When Russia invaded Ukraine with its military might, there was nearly as much talk about cyberattacks as there were about physical assaults. If the world needed a wake-up call about global cybersecurity risks, the invasion set off all sorts of alarms. Cybersecurity journalist Zeljka Zorz (@ZeljkaZorz) reports, “As predicted, [Russian] attacks in the physical world [were] preceded and accompanied by cyber attacks.” Those attacks included:
• Renewed DDoS attacks launched against websites linked to Ukrainian government agencies and banks.
• New data wiper malware, which was discovered on Ukrainian computers, as well as machines in Latvia and Lithuania.
• Cloned copies of a number of Ukrainian government websites.
• Booby-trapped malware on the main webpage of the Office of the President.
Zorz also reports, “[The] UK’s National Cyber Security Center (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) have released details about a new malware targeting network devices, which they attributed to Sandworm (aka BlackEnergy), a threat actor that those agencies have previously attributed to the Russian GRU’s Main Center for Special Technologies GTsST.” With the global supply chain already snarled, increased cyber-vulnerability is not good news.
A Connected World is a Vulnerable World
Clive Madders (@clivemadders), Chief Technical Officer and Assessor at Cyber Tec Security, suggests, “No matter the business, putting the right measures in place to manage cyber risk in your supply chain is crucial to protecting your business and minimizing the chance of an attack.” He adds, “Supply chain attacks are a popular method for cybercriminals to reach multiple businesses or a very large business at the top of the chain, often by targeting weak links. The first quarter of 2021 saw a 42% increase in these kinds of attacks and it’s showing no signs of slowing.” Journalist Disha Sinha describes some of the cybersecurity risks which companies face. They include:
Malware. “Malware is an umbrella brand of several cyberattacks such as Trojans, viruses, etc. that infect systems to gain confidential data. It is a short form for malicious software and is designed to be invasive as well as harmful for the entire computer system.”
Ransomware. “Ransomware is a type of malware that helps cyber criminals employ encryption [software] and demand a ransom from an organization. Employees cannot access any file or folder or database without paying the ransom as per the instructions provided.”
Worm. “[A worm is] malware [that] spreads copies [of itself] from one computer to another. It can be transmitted through multiple software vulnerabilities with the help of spam, instant messages, malicious websites, and many [other means]. It can delete, modify, and inject additional malicious software into files or folders without any human interaction.”
Botnets. “[Botnets are software agents that] cybercriminals use to trap more computers [and add them] to a large net. It is used to perform DDoS attacks with command and control software.”
Rootkit. “Rootkit is a clandestine computer program that can actively hide its presence in a system [and provide hackers full access to a target device along with controlling power]. Professionals may not even notice that the software is in a particular area of a system.”
Phishing. “Phishing [involves sending] a fraudulent message to a potential victim as a trick to reveal sensitive data to cybercriminals. It appears to come from a reliable and safe source but it is not. The aim of Phishing is to steal confidential data or to install risky malware to the computer system.” Although I’ve listed phishing near the end of the list, journalist Dennis Scimeca (@DennisScimeca) reports phishing is one of “the most common cyberattack vectors” and employees need to recognize how to identify phishing attempts. He adds, “One particularly nasty phishing technique [reported by technology and insight provider Kroll] involved bogus emails informing employees they had been terminated, with all relevant information included in an attached Excel spreadsheet. This was actually a campaign to spread Dridex malware that steals information from infected computers.”
Distributed Denial-of-Service (DDoS) Attack. “Cybercriminals employ [DDoS attacks] to disrupt an online service [or] to disturb the normal traffic [flow] to a web site. It can compromise computer systems and cause a denial of service to victims.”
