Email Security Blog

Cybersecurity, Phishing, and Ransomware in a Time of War

With Russia’s recent invasion of Ukraine and rising tensions around the world, organizations in many countries are wondering what their exposure is to catastrophic backend attacks (such as ransomware) kicked off by successful phishing exploits. Cybersecurity, always a concern, has risen to the top of mind.

For U.S. organizations in both public and private sectors, these concerns are heightened by the direct adversarial role the United States is playing against Russia in the conflict. Although no U.S. boots have hit Ukrainian ground, U.S. involvement is crystal clear to Russian observers. And various Russian organizations, both regular military cyber ops personnel and their irregular allies among the digerati, are some of the most advanced black hats in the world.

U.S. industries that can expect an increase in phishing attempts include any organization having to do with infrastructure, high-visibility targets, and firms that have taken an aggressive stance toward Russia. The Colonial Pipeline hack in May 2021 was a classic example of the type of assault U.S. organizations can expect. In the Colonial Pipeline case, a successfully landed phish led to the installation of malware on much of the company’s digital infrastructure. When the infiltration was complete, the hackers unleashed ransomware, which shut down the firm’s billing system. Out of an abundance of caution, management stopped moving gas until the scope of the attack was better understood, disrupting operations for five days.

The perpetrators, DarkSide, a Russian affiliated group, fielded software that checked a target system’s location before dropping its payload. If the system was found to be in one of the former Soviet countries, the software refrained from attacking. DarkSide was not known to be operating under direct Russian military or intelligence supervision, but those entities did nothing to stop it.

A year earlier, the SolarWinds attack, which breached sensitive, high-profile government and commercial organizations, was in fact backed by the Russian government. This highly sophisticated supply-chain attack flowed through companies such as Microsoft and VMware and hit targets such as the U.S. Departments of Commerce and Treasury, NATO, and the European Parliament. The software sat silently for months, gathering data and presumably sending it to the bad guys.

For the present conflict, Russian hackers have foisted ransomware attacks on Ukrainian targets, but they have also made extensive use of distributed denial of service, disinformation, data breach, and other types of attacks. The intention is to degrade Ukrainian networks and disrupt their operations.  

At this moment, sectors that need to be especially wary include manufacturing, banking, government, oil & gas, and healthcare. Also, any company or industry that has taken a strong negative position on Russia can expect more incoming.

A story from Yahoo News on March 2 named firms that have such stances. They include credit card companies American Express, Mastercard, and Visa; tech giant Apple; athletic shoe company Nike; social media firm Snap; investment bank Goldman Sachs; video distributor DirectTV; investment management corporation BlackRock; automobile manufacturer General Motors; motorcycle maker Harley Davidson; entertainment and media conglomerates Disney and Warner Bros.; aircraft manufacturer Boeing; tech company Dell Technologies; social media platforms Meta and Twitter; tech holding company Alphabet; transport giant Delta Air Lines; Elon Musk companies Tesla and SpaceX; logistics firms FedEx and UPS; silicon vendors Intel and AMD; home rental platform Airbnb; online marketplace Etsy; and stock exchanges NYSE and Nasdaq.

Russian hackers are among the world’s best. More than two decades ago, a Bulgarian software programmer who founded a virtual network storage company told me (during a conversation about computer hacking skills), “You haven’t seen anything yet. Wait until the Russians come.”

Most devastating attacks start with a successful phishing expedition. The best phish are impersonations that look just like the real thing. Humans cannot tell the difference. Organizations need to layer specialized anti-phishing software on top of whatever other email security measures they have in place. Protecting against a phishing attack is not a matter of percentages. It’s not good enough to stop 98% of the phish. Like a nuclear bomb, even if only one gets through, it can ruin your whole day.

Learn more about how INKY can protect your company. Get a free 30 day trial of INKY and get protected today.

----------------------

INKY is an award-winning, cloud-based email security solution developed to proactively eliminate phishing emails and malware while simultaneously providing real-time assistance to employees handling suspicious emails so they can make safer decisions. INKY’s patented technology incorporates sophisticated computer vision, machine learning models, social profiling, and stylometry algorithms to effectively sanitize emails, rewrite malicious links, detect and block security threats, mitigate sender impersonation, and more. Cost-effective and powerful, the INKY platform was developed for mobile-first IT organizations and works seamlessly on any device, operating system, and mail client. Learn more about INKY™ or request an online demonstration today.

Topics: