South African organisations may find themselves casualties of the cyber war between Russia and Ukraine, as the former intensifies its military offensive against its neighbour.
In interviews with ITWeb, South African-based cyber security experts say they fear the cyber weapons being deployed by the belligerents may spill into countries like South Africa.
However, they do not believe South Africa will be directly targeted by such attacks at the moment, but are urging local organisations to be on high alert in regards to cyber security.
Since the tensions between Russia and Ukraine started, there has been a marked increase in cyber warfare activity between the countries.
For example, cyber security firm ESET last week discovered new destructive malware circulating in Ukraine, as neighbouring Russia invaded the eastern European country.
ESET’s telemetry data showed the malware was installed on hundreds of machines in the country. According to ESET, this followed some distributed denial-of-service (DDoS) attacks against several Ukrainian websites earlier.
Meta, Facebook’s parent company, said this week that attackers are increasingly targeting officials in the Ukrainian military, as well as politicians and media, to spread disinformation.
Several hours before the launch of missiles or movement of tanks on 24 February, Microsoft’s Threat Intelligence Centre detected a new round of offensive and destructive cyber attacks directed against Ukraine’s digital infrastructure.
Ukraine has also taken the war to Russia via cyberspace by establishing its “IT army” to hack Russian organisations and their allies.
At the time of writing, the IT army had over 266 000 members, while hacker groups such as Anonymous have also declared cyber war against the invading Russia.
Devastating impact
Cyber war broadly defines the global threat of military combat mixed with computer security attacks.
“Considering that many sectors, including countries’ critical infrastructure such as power and water plants, transport, communication networks and banking systems can be targeted, the consequences of a successful cyber attack against a nation state could be catastrophic,” says Pankaj Bhula, regional director for Africa at Check Point Software Technologies.
“We’ve seen the economic and societal damage that can be caused by organised crime groups launching ransomware or extortion attacks. Now imagine a much larger and better equipped cyber team launching multiple attacks at the same time – not for economic gain but merely to disrupt and destroy. It also expands beyond mere destruction, but includes propaganda and misinformation campaigns to drive polarisation and internal unrest in the target’s population, to espionage and disinformation.”
Anna Collard, SVP of content strategy and evangelist at information security company KnowBe4 Africa, says even though state-sponsored cyber attacks against South African organisations traditionally ranked as very low priority, Russia’s past cyber attacks against Ukraine (ie, the nonPetya attack) caused international consequences with severe collateral damage.
“The current malicious cyber activity in [Russian president Vladimir] Putin’s war could impact through disruption or uncontained malware that ‘spills’ over to organisations and countries that are not directly involved, but who may be vulnerable to the exploits used by the aggressors," she says.
“Furthermore, Putin’s bully-like threats to retaliate against imposed sanctions should be taken seriously. Officials in both the US and Europe are warning businesses to be alert to suspicious activity from Russia on their networks and prioritise cyber security.”
Brendan Kotze, chief development officer at cyber security firm Performanta, says Russia and Russian-based affiliates have been using Ukraine as a semi testing ground for some of their cyber weapons for many years.
However, he says from a South African context, at this stage there is no direct threat. “But the fact that Ukrainian and Russian organisations are under attack may result in supply chain attacks from a South African context.
“So I think South Africa, at the moment, can get caught in the crossfire but I don’t think there will be a specific target.”
Bhulais of the view that amid the ongoing geo-political uncertainty brought on by the conflict, there is likely to be a continued uptick in threat activity that cyber security professionals across the globe need to prepare for.
No cyber borders
According to Bhula, instances have already been reported. “For example, Check Point Research teams encountered an upsurge of DDoS attacks, some of them carried out by IOT [internet of things] botnets such as Mirai. We’ve also seen evidence of wiper tools used to take down machines.
“The interconnected nature of global markets and systems introduces the possibility that targeted attacks could impact systems in companies and organisations that are located outside of countries involved in the current geo-political activity.”
Bhula notes cyber criminals use the same vectors and attack surfaces to access online assets, no matter where these assets are physically based.
“This basic tenet of cyber crime was true even before the current conflict and will remain the case after it as well. No individual or organisation is immune, and this applies to South Africa as well. However, in cases of increased risk, it is imperative that information technology teams maintain contact with local and national law enforcement and follow advisories from threat intelligence services.”
He adds that as the physical conflict in Eastern Europe advances, people everywhere are deciding who they will support.
“The same dynamic happens in cyberspace. Hacktivists, cyber criminals, researchers and even technology companies are picking a clear side, emboldened to act on behalf of their choices.”
Ayaz Saiyed, an information security expert at Telspace Systems, says threat actors motivated by crime might see this as an opportunity, or could be influenced to increase their target scope which can result in a possible increase in ransomware and other attacks across the globe.
“Countries like South Africa could be impacted indirectly and must prepare for cyber attacks, as a flow-on effect of the crisis, especially if the situation in Ukraine continues to escalate,” says Saiyed.
Utility fears
He points out that digital technologies have become critical in the cyber world. “Attacks over the internet can be carried out more rapidly compared to traditional weapon attacks and have further widespread effects, such as in the case of attacks that could impact the availability of critical infrastructures, such as the power grid and water supply.
“Cyber attacks are also relatively cheap and easy to perform, but defending against them is becoming increasingly difficult as well as very costly. The global skills shortage in the cyber security sphere is also a factor in further compounding the risk.”
For Kotze, there are a couple of things South African organisations can do to reduce the likelihood of damage.
“These are typical things that we have been trying for years, including administrative access, multi-factor authentication, as well as prioritising vulnerable updates, among others,” he says.
Bhula concurs, saying organisations need broad cyber security coverage, as this has become critical in today’s multi-hybrid environment where the perimeter is now everywhere.
“Users must ensure up-to-date security patches are maintained across all systems and software.”
Share