Although connectivity increases risk, Robert M. Lee, CEO of Dragos, explains being disconnected is not an option in today’s industrial environment. He explains, “It’s difficult to be competitive in manufacturing without advanced levels of connectivity, but that connectivity is driving an increase in attack surface. … Cyberattackers are becoming more sophisticated in their identification of weaknesses, including in these hyperconnected industrial environments. Digital transformation in industrial operations without adequate focus on security in both IT and OT can increase cybersecurity risk.” The staff at Automation.com adds, “Insecure communications, authentication issues, weak default configuration, denial of service attacks, risk and vulnerabilities, and privacy issues have raised several security concerns in robotics. In consequence, the demand for cybersecurity solutions and services in robotics is increasing to prevent robots from being hacked, to monitor the vulnerabilities, to prevent the data from being tampered, and to prevent unauthorized access.”
Madders notes, “The main vulnerability for the supply chain begins when companies start sharing their data and access to their systems. Of course, this is often necessary, but a good first step is knowing who you are sharing with and what the value of those assets are.” When assessing cybersecurity risks, Deloitte analysts suggest that companies look at how the financial services industry deals with cybersecurity. One promising approach, they note, is cyber risk quantification (CRQ). They explain, “Cyber risk quantification is an evolving approach designed to help organizations proactively assess hidden risks. Leveraging advanced modeling techniques, the approach uses quantification models to estimate the range of probabilities of potential security events and their impacts. … Cyber risk quantification is nascent but needed in today’s rapidly evolving cyber environment. However, the approach is not quite ready to stand on its own.”
The Automation.com staff insists that artificial intelligence (AI) and machine learning (ML) should play a significant cybersecurity role. They explain, “Artificial Intelligence and Machine Learning are being applied across major industries and applications, including the cyber security in robotics. These technologies are used to detect the cyber threats based on analyzing data and identifying a threat before it exploits a vulnerability in the information security in robotics. Moreover, Machine Learning remains a key focus area of companies operating in the cybersecurity in robotics market, as it enables the robot to predict threat and observe behavior anomalies with more accuracy. Machine learning and artificial intelligence are also used for detecting and tracking the active phishing sources.” In addition to AI, IEEE Senior Member Aiyappan Pillai, explains, “Cryptography, emerging quantum cryptography, analytics, IoT security, blockchain security and hardware authentication technologies are also helping technologists keep digital infrastructure secure.”
When considering cybersecurity risks, you must understand who is connected to your organization. Once you’ve identified who’s connected, Carl Nightingale (@CarlNightingal2), a cybersecurity consultant, suggests getting answers to the following questions. What is their security policy and is it adhered to? If their network goes down, what does that mean for us? What local data protection legislation applies to them? Do we understand our regulatory obligations towards our customers? And do we understand the data flow between us and our suppliers? When problems are discovered, take actions to remediate them. As Madders concludes, “When it comes to supply chains, the security of each business is not wholly an individual responsibility. It is in every business’s best interest to maintain good standards and have a good picture of the security processes, policies and solutions implemented by each business.”
 Zeljka Zorz, “Cyber attacks on Ukraine: DDoS, new data wiper, cloned websites, and Cyclops Blink,” Help Net Security, 24 February 2024.
 Clive Madders, “Cyber Risk Management in the Supply Chain,” TechNative, 25 November 2021.
 Disha Sinha, “Top 10 Cybersecurity Terms and Meanings that Professionals Should Know,” Analytics Insight, 14 January 2022.
 Dennis Scimeca, “Cybersecurity Report Cites Most Effective Threats,” IndustryWeek, 17 February 2022.
 Tammy Whitehouse, “Smart Strategies for Cyber Risk in Smart Factories,” The Wall Street Journal, 23 February 2022.
 Staff, “Report: The Future Lies in AI and Machine Learning,” Automation.com, 18 February 2022.
 Nick Seaver, Mark Nicholson, John Gelinne, and Daniel Soo, “Quantifying Cyber Risk: Pipe Dream or Possible?” The Wall Street Journal, 10 November 2021.
 Staff, “How Artificial Intelligence Is Helping Fend Off Cyberattacks,” APN News, 22 September 2021.
 Carl Nightingale, “Managing cyber risk through integrated supply chains,” ComputerWeekly, 21 September 2021.