Russia’s war on Ukraine and its increasingly isolated internet environment could prompt Russian cybercriminals to think outside the box and launch new forms of cyberattacks.
It depends Nclose‘s co-founder and CTO, Martin Potgieter, who says speculation and concern is growing around the world, about what the next moves of Russian cybercrime syndicates will be.
According to Potgieter: “Currently, cybercrime seems to be concentrated primarily between cybercrime groups and the governments of Russia and Ukraine. While this is strictly speaking cyber warfare, it could quickly spread elsewhere. “What we’re seeing is a few of these cybercrime groups taking sides or imploding with each other because of their Eastern European ties to each other. We also noticed a strain of malware called “wiperware”, which is an evolution of ransomware used to permanently destroy data – but again, the main targets are between Ukrainian and Russian points of interest. More importantly, this malware is not a new form as it existed before the war, so many security technologies are able to detect variants of it.
Potgieter adds: “There have been some cyberattacks but nothing on a large scale outside of the conflict between Russia and Ukraine. The reason why we may not have seen a massive cyberattack in the Ukraine-Russia conflict is due to the potential consequences between two countries if they decide to carry out a large-scale cyberattack against each other. The assumption is that no one knows how bad things would get following a major cyberattack. This could have a devastating effect for both parties, something neither wants, very similar to the use of nuclear weapons.
The source of concern is the monitoring and control of sites in Russia to control the flow of information, and the sanctions imposed against Russia. Potgieter says, “There are growing concerns that the sanctions imposed on Russia will force cybercrime syndicates to think outside the box. The cybercrime channels in which these syndicates operate could be compromised and these sanctions could affect their sources of revenue, possibly leading to new forms and types of ransomware, or making the criminals more aggressive in their techniques, methods and operations.
“This domino effect could potentially lead to an increase in cybercrimes, as these criminal organizations try to maintain their operations, we could see more non-traditional approaches in cyberspace, as desperation can force innovation in these sorts of unique circumstances. .”
“I’m currently focusing on new types of cybercrimes that could result from this. The wiperware strain is something that deletes data, so it would be hard to monetize, but there may be more to it. Something like a wiperware ice could be a catalyst for something more sinister or new that could be monetized, but sadly only time will tell.Sometimes in a scenario like this, the best thing to do is to think like a cybercriminal , and what his plans would be. This is an ever-changing situation, and we are monitoring it closely.
Potgieter says organizations need to be vigilant. “This is an industry that can change overnight, and we must adapt in the same way as cybercriminals. We are closely monitoring the situation on behalf of our customers and continue to apply best practice security procedures. such as patching vulnerabilities, checking backup resilience, testing our IR processes, locking down networks and systems, and applying strong authentication,” he says.