Russia-linked cyberattacks on Ukraine: A timeline

Cyber incidents are playing a central role in the Russia-Ukraine conflict. Here’s how events are unfolding along with unanswered questions.

It’s been almost six weeks since Russian troops entered Ukraine and the large-scale “cyberwar” expected to accompany the invasion has not yet materialized. Observers and experts have offered many theories about why Russia hasn’t launched a destructive cyberattack on Ukraine yet despite its full capability to do so.

The reasons range from Russia saving its most dangerous cyberattack until the bitter end to the Kremlin’s fear of a devastating Western response. The most intriguing explanation for why Russia hasn’t seemingly unleashed its cyber arsenal is because we’re already in the middle of what Thomas Rid, professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies, calls a secret cyberwar.

The digital cyberwar is playing out in the shadows, Rid argues, with the more apparent cyberattacks taking place to divert attention from the incidents that we’re not supposed to see. Cyberwar has been playing tricks on us, he argues, emerging in the form of seemingly random attacks and then slipping away into the future.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by opsa from Pixabay





How shape-shifting threat actors complicate attack attribution

Researchers explain how they identified—or failed to identify—the threat actors behind three high-profile incidents and why attribution is so difficult.

The already difficult task of attributing a cybersecurity attack to a particular threat actor is made harder by the shape-shifting nature of threat groups. Despite the best efforts of researchers, some attackers may never be identified.

At last week’s VB2021 conference, cybersecurity analysts and researchers walked through the breadcrumbs they followed to identify the malicious actors behind the Colonial Pipeline, Sony Pictures, and Iran railway system attacks. These examples show why attribution is complicated and sometimes impossible.

From Carbanak to BlackMatter

CrowdStrike researchers quickly attributed the Colonial Pipeline attack this past May to a group known as Carbon Spider, likely an Eastern European or Russia-based threat group. But as Josh Reynolds, a senior security researcher at CrowdStrike, and Eric Lou, a senior intelligence analyst at CrowdStrike, spelled out at VB2021, the group wasn’t always a “big game” ransomware threat.

Carbon Spider started in 2013 using Carbanak malware to target financial institutions before moving on in 2015 to target restaurants and the hospitality industry with point-of-sale (POS) malware to collect payment card data. In 2016, Cobalt Spider broke off from Carbon Spider to handle the card data thefts while Carbon Spider continued to target financial entities.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Christina Kirschnerova on Unsplash