Russian-Ukrainian policy places Australian government IT infrastructure at the mercy of cyber warfare

For decades, when someone heard the word “gang”, they automatically associated it with violent crime on the streets, or the slums, or “the neighborhood”; the underworld of turmoil, drive-by shootings, drug dealing, intertwined with ulterior motives, politics and monetary incentives. But today, gang warfare and violent crime have taken on a new shape and position.

In the world of governmental and political conflict, much of what makes the news of serious national and local security threats relates to malicious attacks on critical IT infrastructure, with highly sensitive data and critical assets compromised. From secret service research to war strategies and allied communication, we talk about international threats on a global scale.

Today, malicious gang attacks have moved into cyberspace, often executed through online communication on social media. It involves corruption and ransomware offenses and related conspiracies in the gloomy internet underworld of the dark web. In 2020, there were over 15 billion user IDs and accounts for sale on the dark web, which is an astronomical amount of sensitive data. This is three times the amount that was on sale two years ago. A gathering place for hackers and online criminals, the dark web now serves as a gathering point for the new, tech-driven face of gangs, a kind of headquarters for lone wolves and gangs to sell sensitive data online. guarantee against sums.

It is important to note that all these credentials and the data they contain allow hackers to access cloud solutions and their data. In other words, digital identity is the key to accessing cloud data that can cripple all operations with a single malicious breach. Once a hacker has logged into a SaaS solution or a cloud-based application, hackers find backdoor entry points to breach the overall cloud infrastructure, and when compromised, operations complete can stop until a point of no return. What’s even more concerning is that most digital identity access management (IAM) systems don’t come with out-of-the-box backup and recovery features or options. But the solutions that IAM systems provide access to often house critical assets that can make or break business progress, depending on how they are used or in whose hands they land.

Cybercrime gangs have ruthlessly made presidents and prime ministers sweat coldly, targeting the critical infrastructure of organizations that directly wage war on the nations these hackers support. And based on tracking data collected by dark web monitoring platform DarkTracer, the Russian Conti gang has risen to cybercrime glory, leading with nearly 200 more attacks on organizations than the most prolific gang today. today. And these thugs are waging war with serious force and strategy; just a few days ago, they threatened with cyber-attacks the critical infrastructures of the countries opposed to the current invasion of Ukraine by Russia, with their ideology, parallel to that of the Kremlin.

World War III is a battle of cyberspace in the making: Russia versus Ukraine

What’s at stake? Government organizations’ entire workflows with the most sensitive forms of data are on the verge of being compromised. From secret service strategies and investigative information to warfare and negotiation tactics, the potential disclosure of data from nations allied to Ukraine could be compromised by a large-scale breach that weighs heavily. Australian government officials are wary of where they stand and where they stand.

Is it scary? It is because it is.

With Russia’s historic use of cyberattacks to threaten adversaries and leave them defenseless, Conti has brought the world to the edge of their seat with their attack which is positioned to be the start of the “first full-scale cyberwar in the making.” “.

Condemning the war in Ukraine while indicating that they were not aligned with any particular government, Conti threatened cyber attacks against allied Ukrainian governments from the perspective of political identification and the position of suffering civilians. The gang said:

“Since the West is known to fight its wars primarily by targeting civilians, we will use our resources to retaliate if the well-being and safety of peaceful citizens are at stake due to US cyber aggression.”

To create context for the potential impact and capability that a cyberattack of this magnitude and type can mean for Ukraine’s Western allies, such as Australia, I will remind you of their past assaults. Conti executed the December 2021 cyber attack on Queensland government-owned CS Energy, as well as two other state-owned attacks on critical infrastructure, with the direct victim not disclosed. The gang fearlessly promised to apply all their might in all such attacks to “[…] retaliate in case Western warmongers attempt to target critical infrastructure in Russia.

Given that Conti’s previous attacks on medium and large businesses have come with big payout incentives, their agenda is clear.

What is the defense strategy of companies at risk?

Australian Prime Minister Scott Morrison is urging organizations to adopt enhanced cybersecurity measures to protect critical assets due to political escalation and conflict in Ukraine. Morrison said:

“There have been a series of cyberattacks against Ukraine and it continues now…Malicious cyberactivity could impact Australian organizations through unintentional disruption or unsustained cyberactivity.”

Institutions like the Australian Cyber ​​​​Security Center have suggested taking advanced measures to detect malicious attackers or attacks in progress to ensure strategic “mitigation and response measures”.

What can organizations do to protect themselves?

With over 83% of businesses citing at least one breach as being access-related in 2020, the current picture for SMBs and businesses across various industries and verticals is not promising. With the continuous developments of new technologies bringing businesses a host of misconfigurations and human errors that can produce vulnerabilities, there is little to be optimistic about. Digital identity, the backdoor for hackers, is opening up more easily as more applications hosting critical assets grow, with new breach strategies evolving daily.

Critical IT assets now require even greater protection and attention. They must be equipped with proactive measures since the responsibility to protect data with backup and recovery rests with their owners – the organizations that create and store them. If government organizations find themselves at the mercy of hacker gangs like Conti, just imagine the level of vulnerability that companies that have taken fewer security precautions to protect critical assets will have. And in the event of a cloud infrastructure breach, if proactive measures and data backup are performed regularly with a tool designed to protect critical cloud-hosted assets, recovery and business-as-usual recovery is a exponentially easier process. Additionally, identity access management systems like OKTA are the gateway to all cloud-based applications of a particular user or multiple users within the enterprise or organization. organization. For a solution like OKTA, there is no out-of-the-box recovery or backup functionality, and the demand for a third-party solution is high. Imagine a system that governs and manages all cloud-based applications that require identity verification and authentication without backup or restore. How does an organization get back on track?

Minimizing the risk of operational downtime, irreparable brand damage, or even national security issues using a comprehensive tenant recovery solution that maximizes retention of digital identity data can prove be the smartest, most cost-effective way to protect critical assets and all hosted data. in the cloud.

Written by Muli Motola, CEO of AccSenSe