Blog / What the War in Ukraine Means for your Cyber Security
Much has been made in the western media about the cyber component of the war in Ukraine. Technology experts are watching the first conflict between two developed nations in the 21st century to see how cyber space has been weaponized both offensively and defensively to support a military engagement. While the media and their associated experts are focusing on the cyber impact to either country’s war effort, little has been said about the global “collateral damage” that cyber warfare on this scale will generate. The impact of such a conflict has been a focus of thought for me over the past few years and even though we are only days into this conflict, the cyber fallout has already been felt around the world.
On February 23rd, a day before the large-scale Russian invasion of Ukraine, TRINUS received a notice from Watchguard Technologies about a recently discovered vulnerability in the operating systems for their hardware firewalls. Watchguard is a large manufacturer of firewall hardware and security software that does businesses globally. The vulnerability was discovered by Watchguard in conjunction with the FBI, the UK NSCS and other international law enforcement and cyber security agencies. The notice detailed the potential for a hardware firewall to have its administrative credentials breached and settings adjusted so that it could be added to a botnet that was linked to a “state sponsored” actor. Upon receiving this notice TRINUS leapt into action to confirm that none of our clients’ networks had been jeopardized by this vulnerability. In less than six hours we had confirmed that, due to our setup best practices for these firewalls, that no internal TRINUS or client firewalls had been compromised.
What we would come to learn after the fact is that the state sponsored exploiting this vulnerability was a hacking group closely linked to the Russian government. There is almost no doubt that this vulnerability was weaponized against Ukraine as part of the emerging conflict. While there was no impact to TRINUS clients and most Western organizations this time, it goes to show that the future of cyber warfare will not be contained to traditional borders. Once vulnerabilities such as this are detected and exposed in the public domain, they can be studied and exploited by malicious actors of all types, not just the team that discovered or created them in the first place. As long as a hot cyber war is being waged by two major powers, we can assume that the number of disclosed vulnerabilities will be considerably higher than in times of peace.
While the West may have dodged a cyber bullet in this scenario, no one can say for sure that future threats will have the same outcome. Now more than ever it is critical for businesses, government, and organizations of all sizes to take cyber security seriously by adopting a layered approach to deal with the full gamut of cyber security threats, which includes improving employee attitudes and general culture of an organization towards cyber security, internal policy/procedures, security focused technology solutions, and protective management of a network. If you would like to learn more about applying a layered approach to your organization, please feel free to contact us.
Sincerely,
Kevin White
Director of Operations and Business Development