed out of M&A, leaving tuck-in acquisitions to cash-rich challengers, including Cloudflare, Lookout, and Netskope. These challengers seized opportunities to horizontally integrate into adjacent segments. A down market should yield consolidation opportunities, particularly for private platform companies that seek to build product suites similar to those of incumbents. The IPO pipeline we identified in the Internet of Things/operational technology (IoT/OT) security may not reopen until next year.

At the industry-leading RSA conference, several early-stage startup acquisitions were announced, including vulnerability assessment startup Randori (acquired by IBM), managed security services startup Cysiv (acquired by ForeScout), and cloud security services firm Tracer Cloud (acquired by CyberCX). Each of these startups was acquired soon after their Series A or founding. The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference.

Security breaches escalate

Nevertheless, IT security breaches have continued to escalate. In June 2022, Russia-affiliated threat actor Killnet took down several Lithuanian government websites with a distributed denial of service attack in response to sanctions against the Russian government. Microsoft published research found that Russian-affiliated actors targeted 128 organizations, including governments, as well as “think tanks, humanitarian organizations, IT companies, and energy and other critical infrastructure suppliers.” These attacks have been successful in data exfiltration at least 29% of the time.

CrowdStrike, an American cybersecurity technology company based in Austin, Texas, in its 2022 annual report on information security. observed that 62% of attacks comprise non-malware, hands-on-keyboard activity. As adversaries advance their tradecraft in this manner to bypass legacy security solutions, autonomous machine learning alone is not good enough to stop dedicated attackers.

Turkish, Columbian attackers ‘living-off-the-land’

In 2022 CrowdStrike Intelligence debuted two new adversary animals — WOLF and OCELOT — to label targeted intrusions emanating from Turkey and Colombia, respectively. The presence of these new adversaries underscores the increase in offensive capabilities outside of governments traditionally associated with cyber operations and highlights the variety of actor end goals. Private sector offensive actors (PSOAs), such as NSO Group and Candiru, continued to serve as hackers-for-hire throughout 2021, providing governments with a substitute or supplemental capabilities and further enlarging the global actor space.

Adversaries continue to show that they have moved beyond malware. Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint. Rather, they have been observed using legitimate credentials and built-in tools — an approach known as “living off the land” (LOTL) — in a deliberate effort to evade detection by legacy antivirus products.

Also Read: Russia-Ukraine conflict a watershed moment in cyberattacks

(Abhijit Roy is a technology explainer and business journalist. He has worked with Strait Times of Singapore, Business Today, Economic Times and The Telegraph. Also worked with PwC, IBM, Wipro, Ericsson.)

(Disclaimer: The views expressed in the article above are those of the author’s and do not necessarily represent or reflect the views of Autofintechs.com. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.)

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Popular

More like this
Related

Metaverse spurs Augmented/Virtual Reality growth & the big shift from mobile to wearables ⭐

How is metaverse shifting the focus from mobile to wearables and spurring the growth of AR and VR?

Global IT spending & AI investment to pick up to fast-track digital transformation ⭐

Global IT spending and investment in artificial intelligence are bound to surge, and it will eventually fast-track the digital transformation.

Is football fated to fail in India?

Indian football, despite having tremendous potential, is still in...

Is Bengaluru a smart city?

Bengaluru is considered a smart city. But the recent flood has raised the question if it is truly a smart city or not.