Russia-Ukraine Cyber Warfare
Fort Lauderdale Insights

What Fort Lauderdale Business Owners Need To Know About Russia-Ukraine Cyber Warfare

Do you understand how battles are won and lost in the era of cyber warfare? Ilan Sredni recently met with CompTIA’s MJ Shoer to talk about how this new wave of cybercrime can affect businesses in South Florida.

Over the past few weeks, tensions have mounted at the Russia-Ukraine border as President Putin mobilized troops and made overtures of invasion.

While the real-world conflict has been minimal so far, on Feb. 15, Ukraine suffered a major cyberattack on its governmental and banking systems. This is just one of many attacks worldwide that are suspected of originating with Russian hacking groups.

“What users need to know is there’s almost no time for not being on a heightened alert anymore,” says MJ Shoer, CompTIA ISAO. “The fact of the matter is we can never let down our guard these days.”

Do you know what implications this has for the West and what lessons the Fort Lauderdale business community should learn from these incidents?

Check out this discussion between Ilan Sredni, Palindrome Consulting, and MJ Shoer, Executive Director, CompTIA ISAO to find out:

Russia Cyber Attacks Threaten Fort Lauderdale Businesses

“Now we’ve got nations at war,” says MJ. “We’ve always known that nation-states are conducting cyber-surveillance and cyber espionage, now we have a very clear and present danger associated with what’s taking place between Russia and Ukraine.”

This recent attack against Ukraine is a textbook example of cyberwarfare. Ukraine confirmed that the systems compromised in the attack are all critical ministry and banking targets:

• Ministry of Defense website
• Water distribution systems
• Petroleum pipelines
• Citizen banking systems

The attacks used Distributed Denial-of-Service attacks which flood the target website host with multiple data requests, resulting in lags and crashes. They also employed a form of malware similar to ransomware, but instead of encrypting the data, it simply deletes it.

The idea is that by causing chaos at the citizen level (disrupting their access to utilities and finances), Ukraine will be that much easier of a target if and when further military action is taken. A less organized enemy is less capable of defending itself.

This is a clear example of the threat that nation-state-affiliated hackers pose to the world. While they can often be involved in geopolitical conflicts between Russia and Ukraine, these cybercriminals also target businesses (like yours in Fort Lauderdale). That’s why you need to make sure you’re protecting your data.

“It’s only a matter of time until it reaches every country on the planet,” says MJ. “The United States has cause for concern because they’re leading the western response.”

Nation-State Attacks Have Been On The Rise For Years

Often originating in Asian and Middle Eastern countries, nation-state cyberattacks are unique in their danger because they are often executed with greater resources and near-total immunity from any sort of justice when compared to garden variety, US-based hacks.

For example, in mid-2019, Microsoft warned more than 10,000 users that their personal data may have been affected by nation-state attacks originating in Iran, North Korea and Russia. 84% of these attacks targeted businesses, and the remainder went after individual accounts.

Many respondents in a report by Radware noted anxiety in using newer networked devices and smart technologies that are not necessarily as secure as conventional onsite IT environments. Potential cybersecurity risks include:

• The Cloud: A recent cloud security report shows that whereas two in five managers stated they relied on a hybrid environment made up of cloud and on-premise data centers, only one in ten felt confident in the security of their data in public clouds
• Leading cloud vulnerabilities include unauthorized cloud access (42%), insecure interfaces (42%), misconfiguration of the cloud platform (40%), and account hijacking (39%).
• Those responsible for cybersecurity have difficulty acquiring visibility into cloud infrastructure security and compliance (67%).
• Outdated cybersecurity solutions don’t integrate with the cloud—66% of respondents said their traditional security solutions either don’t work at all, or only provide limited functionality in cloud environments

The bottom line is that if the cloud makes it easier for you and your staff to access your organization’s data, it can potentially make it easier for cybercriminals to do so as well.

The Internet Of Things

The respondents to Radware’s survey shared a range of concerns about the Internet Of Things (IoT):

• Malware propagation (44%)
• Lack of visibility (20%)
• Denial of service (20%)

A popular new arena for technology, it’s estimated that there will be 64 billion IoT devices worldwide by 2025. IoT is a natural evolution of the Internet, consisting of a myriad of new “smart” and “connected” products and technologies for the commercial, consumer, and government environments.

As a so-far unregulated aspect of the IT world, IoT devices have been developed with minimal or nonexistent security features, despite the fact that they often connect over networks to sensitive data.

Should Fort Lauderdale Businesses & Citizens Be Worried About Russian Cyber Attacks?

While we don’t want to incite a panic, it is important to understand the likelihood of Russian-originated cyberattacks against the western world. It’s never been more important for everyone to remain vigilant, both as private citizens and as employees and owners in Fort Lauderdale.

For example, an attack could be similar to that of the Colonial Pipeline incident from last year. This ransomware attack resulted in a widespread shortage of gas across the country. The encryption of the petroleum supplier’s systems forced them to shut down operations for a number of days, highlighting the vulnerability of critical US infrastructure to cybercrime attacks.

