This is according to Nclose’s co-founder and technical director, Martin Potgieter, who says speculation and concern is mounting around the world, over what Russia’s cybercrime syndicates’ next moves will be.
Says Potgieter: “Currently, the cybercrime focus appears to be predominantly between Russia and Ukraine cybercrime groups and governments. While this is strictly speaking cyberwarfare, it could quickly spread elsewhere. “What we are seeing is that a few of these cybercrime groups are either taking sides or imploding amongst themselves due to their Eastern European links with one another. Something else we have noticed is a strain of malware termed 'wiperware', which is an evolution of ransomware that is used to permanently destroy data – but again, the main targets are between Ukraine and Russian points of interest. More importantly, this malware is not a new form as it existed before the war, so many security technologies are able to detect variants of it.”
Potgieter adds: “There have been some cyberattacks but nothing on a massive scale outside the Russian and Ukraine conflict. The reason we may have not seen a massive cyberattack in the Ukraine-Russia conflict is because of the potential consequences between two countries should they decide to wage a full-scale cyberattack against one another. The assumption is no one knows how badly matters would escalate following a major cyberattack. It could have a devastating effect for both sides, which is something neither wants, very similar to the use of nuclear weapons.”
Cause for concern is the monitoring and control of sites in Russia to control the flow of news, and sanctions imposed against Russia. Potgieter says: “There is growing concern that the sanctions imposed on Russia could force cybercrime syndicates to think outside the box. The cybercrime channels these syndicates operate in could become compromised and these sanctions may affect their revenue streams, resulting in possibly new forms and types of ransomware, or make criminals more aggressive in their techniques, methods and operations.
“This domino effect could potentially lead to a rise in cybercrimes, as these criminal organisations try to maintain their operations, we could see more non-traditional approaches within the cyberspace as desperation can force innovation in these sorts of unique circumstances.”
“My focus at the moment is what new types of cybercrimes could emerge from this. The wiperware strain is something that deletes data, so that would be difficult to monetise, but there may be more to it. Something like wiperware could be a catalyst for something more sinister or new that could be monetised, but unfortunately only time will tell. Sometimes in a scenario like this, the best thing to do is to think like a cybercriminal, and what their plans would be. This is an evolving situation, and we are closely monitoring it.”
Potgieter says that organisations should be vigilant. “This is an industry that can change overnight, and we must adapt the same way the cybercriminals do. We are closely tracking the situation on behalf of our clients and continuing to apply best practice security procedures such as patching vulnerabilities, making sure backups are resilient, testing our IR processes, locking down networks and systems, and enforcing strong authentication,” he says.