Cybersecurity in wartime

Most Norwegian cybersecurity bodies have recently heightened their threat levels due to the war in Ukraine.

JustisCERT, for example, has given the advice that businesses somehow connected to the countries in the war must be vigilant about potential attacks such as malware that wipes systems, aka. wiperware.

There have also been reports of attacks affecting countries not directly involved in the conflict

It is therefore important to assume that there is a general increased threat level even for businesses in, for example, Norway. Having constant back-up, both on-site and off-site, can mitigate some of the risk that such malware brings. Nevertheless, it still can lead to devastating downtime for organisations. Having a preventative and proactive security infrastructure is therefore the only way to truly mitigate this problem.

Many businesses may find themselves in the situation of being collateral damage in a digital war

Such happened back in the days with Stuxnet, and the story is repeating itself now, just under quite different circumstances. Indeed, national cybersecurity centres have already started to warn about digital collateral damage being a highly likely outcome.

Ways to fortify one’s castle

One of the weaker links in most organisations is often the human element. Hence, one may be very certain that social engineering attacks can occur. In fact, social engineering attacks are one of the most common attacks out there. Therefore, during times such as these, it is vital that people who are expected to have constant contact with outside world, such as customer service personnel, are properly trained to identify and deal with social engineering attacks.

There is also a rise in activity related to hacktivism, such as geo-targeted malware hidden in JavaScript libraries. While the intention may be, in the creator’s eyes, good, there might be digital collateral when such geo-targeted mechanisms are based on primitive methods such as the supposed geolocation of IP addresses.

Further actions can be taken to make sure that your castle is safe, such as routine penetration testing (aka. redteaming), keeping both your software and hardware up-to-date and implementing surveillance of your network such as a SIEM-solution or an XDR-solution.

Author: Maxine Brandal Vågnes, Security Analyst, Sorasec


Do you want to hear more about how to ensure preventative and proactive security infrastructure? Contact us!

Our latest posts