attack vectors

(Photo by AFP)

Could attack vectors used in Russia and Ukraine cyberattacks target Southeast Asia?  

There is a myriad of attack vectors today that continue to cause problems to organizations. In fact, the two biggest ones to organizations for years are malware and ransomware.

According to Fortinet’s FortiGuard Labs Global Threat Landscape Report, threat intelligence from the second half of 2021 revealed an increase in the automation and speed of attacks demonstrating more advanced persistent cybercrime strategies that are more destructive and unpredictable.

The report also showed that threat actors continue to attack organizations with a variety of new as well as previously seen ransomware strains, often leaving a trail of destruction. Old ransomware is being actively updated and enhanced, sometimes with wiper malware included, while other ransomware is evolving to adopt Ransomware-as-as-Service business models.

Russia’s invasion of Ukraine defines exactly what modern warfare involving attack vectors is all about. While armed conflict on the ground continues to be the main focus, the cyber warfare in the conflict is probably the biggest ever witnessed in the world.

Both countries have been using hackers and cybercriminals to launch cyber attacks on each other. While the world’s largest cybercriminal groups have pledged their support to Russia, Ukraine has appealed to hackers and hacktivists in the hacker network to defend them and also launch counter-attacks.

Both sides have been getting positive responses from the hackers. Hacker groups like Anonymous have already launched several successful cyberattacks on Russia while pro-Russian ransomware gangs have also crippled infrastructures and websites in Ukraine.

One attack vector that has been making headlines is the HermeticWiper malware. The malware can wipe out all the data on the system it has infected. What makes it more concerning is that the deleted data is unrecoverable. Some cyber security experts feel that this malware has spread widely and could potentially wreak havoc outside of Ukraine.

While the malware is focused in Ukraine, there is a strong possibility that the attack vector could be adopted by cybercriminals to launch attacks in other parts of the world. For example, Southeast Asian businesses, which are prone to cyber-attacks could be targeted by malware.

Threat actors in Southeast Asia

Interestingly, Jonas Walker, a security strategist from Fortinet sees most of the current wiper activity happening in Ukraine. Walker believes that while these attack vectors are of great concern, the reality is, the attacks in Ukraine and Russia now are more espionage and sabotage motivated due to the interest of counterintelligence and the goal of disrupting the opponent’s infrastructure.

Walker explained that most cybercriminals are often financially motivated, which is why they would launch cyberattacks on organizations in the first place. They would attack an organization, steal the data and hold the company ransom. Even if the ransom is not paid, most cybercriminals would sell the data on the dark web instead of deleting it.

On the other hand, the HermeticWiper malware does not meet the requirements of cybercriminals targeting businesses in this part of the world. Moreover, there would be little financial motivation or gain for cybercriminals should they use the malware in Asia, especially since it deletes all data.

Having said that, Walker did warn that this does not mean that the attack actor may not be used at all. For example, state-sponsored hackers could use such methods for sabotage in Southeast Asia in the future. Some hackers would just launch such threat vectors on organizations just for the fun of it as well.

As such, Walker highlighted the importance of organizations to be vigilant and have sufficient cybersecurity as well as data protection on their organization. This includes utilizing threat intelligence as well as having a security framework that enables full visibility of the organization.

This includes a risk prioritized approach to fully updating and patching cybersecurity solutions, reviewing overall security postures to ensure any gaps are addressed and using threat intelligence to protect against possible threat vectors. It should also involve a review of basic cyber hygiene best practices.