Authored by: Malcolm Rowe, Head of APAC at OPSWAT
The Russia and Ukraine cyber warfare history
Ukraine has suffered repeated hacking attacks since 2015, and in 2017 Russia went to war with Ukraine with a cyberattack that resulted in the most destructive and costly cyberattack in the country’s history. Blackened computer screens, inoperable ATMs preventing people from withdrawing money, and lost internet connections resulting in the inability to send and receive emails caused unfathomable disruption. The cyber-attack threw Ukrainian companies from light into darkness, and the power outage also made it impossible to monitor the radiation levels at the Chernobyl nuclear power plant - causing fear in the hearts of the people. That attack is estimated to have caused more than $10 billion in damage.
You might wonder, what kind of cyber-attack can cause such massive economic damage and widespread fear? And what kind of attack can paralyze a nation's critical infrastructure such as nuclear power plants, banks, and the internet?
Are we safe in the country we are living in?
According to the new SANS research, critical infrastructure is being actively targeted by cyber attackers, especially the OT/ICS environments. It’s reported that several countries in Asia have been facing malicious cyber activities and the governments are urging businesses to strengthen their cyber defenses and secure their devices, networks, and systems.
Critical infrastructure (CI) is a collection of systems, networks, and assets that are vital to a country's security, economy, and public health and safety that their ongoing functioning is necessary.
Although essential infrastructure is similar in all countries owing to basic human needs, critical infrastructure can differ depending on a country's demands, resources, and development level.
Critical infrastructure protection (CIP) has been more urgent than ever resulting from Russia's invasion of Ukraine. While countries around the globe are uneasy about the shifting threat landscape, we’re seeing a widespread adoption of cybersecurity initiatives throughout the APAC region.
Countries’ plans for improving critical infrastructure protection:
Singapore unveils a revised national plan that aims to assume a more proactive stance in addressing threats and drive its cybersecurity posture, including a new operational technology competency framework. [reference] The Cyber Security Agency of Singapore (CSA) is also reviewing and updating its cyber resilience of Critical Information Infrastructure sectors to better secure Singapore’s cyberspace. [reference]
Malaysia to enhance the infrastructure security in facing any possible cyber-attacks or misinformation campaigns. [reference]
Taiwan has been experiencing 20 million to 40 million cyberattacks every month. The “cybersecurity is national security” strategy launched by the government is aiming to protect critical infrastructure, core databases, implement new regulations, cultivate talent, and support the industry. [reference]
Malicious cyber activity could impact Australian organizations through unintended disruption or uncontained malicious cyber activities. While the ACSC is not aware of any current or specific threats to Australian organizations, adopting an enhanced cybersecurity posture and increased monitoring for threats will help to reduce the impacts to Australian organizations. [reference] Australia has recently amended its critical infrastructure laws to require effective privileged access management [reference]
What’s a Zero Day attack?
A zero-day attack is when a hacker discovers a security flaw in the software and exploits it to launch an attack. "Zero-day" is actually a broad term referring to when a vendor or developer has just discovered a software flaw and has "zero-day" time to fix it, but when a hacker exploits a bug before the developer has a chance to fix it, that’s when a "zero-day attack" occurs. Although developers only have zero days to fix software security vulnerabilities, according to the survey, it usually takes an average of 1-9 days to test & release a patch, and the speed of such patch releases are much slower than hackers using them to launch attacks.
In 2017, hackers discovered a zero day exploit in MS Word and built Dridex, a Trojan that was packed in MS Word documents. The Trojan would be activated if someone downloaded the document from the email. McAfee was the company that initially found the flaw and alerted Microsoft. However, by the time Microsoft could come up with a patch, millions of users had fallen prey to this attack and installed malware on their device, which was able to capture banking log-in credentials.
According to investigations by several information security companies, hackers around the world have intensified their attacks during the epidemic, which has also led to the capture of many well-known high-tech manufacturing industries in Taiwan, resulting in huge operational losses. In order for APAC countries to not to be the next Ukraine, blocking zero-day attacks is key to critical infrastructure protection.
Blocking Zero-Day Attacks with a Zero-Trust Philosophy
Today's network attacks are constantly changing. Although everyone knows that emails from unknown sources should not be opened, links and attachments should not be clicked, and confidential information should not be given casually, the methods of network attacks are changing every day. In the hope of reducing human factors, it is better to lay out information security defense lines within the enterprise and create a secure network environment with zero trust as the architecture.
A zero-trust philosophy means organizations do not trust any file and assumes that all files and devices carry threats, which come from a variety of known and unknown sources. Therefore, all files and devices need to be handled carefully with zero-trust principles. The information security solution that enterprises and organizations need most is to quickly establish a next-gen information security protection mechanism with zero-trust as the core without changing the original information structure.
What additional technologies should we adopt to protect critical infrastructure from zero-day attacks as they happen?
There are many cybersecurity solutions that could be used to enable zero-trust philosophy in order to protect critical infrastructure, but there are four technologies that could be greatly beneficial to enterprises and should be taken as the first step:
CDR technology: A “content disarm and reconstruction” approach, also known as data sanitization. By sanitizing each file and removing any potential embedded threats, CDR effectively ‘disarms’ all file-based threats including - known and unknown threats; complex and sandbox aware threats; and threats that are equipped with malware evasion technology such as Fully Undetectable malware, VMware detection, obfuscation and many others.
Multiscanning technology: Multiscanning is an advanced threat detection and prevention technology that increases detection rates, decreases outbreak detection times, and provides resiliency for single vendor anti-malware solutions. A single antivirus engine can detect 40%-80% of malware / viruses, but with anti-malware engines that are more than 30, the detection rates can get greater than 99%.
Data Loss Prevention (DLP) technology: DLP can help prevent potential data breaches and regulatory compliance violations by detecting and blocking sensitive and confidential data in files and emails, including credit card numbers and social security numbers. OPSWAT Proactive DLP supports a wide range of file types, including Microsoft Office and PDF.
In recent months, we have seen an increase in the number of cyberattacks in the Asia Pacific (APAC) region. Researchers also discovered that when compared to May 2020, the number of cyberattacks in Asia Pacific (APAC) has increased by 168 percent year over year.
Cyberwar and disruption to critical infrastructure can be scary – especially while we witness the tragedies in Ukraine, but cybersecurity is no longer an afterthought in these unprecedented times.
Attacks against our critical infrastructures such as power, water, health, and financial systems are expected. It’s crucial for countries and governments to take action and proactively adopt the right technologies and solutions when coping with new and quickly evolving threats to critical infrastructures.