Tag Archive for: cyberwar

Why Kenya is not safe from Russia-Ukraine cyberwar

/in


Malware is a file or a code that is basically meant to breach the security and privacy of a computer, server, client, or network. [File, Standard]

Government agencies and private companies are likely to experience more cyberattacks this year.

Threats to Kenya’s infrastructure, experts say, are likely to be heightened by rising global tensions as countries take sides in the raging Russia-Ukraine conflict

According to the Communications Authority of Kenya (CA), 143 million incidents of cyberattacks were detected in the country last year, which was a 23 per cent increase to 110 million cases.

CA attributed this to a surge in remote working as companies adopted remote working for their staff to mitigate the spread of the Covid-19 pandemic. 

And cyber experts are now concerned that the fallout from Russia’s invasion of Ukraine, which has disrupted financial systems and supply chains as Western countries impose sanctions against Moscow could precipitate the rise in cyberattacks.

Patrick Muya, the head of East Africa business development at Plena Solutions, an Israeli cybersecurity company based in Kenya noted that in the first 48 hours of Russia’s invasion of Ukraine, cybersecurity agencies observed an increase of over 800 per cent in cyberattacks worldwide.

“The increasing threat of cyberattacks is primarily, but not limited to, countries and companies directly involved or associated with the conflict. Cyberattacks know no borders with little to no effect on distance, time, and culture,” observed Mr Muya.

Anticipation of full-blown cyber warfare is on the back of a long history of international attacks coordinated out of Russia. Moscow, for instance, was blamed for the large-scale attack on Ukraine’s power grid in 2015. And in 2017, the Kremlin released on Ukraine the data-wiping NotPetya virus, a destructive malware. The virus ultimately spread globally, hurting companies and State agencies.

Independent Russian hackers have in recent years also been linked to several brazen hacking schemes, including the devastating ransomware hack of the Colonial Pipeline in the US last year.

Mr Muya said it would,…

Source…

‘The Cold War was over, I think it’s restarted’ — Putin’s cyberwar judo tactics, and how to deal with fear of hacks

/in


Russian President Vladimir Putin was stripped of his judo title recently, but experts say he employs the same principles of that martial art in his cyberwarfare strategy: Use an opponent’s strength against them.

Putin, a big fan of judo, lost his status as “honorary president and ambassador” for the International Judo Federation and his “honorary 9th dan black belt” from World Taekwondo, bestowed upon him in 2013, following his invasion of Ukraine. Experts are concerned, however, that he will use the approach he honed in those disciplines through Russia’s enormous cyberwarfare complex.

Russia has long been considered one of the largest practitioners of state-sponsored cyberattacks, regularly receiving mention in cybersecurity-company watch lists. The country has regularly used that capacity in an asymmetrical manner to disrupt adversaries where open hostilities would not be prudent. Against the West, that means targeting a growing reliance upon interconnected networks and open-source software to power government and financial organizations.

Also read: The prospect of more Russian cyberattacks seems increasingly likely. What can you do to protect yourself? Quite a lot, it turns out.

That said, Putin’s greatest weapon in cyberwarfare is using an opponent’s reliance upon intertwined networks and information against them. When Russia hacked into Ukraine’s power grid back in December 2015 and managed to turn the lights on and off for about a quarter-million customers, the most harmful result wasn’t so much the loss of electricity, but the fear it could instill by showing they could simply do it, Sandra Joyce, head of global intelligence at Mandiant Inc.
MNDT,
+16.05%,
told MarketWatch in an interview.

“There is definitely the risk of Russian cyber-aggressors utilizing their current accesses from which to launch an attack,” Joyce told MarketWatch. “It’s the risk of that happening that has increased in the event that Russia decides to retaliate against our sanctions and other measures that we’ve been taking.”

We have nothing to fear but fear itself

Joyce said Russian hackers can already be inside compromised networks like…

Source…

The Cyberwar Is Now Decentralized

/in


Troops massed on a border, politicians making declarations, markets watching nervously. The situation at the Russian-Ukrainian border was such a quagmire until last week. As we go to press, the situation — now kinetic and violent — remains in flux.

There are lessons here for all chief digital officers. Cybersecurity pros often use combative terms like “attack surface” or “intrusion,” and these concepts are easier to visualize when real-life armies are slinging heavy metal at one another.

War of any kind is tragic and represents the ultimate failure of diplomacy. We can view successful cyberwarfare as a failure of digital security, but the term itself is controversial.

What is cyberwarfare? Wikipedia: “Cyberwarfare is the use of digital attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting the vital computer systems.

However, “There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists. One view is that the term “cyberwarfare” is a misnomer since no offensive cyber actions to date could be described as war.”

Perhaps. But the term “war” is always controversial, as opponents in armed conflict always try to spin their positions. As ever, the first casualty of war is the truth.

The Stuxnet Worm

Deployment of the Stuxnet worm in 2010 constituted a cyberattack. Wikipedia: “Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games.

As we go to press, the situation remains in flux

And although neither of the purported players admitted responsibility, “In May 2011,” says Wikipedia, “the PBS program Need To Know cited a statement by Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, in which he said: ‘we’re glad they [the Iranians] are having trouble with their centrifuge machine and that we — the U.S. and its allies — are doing everything we can to make sure that we complicate matters for them,’ offering ‘winking acknowledgment’ of United States involvement in…

Source…

Does Your Cyberinsurance Policy Cover Cyberwar?

/in


Despite your best efforts to prevent it, you get hit by a massive cyberattack. Maybe it’s a data breach; maybe a ransomware attack or maybe a supply chain disruption. You engage a forensics team, work with law enforcement entities and find out that the likely perpetrators were hackers in Russia; possibly working with the Russian government. You file a claim against your comprehensive cyberinsurance policy for the damages, losses and restoration costs covered by the policy. Pretty typical.

But the insurer refuses to pay.

They cite language in your overall property damage insurance policy which excludes from coverage any “hostile or warlike action from any nation-state or their agency.” A data breach or cyberattack is certainly hostile, and the origin of the attack was likely an agent of a nation-state. So, does the language preclude coverage?

War [Exclusions]. Hunh. What Are They Good For?

The war exclusion, like similar exclusions in insurance policies for acts of terrorism and certain acts of God, are intended to divide claims into ordinary claims and risks and extraordinary claims which are not covered by the policy. Extraordinary costs, resulting from extraordinary risks—like war and terrorism—are generally not the subject of insurance, but rather are considered a government problem.

The problem is that most cyberattacks are a hybrid. Russian hackers may be using tools or techniques that are the same as those used by state-sponsored attackers, even when they aren’t working for the state. The truth is, while state-sponsored attacks may be more sophisticated or disruptive, to a victim there is often little difference between a state-sponsored attack and one that is independent of a state actor.

In June of 2017, New Jersey-based pharmaceutical giant Merck was hit with a massive malware attack (a NotPetya attack) which spread to more than 40,000 computers and caused approximately $1.4 billion in losses (including lost revenues). The company had cyberinsurance policies with a number of carriers—including Chubb, AIG, Zurich and Liberty Mutual—and eight reinsurers—including Hannover Re, Munich Re and Generali. Merck had what are called all-risk insurance policies which…

Source…