However, this sort of infrastructural attack isn’t the only way that Russia could do damage to the US. They are just as likely to target citizens and lower-level employees at private businesses in Fort Lauderdale as well…

The Next Attack May Look Like A Fun App Or Harmless Facebook Quiz…

“If he were ever going to lash back, this could very well be a trigger point,” says MJ. “We have to assume the worst and hope for anything less than that.”

It’s important to keep in mind that not all attack vectors appear as an immediate threat. Often, cybercriminals will use a trendy app or a seemingly innocuous social media trend to gather valuable data on private citizens and key targets at private businesses.

For example, remember Faceapp?

In 2019, it was all the craze. This Russian-based photo-filtering app had seen a major surge in popularity thanks to its age-based filters.

Users were able to upload a selfie and have it automatically aged or de-aged to see what they would look like plus or minus a few decades. Posting wizened selfies on social media has become a viral fad among celebrities and everyday users, reaching well over 150 million users around the world that year

The key issue is that, in order to make these changes, Faceapp stores the image in the company’s own servers. The filters are not, as some would assume, applied on the user’s phone.

This is worrying, given that Faceapp is a Russian company. However, Faceapp CEO Yaroslav Goncharov told the Guardian that data is not transferred to Russia, but is actually stored in US-based data centers operated by Amazon and Google. Goncharov also told the Verge that photos are stored in Faceapp servers in order to save bandwidth when multiple filters are applied and that they get deleted not long after to free up server space.

Unfortunately, all of this was difficult to confirm. The uncertainty and potential for abuse of user data led to a lot of talk about privacy and data usage policies at the time, even by Senate Minority Leader Chuck Schumer.

Schumer requested that the FBI investigate Faceapp, saying, “In the age of facial recognition technology as both a surveillance and security use, it is essential that users have the information they need to ensure their personal and biometric data remains secure, including from hostile foreign governments.”

This is just one example of how nation-state hackers can trick targets into willingly giving up extremely valuable information or downloading dangerous malware. That’s why it’s so important for users to be able to recognize social engineering attacks.

“The next Wordle could very well be anything but safe,” says MJ.

What Fort Lauderdale Business Owners Need To Know About Social Engineering

Social engineering uses manipulation and deception to target a specific individual with the goal of getting them to give up sensitive information, or complete a task that benefits the hacker’s end goal.

Using email tactics similar to those used to spread ransomware, social engineering is the primary way that hackers influence unsuspecting users to do things they normally wouldn’t do. Phishing and Business Email Compromise (BEC) are the two major ways that social engineering is used to target victims.

Phishing is a fraudulent attempt to obtain sensitive information like login credentials or credit card numbers by impersonating trustworthy figures. BEC takes it one step further, targeting known users and prompting them to take action, like wiring money to bank accounts or buying gift cards and sending them to a hacker. In both cases, the cybercriminals exploit the naivety and ignorance of a person to get them to do something they might not normally do.

Spear phishing is an enhanced version of these exploitation methods. The hackers take the time to gather detailed information about the victims, targeting specific people and presenting them with detailed requests that only a knowledgeable person might have, causing the targeted people to lower their guard and leading to much better results.

How Can Fort Lauderdale Citizens & Business Users Defend Against Russian Social Engineering?

• Watch For Overly Generic Content And Greetings: Cybercriminals will send a large batch of emails. Look for examples like “Dear valued customer.”
• Examine The Entire From Email Address: The first part of the email address may be legitimate, but the last part might be off by a letter or may include a number in the usual domain.
• Look For Urgency Or Demanding Actions: “You’ve won! Click here to redeem a prize,” or “We have your browser history pay now or we are telling your boss.”
• Carefully Check All Links: Mouse over the link and see if the link’s destination matches where the email implies you will be taken.
• Notice Misspellings, Incorrect Grammar, & Odd Phrasing: This might be a deliberate attempt to try and bypass spam filters.
• Don’t Click On Attachments Right Away: Virus-containing attachments might have an intriguing message encouraging you to open them such as “Here is the Schedule I promised.”
• Malicious Websites: It’s important to make sure you’re actually visiting the right website. Carefully check the URL, and make sure it begins with “https” (the “s” stands for secure).
• Check App Permissions: Think carefully about what data you’re allowing an app to capture, store and transfer. Review the security permissions, and always err on the side of caution.
• Careful What You Share Online: Think about the security questions you have protecting your email account—are the answers to them available on your public Facebook account? Make sure you don’t overshare online and make sure you choose security questions that only you have the answer to.

“You can’t be too careful,” says MJ.

Don’t Become A Casualty In The New Cyber War

For further news about the Russia-Ukraine cyber-conflict, and extensive resources to support your personal and professional cybersecurity efforts, visit CISA’s Russia Threat Overview & Advisories.

We would also urge you to consider joining CompTIA, which gives its members access to a vast range of valuable resources and tools in support of their cybersecurity.

If you need direct cybersecurity support, get in touch with the Palindrome Consulting team. We offer comprehensive cybersecurity services, including SOC, SIEM, and more, to help you adequately protect your Fort Lauderdale organization against modern cyber threats, including nation-state attacks.