Cyber Attacks and Data Breaches in Review: January 2022

Welcome to our first review of cyber attacks and data breaches of 2022. In January, we discovered 66 million breached records from 95 publicly disclosed security incidents.

You can find the full list of security incidents on our sister site. In this blog, we take a closer look at the cyber threat landscape in Europe.

Europe braces for cyber attacks as Russia–Ukraine tensions grow

For weeks, Russian troops have been massing along the Ukrainian border. Although there is obviously a lot more at stake than the possibility of criminal hacking affecting organisations’ ability to operate, political conflicts often play out in cyberspace.

In 2015, the Ukrainian power grid was shut down in a cyber attack, reportedly instigated by Russian forces. Two years later, Russia was again alleged to have targeted Ukrainian essential services in a ransomware attack dubbed ‘NotPetya’.

That attack was notable because the actors failed to control NotPetya’s worming capability, resulting in organisations across the globe being infected.

In 2020, the US government charged six Russian intelligence officers thought to be responsible for the incident.

John Demers, US assistant attorney general for national security, said: “No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite.”

He called the attack “the most disruptive and destructive series of computer attacks ever attributed to a single group”, adding that “no nation will recapture greatness while behaving in this way”.

However, that statement is looking less certain, with experts fearing the damage that a fresh wave of Russian cyber attacks could cause.

UK advises organisations to bolster their defences

Last Friday, the UK’s NCSC (National Cyber Security Centre) warned businesses that they could be targeted by Russian cyber criminals.

Those most likely to be targeted are involved in critical national infrastructure, including the energy, water, transportation, health and telecommunications sectors.

The NCSC has advised organisations on specific vulnerabilities that Russian hackers have been known to exploit.

Paul Chichester, the NCSC’s director of operations, said: “While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient.”

The Ukrainian government has already been targeted by an attack recently, with its websites hacked to display a message reading “be afraid and expect the worst”.

The threat of escalation

Despite these warnings, many UK and US experts believe there is little cause for concern. The former head of the NCSC, Ciaran Martin, said that a cyber attack against the UK was “quite unlikely”.

One reason for this is the strength of the UK and US’s counterintelligence agencies. With inside access to Russian networks, both countries would be capable of launching retaliatory action, bringing with it the threat of mutually assured destruction should Russia strike first.

However, there remains a threat to countries whose systems are less equipped to handle attacks – with Ukraine chief among them.

Russia has already shown that it’s not afraid to target the country, and the fear is that these incidents won’t be limited to cyberspace.

If there are to be attacks against Ukraine, it’s likely that they will be used to support hard power. Power lines and communication channels are the most obvious targets, potentially giving Russian forces the upper hand if a conflict broke out.

This looks even more likely following a pre-emptive strike on Belarus by a pro-democracy group called Cyber Partisans. The ‘hacktivists’ claimed responsibility for a ransomware attack on the Belarusian railway system, which is reportedly being used by Russia to transport tanks and weapons into the region.

In a post on its Telegram page, the group said that rather than a ransom demand, they ordered the release of several political prisoners, which they said are being illegally detained.

Speaking to Ars Technica, a representative for the hackers said: “The government continues to suppress the free will of Belarusians, imprison innocent people, they continue to unlawfully keep […] thousands of political prisoners.”

Cyber Partisans added: “The major goal is to overthrow [Belarusian President] Lukashenko’s regime, keep the sovereignty and build a democratic state with the rule of law, independent institutions and protection of human rights.”

Although the Belarusian government hasn’t yet confirmed the attack, a railway notification to travellers announced that it was suffering “technical” difficulties that were causing problems for electronic service delivery.

Whether this attack, and the possibility of more like it, will deter – or provoke – Russian forces is yet to be seen.

However, organisations across Europe can be certain that the threat will continue, and are advised to prepare for the possibility of becoming a bystander in a proxy war that, for now at least, is being fought online.

Are you prepared for a cyber attack?

If you find yourself facing a cyber security disaster, IT Governance is here to help.

Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.