The Gulf Time Newspaper One of the finest business newspapers in the UAE brought to you by our professional writers and editors.
In cyberwarfare, the toughest question to answer definitively is “Who did it?†It’s no surprise then that Microsoft Corp avoided the attribution on everyone else’s lips in its analysis of cyberattacks on Ukraine. That would be Russia. But several clues suggest they not only came from the Kremlin but will follow a pattern of spilling into other countries in Europe and the US, too. That ratchets up geopolitical tension across the world: Ukraine is currently bracing for potential military action from Moscow; Russian President Vladimir Putin has 100,000 troops at the border; and Moscow’s security talks with the US and Nato have broken down.
There’s a lot of circumstantial evidence for a Russian hand in the latest cyberattacks, which affected around 70 government agencies in Ukraine, the worst in the country in four years. They resemble a devastating series that was widely attributed to Moscow, which began in 2015, continued into 2017 and swamped Ukraine’s banks, media and electric utilities with malware targeting Windows-based systems. If so, the wider world outside of Ukraine had better start taking precautions.
Microsoft’s Threat Intelligence Center said the latest assault had a similar profile to 2015 attacks: appearing to be ransomware, residing in file directories, and executing when a computer is switched off. Researchers at the Center say it then overwrites a critical part of a computer’s hard drive with the following ransom note:
“Your hard drive has been corrupted.
Except, that isn’t what a ransom note is usually like. Ransomware attackers often customise different messages for different victims; the attackers in Ukraine last week used the same note for multiple victims. And instead of just encrypting files that could later be deciphered after payment, the perpetrators were far more destructive, completely overwriting data with no possibility of recovery, according to the Microsoft researchers.
That’s reminiscent of the malware attacks against a range of Ukrainian organizations back in 2015 and 2016. Hackers with Russia’s GRU intelligence agency also planted fake ransomware messages to try and confuse investigators, according to the book “Sandworm†by Wired reporter Andy Greenberg. It culminated in the release of a devastating computer worm called NotPetya in June 2017. NotPetya, which purports to be ransomware but can’t actually undo the changes it makes, caused an estimated $10 billion of damage globally after spreading from machine to machine, prompting the White House to promise “international consequences†against Russia.
As warfare becomes more digital, it is getting harder to dismiss geopolitical conflicts as distant and isolated. Only around 75% of NotPetya’s damage took place in Ukraine, according to a 2017 analysis by
cybersecurity firm ESET. Germany was the second-hardest hit with around 9%. Companies and organizations across Europe and the US also fell victim.
No wonder the US Cybersecurity and Infrastructure Security Agency has publicly encouraged organisations to review Microsoft’s blog post, as well as its own advisory on protecting critical US infrastructure from cyberattacks. Warnings about imminent cyber threat can appear paranoid — until they’re not. For now, you may not want to turn off your computer for the night.
—Bloomberg