When we talk of cybersecurity, there are many dimensions to cover; many aspects to discuss. However, some of them are always in the headlines and grab more attention than others. For example, the current Russia-Ukraine conflict and the fierce cyber war is the hottest of all today. Not far behind is the ever-increasing clout of ransomware attacks and the adverse impact it leaves on businesses for weeks, months, and in some cases, even years!
The economists at Goldman Sachs are very clear that that infrastructure responsible for generating and distributing energy, financial services, and the transport sector in the US is particularly vulnerable to potential Russian cyber-attacks that could cause billions of dollars’ worth of damage.
We are just halfway into 2022 and there have many high profile attacks already. The supply chain attack on Puma, CVS Pharmacy data breach, Samsung data leak and extortion case, Maryland Department of Health ransomware attack, Okta cyberattack to name a few…
Avoiding cyberattacks is quite a difficult task if not outright impossible. Most businesses today rely on technologies and digital infrastructures which is mostly outside the traditional perimeter of defence, and this creates a different level of cyber risk.
On the side lines of recently concluded ESET World, dynamicCISO spoke to Robert Lipovsky, Principal Malware Researcher, Righard Zwienenberg, Senior Research Fellow and Pamela Ong, Sales Director, APAC, ESET on a variety of issues including:
- The current Russia-Ukraine crisis and dangers of nation-state cyberattacks
- Cyber wars and its implications on global supply chains
- Changed threat landscape due to hyper digitalisation and remedies to counter attacks
- Key announcements in ESET World 2022
Read the interview excerpts below:
DCISO: The Russia-Ukraine conflict has not only put the global economy in a spot, but also has shaken up the cyber world. Parallel to the physical war, a fiercer, global cyberwar is waged. What’s your assessment of nation-state attacks, cyber warfare and its global ramifications?
Robert Lipovsky: Cyber is a domain in warfare and Russian* cyberattacks have been happening alongside the barbaric military invasion since February this year. Russia has indulged in a cyber war since the annexation of Crimea and the beginning of the war in Donbas in 2014.
The attackers have two main objectives in mind:
- Cyber espionage for data collection, and depending on the targeted institution (if it’s a diplomatic or military entity) gain a tactical advantage over the adversary
- Cyber-sabotage as disruptive and destructive attacks, such as the recent wiper campaigns, and also the attacks against the Ukrainian power grid, or faux ransomware attacks like NotPetya in 2017. The last two examples also indicate towards sowing chaos. In case of NotPetya, they have not only inflicted significant damages on businesses, causing country-wide disruption in Ukraine but also beyond its borders and becoming the costliest cyberattack ever.
DCISO: Russians are waging a slow war now. Businesses are watching the situation and wondering how to mitigate supply chain cyber risks in such uncertain times? Do you think there is an impact? If yes, how to mitigate that risk?
Righard Zwienenberg: Firstly, the current situation should not be the catalyst to think about how to mitigate the supply chain risk. This should always be on the radar of any CISO or Security leader. A good example of this is Colonial Pipeline attack in the US in May 2021, where a ransomware attack led one of the largest US fuel pipeline operators to shut down its entire network. The shutdown itself had an immediate impact on fuel supply and caused a cascading impact, including higher prices and hoarding of gasoline. Without corrective measures, this could have posed a pipeline integrity risk to public safety, property and the environment. The supply chain is quite huge in that case.
Kaseya ransomware attack is another good example of a supply chain attack where the ransomware was cascading down to hundreds of companies affecting supermarkets, schools and IT companies across the globe. Then we saw Log4shell vulnerability being exploited, which caused serious cascading effects on a lot of software!
The Russia-Ukraine crisis does have an imminent cyber risk on the supply chain. A very important aspect of a supply chain attack is that it endangers a whole series of other companies and organisations by disrupting typical services or the supply chain itself. Due to the economic sanctions (from both sides), companies had to abandon long-term (trusted) suppliers and find new suppliers without having the time for the CISO to do a proper risk analysis.
