Cyber threats have been in the news a lot since Russia began its war with Ukraine. It’s hard to paint this as good news—the war is awful. But most of us are generally complacent about the possibility of cyberattacks. So maybe being a constant part of the news cycle helps us become more cyber secure. As I’ve heard from several quarters, “People won’t care unless Netflix is down.” Exaggeration? Maybe. But probably not far from the truth.
Aggressor countries (think China, Iran, North Korea, and Russia) have been probing our cyber defenses and mounting numerous and varied attacks in both the private and government sectors. Some attacks are meant to disable, others are espionage and information gathering probes.
Cyberattacks in the News
Just last week, WIRED reported that the Chinese APT41 group had penetrated a web-based application called the Animal Health Emergency Reporting Diagnostic System, or USAHERDS. USAHERDS helps state governments track and trace animal diseases through livestock populations. While the usage of USAHERDS is relatively small, the attack let APT41 gain a foothold in government agency servers. (It’s not yet known whether there is lasting damage from this series of attacks.)
Over the past few years, we’ve seen the Chinese Military penetrate the Equifax credit reporting agency’s computer networks in a massive data breach. In this attack, the personal information (names, addresses, social security numbers, driver’s license numbers, etc.) associated with 145 million Americans was stolen. As part of the SolarWinds cyber espionage attack in 2020, the Russian Foreign Intelligence Service infected thousands of users in U.S. Federal agencies (the Pentagon, State Department, Department of Energy, National Nuclear Security Administration, and Treasury). Last year, the Colonial Pipeline ransomware attack by criminal hackers DarkSideshut down the oil pipeline and caused President Biden to declare a state of emergency. Countless ransomware attacks on small businesses go unreported. (On March 15, 2022, President Biden signed the omnibus spending bill that included reporting requirements. Critical infrastructure organizations now have to report significant cyberattacks and ransomware payments to DHS CISA within 72 hours.)
Precursor to Military Action
Prior to the invasion, Russia mounted a variety of cyberattacks on Ukrainian institutions, including government agencies, the banking system, and critical infrastructure like the electric power grid. Just a few hours before Russian tanks and troops stormed its border, Ukraine was hit by never-before-seen malware whose sole purpose was to wipe data and disrupt systems. In an unexpected development following the invasion, the hacking group Anonymous declared cyber war on Russia, causing website outages and displaying real war footage and anti-war messages on state-controlled media websites.
As far as we know, there haven’t been any major cyber incursions on American systems emanating from Russia. Having said this, following the West’s imposition of sanctions, U.S. banks are preparing for retaliatory cyberattacks. In fact, everyone I talk to in security space is freaking out at the thought of the damage such attacks could cause on our banking systems and critical infrastructure; even Netflix is susceptible, for goodness’ sake!
There is a lot going on: people are eager to continue a push to return to normal, hoping that we’re entering a post-COVID world. World economic markets react by the hour to news and rumors related to Russia/Ukraine, government sanctions, inflation and earnings reports that whipsaw our moods, oil (and therefore gasoline) prices, and so on. Even in the best of times, people tend to deprioritize data backups, data hygiene, and cybersecurity practices.
Regardless, I’m hopeful that with cyber this and cyber that appearing in the headlines that more people treat data protection as the mission critical task it is. Using standard self-encrypting drives (SEDs) is a first step. Augment them with pre-boot authorization (PBA) and multi-factor authentication (MFA). To provide the highest levels of security associated with a zero Trust (ZT) environment, it’s necessary for the drive to maintain secure access logs, to support Zero Trust file access, and if worse comes to worst, it should provide verified data destruction. All of this explains why we recently introduced our enhanced data security C Series drives, powered by Cigent. C Series SEDs augment our TCG Opal and FIPS 140-2 L2 self-encrypting SSDs with a wealth of additional cybersecurity features.
At DIGISTOR, we specialize in helping military and government agencies and commercial entities of all sizes find the right encrypted storage solution to secure their data. With a wide range of secure storage offerings, from bare drives to removable solutions to Commercial Solutions for Classified (CSfC)-ready SSDs, we can assist you with specifying the appropriate storage devices to secure your important data. If you have any questions as to how securing DAR might apply to your own data security requirements, please feel free to contact us.
Harvard Business Review: What Russia’s Ongoing Cyberattacks in Ukraine Suggest About the Future of Cyber Warfare by Stuart Madnick
The Cybersecurity and Infrastructure Security Agency (CISA) Ransomware Guide