Following a large build-up of Russian military forces on the Ukrainian border, Russian forces invaded Ukraine on February 24. The invasion of Russia has been met with condemnation from around the world. Nations have come out in support, enacting ever-increasing economic sanctions against Russia and providing Ukraine with equipment and resources. The invasion has also strengthened ties within the European Union, as well as highlighting the importance of NATO.
An answer surprised many, but in hindsight, it was pretty obvious what would happen. A few hours after the news of the invasion of Russia, a message was sent aware on Twitter by YourAnonNewsdeclaring: “The Anonymous collective is officially in cyber war against the Russian government.”
Operation Russia, or #OpRussia, as it is also known, has been one of the largest campaigns of Anonymous since the group’s inception nearly two decades ago. Anonymous is an online hacktivist collective that has been described as everything from a digital version of Robin Hood a cyber terrorists.
Operation Russia has been possibly their largest campaign to date, both in terms of scope and scale. Anonymous has previously targeted corporations, unions and other groups, but this is the first time they have attacked the government of a nation state.
Following its announcement, Anonymous has so far hacked into the Central Bank of Russia, released the personal data of 120,000 Russian soldiers and accessed the Kremlin’s closed-circuit television system. Also has attacked Russia’s critical infrastructure, shutting down gas pipelines in the process, Y hacked Russia’s state media organizations replace original scheduled content with videos of the invasion.
The actual effectiveness of these attacks, in terms of how far they were able to penetrate, is up for debate, but what cannot be denied is that many of Russia’s systems were hacked. It was reclaimed that Anonymous was able to take down more than 1,500 Russian and Belarusian websites, including state media and financial institutionsin a period of 72 hours.
As such, the damage to the Russian government’s reputation has been substantial, as it was shown to be not as invincible as previously claimed. “Anonymous has taken a big step, regardless of whether or not it actually caused any harm,” says Brad King, chief technology officer of scale. “You put an image on the screen of what is supposed to be an important government site and you have done damage.”
One thing Operation Russia has done is raise global awareness of the dangers of being hacked. Cyber attacks no longer have purely virtual consequences, as online activities can now be linked to real-world effects.
The scale and audacity of Anonymous’s operation has made a topic normally covered in the technology section once again front page news,” says Dave Lear, principal security architect at an end-user organization. “The general population is beginning to appreciate the importance of strong operational security. Anonymous has brought consciousness further to the forefront.
“Cyber security has always been a business requirement, with mandatory annual training that people have to do,” he says. “They understand it more now.”
As the Operation Russia campaign continues, questions have been raised about the possibility of similar attacks against the UK in the future. As such, many organizations are now reviewing their own cyber security posture and determining if they are capable enough to defend themselves.
“Our executive board came to me and said, ‘We have heard that this is happening in Russia. How can that affect us? What should we do and what should we be aware of?’” says Lear. “I had to write a document outlining what happened, the likely outcome, what to expect, and what we need to do now to be prepared for the future.”
lessons to learn
One consequence of Operation Russia is that cybersecurity budgets have been protected for the next fiscal year. Despite the current economic uncertainty, which has seen the budgets of many departments reduced, the current situation has reinforced the need for organizations to have a prepared security team.
“Companies may be cutting other things to save money, but they’re not cutting their cyber budget,” says Lear. “The cyber market, in terms of jobs, is buoyant. This is where the money is invested.”
Even security professionals who are not actively looking for work continue to be approached by recruitment agencies for positions at other organizations. This has also led organizations to invest in new cybersecurity technologies to better protect themselves against attacks. The need to protect against ransomware attacks has made many look to cloud storage platforms for object locking.
“People likes it see, Commvault and others are pushing this idea of object locking, which is the aws technology to block data deletion for a fixed period of time,” says King at Scality. “This prevents hackers from being able to corrupt backups.”
The current penchant for targeted ransomware attacks cloud backups, as well as its servers, has caused targets to be unable to restore their data. As such, offline backups such as Magnetic tapefor example, they have experienced a resurgence, so an offline backup is available if the cloud storage backup has been compromised.
The need to schedule server updates as soon as they are released has also been highlighted, as many of the attacks have been made through outdated or poorly patched systems. “We’re seeing our customers take keeping their server software up to date much more seriously,” says King.
“There were some zero-day bugs and customers used to say, ‘We’ll look at it in the next couple of weeks.’ Now, they come to us and ask, ‘How does this affect our platform?’ People are certainly becoming more cautious.”
The unknown nature of Anonymous has also meant that there is renewed interest in a global identification system. “There’s going to be a push to move faster on global trusted identification for human beings,” says King. “Being able to be sure that someone is who they say they are is already a key step. The most advanced is the ability to have a global identity.”
One of the key questions that Operation Russia has raised is: ‘Are we prepared and could we stop it?’ Unfortunately, the answer for many will be that it is highly unlikely. No matter how solid a defense strategy may be, anyone who has enough intent to break into a system will be able to do so. “We can mitigate and we can defend. It’s about whether or not we can prevent it,” says Lear.
“You look at Russia and the things they have been doing in the past. They have had this capability for decades – you would think they would have put some defensive measures on their side that are being breached.”
Same as him I want to cry attack in 2017, Operation Russia has been a wake-up call for the technology sector. When the WannaCry attack spread across the internet, many organizations only had one IT team and security was not something they took seriously enough. In the aftermath that followed, organizations started to have their own cyber security plugin, because they realized this could happen to them. The same is true today: Anonymous, having proven the damage hackers can cause, has reinforced the idea that security is no longer a luxury, but a necessity.
Greater tensions and greater risks
“The NCSC is not aware of any current specific threats to UK organizations in relation to events in and around Ukraine,” says a spokesperson for the NCSC. National Cyber Security Center. “During heightened periods of international tension, all organizations should be vigilant about cyber compromise risk and follow our guidance for heightened periods of cyber risk.”
This increased tension has been seen in many organizations that require additional levels of security. For example, the financial sector has responded by requiring additional confirmations of identity every time online purchases are made.
However, organizations that take the proper steps to strengthen their cybersecurity posture, by ensuring that their systems are securely patched and by having a strong online and offline backup policy in place, will mitigate the risk that their systems be penetrated.
“Many apps are willing to risk frustrating customers with multi-factor authentication to make sure they don’t get hacked,” says King.
A further step in your preparation will be to ensure that disaster recovery plans are in place, in the event of the loss of key websites or systems, as well as ensuring contingency plans are up to date with the latest network details.
“Most companies that are serious about cyber security will expect to be hacked at some point in some form,” says Lear. “There is so much capacity out there that you can’t stop everything. What you have to do is balance the impact and how to deal with it.”