In such uncertain times, the initial mitigation can be through transparency between suppliers and customers – ensuring that they are aware of the ad hoc changes, so they can spend additional time monitoring for potential issues or attacks. It should be followed by performing a risk analysis and acting on it. Then one needs to find out other potential issues to assess. For example:
- Nefarious use of Service
- Account/Service Hijacking
- Financial DDoS
- Data Loss/Data Leakage
- Unknown Risk Profile
- Hidden Logs/Intrusion Attempts
- Insider Abuse
- Supply Chain Attacks
- GDPR vs Cloud Act Issues
DCISO: Let’s shift gears. The accelerated digitalisation has also led to a record-breaking surge in cyberattacks. World Economic Forum Outlook for 2022 says “Ransomware attacks saw 151% increase in the first six months of 2021. On average, there were 270 cyberattacks per organisation in 2021, a 31% increase over 2020.” What does this shift and expansion in the threat surface mean for businesses?
Righard Zwienenberg: Businesses should understand that digitalisation increasingly leads to work with a Cloud Service. We need to realise that Cloud is nothing but other people’s computers! Using a cloud service means networks from outside your protected perimeter are connected to and trusted by your corporate network.
When adopting a cloud service, the features and functionality may be well displayed, but is opaque on compliance of internal security procedures, configuration hardening and patching.
- How is your data and related logs stored and who has access to them?
- What information, if any, will the vendor disclose in the event of a security incident?
Often such questions are are overlooked, leaving customers with an unknown risk profile. A clear and old example of this problem is the Heartland Data Breach where its payment processing systems were found using unpatched software known to be vulnerable to attack. And Heartland was ‘willing to do only the bare minimum and comply with state laws instead of taking the extra effort to notify every single customer, regardless of law, about whether their data [had] been stolen.’ I’m referring to this older example to highlight the fact that the environment has not really improved.
All combined, it makes it easier for ransomware (or cyberattacks in general) to affect your network and business, as they are already ‘inside’ since you connected to them! A direct attack aimed at a company’s network will be noted and is visible in the gateway log files. However, what if the attack is aimed at or is from the cloud service? None of this gets noticed in the company’s gateway log files.
DCISO: Addressing the Digital Risk is one of the key concerns for businesses to insulate themselves from volatility and unwarranted incidents. How can CISOs and cybersecurity leaders work towards creating a resilient framework that is agile, adapts to the fluid conditions, maintain seamless business continuity, and capitalise on market opportunities?
Righard Zwienenberg: It is extremely difficult to create a resilient framework – agile and adaptable – that can work for every industry, every enterprise, every user. Each industry has its own unique problems to deal with. Think about infrastructures with cloud services and/or IoT, blockchains, AI, etc. Every type of problem, known or unknown, has its own unique risk that needs to be identified, documented and have a mitigation plan in place to create resilience. The problems keep evolving and thus these plans need to be revisited over and over to make sure the mitigation solution stays valid.
That said, an industry-dedicated framework focusing on the problems of that industry can work, if the CISOs of different industry competitors are willing to share valuable inputs on potential issues to an industry “Information Sharing and Analysis Centre” (ISAC), which, in turn, will share back all gathered information with participants, for them to adapt to newly detected potential issues.
DCISO: Preventing threats in a digital world demands iterative development. How is ESET helping its customers?
Pamela Ong: Over the past three decades, we have continued to innovate and introduce new solutions to stay ahead of the cyber threat landscape. ESET’s security solutions are able to cater to customers’ unique needs, including the flexibility of cloud deployment, to ensure that our products are accessible to everyone.
Recently, we introduced ESET Inspect Cloud to offer businesses a powerful threat detection and response for protection beyond the endpoint. We are also working with Intel to integrate Intel Threat Detection Technology into our multi-layered cybersecurity technology suites. This integration means ESET endpoint security software running on Intel-based PCs can deliver superior ransomware protection.
During the recently concluded ESET World, we unveiled our new brand proposition, “Progress. Protected.” We also announced the ESET NetProtect, a new suite of products for the Telcos and Internet Service Providers. We believe there is an enormous opportunity for ESET to offer expertise and work with telcos and ISPs to take a different approach to protect consumers from various online threats, such as phishing. These solutions can block threats in real-time at the ISP and Telco level before they even reach the user, effectively protecting everyone who is connected to the same internet connection without installing any security solution.
This is especially crucial in light of ESET’s APAC Consumer Cybersecurity Survey 2021, which revealed that the majority of respondents in the region did not install any security solution on their device despite having experienced a cyberattack or online threat.