Following a huge build-up of Russian military forces on the Ukrainian border, Russian forces invaded Ukraine on 24 February. Russia’s invasion has been met by condemnation from around the world. Nations have come out in support, enacting rising economic sanctions against Russia and providing equipment and resources to Ukraine. The invasion has also strengthened ties within the European Union, as well as highlighting the importance of Nato.
One response surprised many, but with hindsight it was fairly obvious what would happen. Just hours after the news of Russia’s invasion, a message was posted on Twitter by YourAnonNews, stating: “The Anonymous collective is officially in cyber war against the Russian government.”
Operation Russia, or #OpRussia as it is otherwise known, has been one of the largest campaigns by Anonymous since the group’s inception nearly two decades ago. Anonymous is an online hacktivist collective that has been described as everything from a digital version of Robin Hood to cyber terrorists.
Operation Russia has quite possibly been their largest campaign to date, in terms of both scope and scale. Anonymous has previously targeted corporations, syndicates and other groups, but this is the first time they have attacked the government of a nation state.
Following their announcement, Anonymous has so far hacked the Central Bank of Russia, released the personal details of 120,000 Russian soldiers and accessed the Kremlin’s CCTV System. It has also attacked Russia’s critical infrastructure, shutting down gas pipelines in the process, and hacked Russia state media organisations by replacing the original scheduled content with videos of the invasion.
The actual effectiveness of these attacks, in terms of how far they were able to penetrate, is subject to debate, but what cannot be denied is that many of Russia’s systems were hacked. It was claimed that Anonymous was able to take down more than 1,500 Russian and Belarusian websites, including state media outlets and financial institutions, in a 72-hour period.
As such, the reputational harm to the Russian government has been substantial, as it was shown to not be as invincible as had been previously proclaimed. “Anonymous have taken a big step, whether or not they really did any damage,” says Brad King, chief technology officer at Scality. “You put an image up on the on the screen of what is supposed to be an important government site and you’ve done damage.”
Raising global awareness
One thing Operation Russia has done is raise global awareness of the dangers of being hacked. Cyber attacks no longer have purely virtual consequences, as online activities can now be linked to real-world effects.
The scale and audacity of Anonymous’s operation has meant that a topic that is usually covered in the technology section has once again become front-page news,” says Dave Lear, lead security architect at an end-user organisation. “The wider population are beginning to appreciate the importance of robust operational security. Anonymous has brought awareness more to the forefront.
“Cyber security has always been a business requirement, with the mandatory annual training that people have to do,” he says. “They understand it more now.”
As the Operation Russia campaign continues, questions have been raised about the possibility of similar attacks against the UK in the future. As such, many organisations are now reviewing their own cyber security posture and determining whether they are sufficiently capable of defending themselves.
“Our executive board came to me and said: ‘We’ve heard this is happening in Russia. How can that affect us? What do we need to do and what do we need to be aware of?’” says Lear. “I had to write a paper outlining what’s happened, the likely outcome, what to expect and what we need to do now to be prepared in the future.”
Lessons to be learned
One consequence of Operation Russia is that cyber security budgets have been protected for the coming financial year. Despite the current economic uncertainty, which has seen many departmental budgets reduced, the ongoing situation has reinforced the need for organisations to have a prepared security team.
“Companies might be cutting other stuff to save money, but they’re not cutting their cyber budget,” says Lear. “The cyber market, in terms of jobs, is buoyant. This is the where the money is being invested.”
Even security professionals who are not actively looking for work are still being approached by recruitment agencies for positions in other organisations. This has also led to organisations investing in new cyber security technologies to better protect themselves against attacks. The need to protect against ransomware attacks has seen many looking into object locking on cloud storage platforms.
“People like Veeam, Commvault and others are pushing this idea of object lock, which is the AWS technology to block data from being deleted for a fixed period of time,” says King at Scality. “This keeps hackers from being able to corrupt backups.”
The current penchant for ransomware attacks to target cloud backups, as well as their servers, has resulted in targets being unable to restore their data. As such, offline backups, such as magnetic tape, for example, have witnessed a resurgence, so that an offline backup is available if the cloud storage backup has been compromised.
The need for scheduling server updates as soon as they have been released has also been highlighted, as many of the hacks have been through poorly patched or out-of-date systems. “We do see that our customers are getting much more serious about keeping their server software up to date,” says King.
“There have been a few zero-day bugs and customers used to say, ‘We’ll look at it over the next two weeks’. Now, they’re coming to us and asking, ‘How does this affect our platform?’ People are certainly becoming more cautious.”
The unknown nature of Anonymous has also meant that there is a renewed interest in a global identification system. “There’s going to be a push to move faster on a global trusted ID for human beings,” says King. “Being able to be sure that someone is who they say they are is already a key step. The most advanced is the ability to have a global identity.”
One of the key questions that Operation Russia has raised is, ‘Are we prepared and could we stop it?’ Unfortunately, the answer for many will be that it is highly unlikely. No matter how robust a defence strategy may be, anyone sufficiently intent on breaking into a system will be able to do so. “We can mitigate and we can defend. It’s whether or not we can prevent it,” says Lear.
“You look at Russia and the things that they’ve been up to in the past. They’ve had this capability for decades now: you’d think they’d have put some defence measures in place on their side that are being broken through.”
Just like the WannaCry attack in 2017, Operation Russia has been a wake-up call for the technology sector. When the WannaCry attack swept across the internet, many organisations only had an IT team and security wasn’t something they would take sufficiently seriously. In the fallout that followed, organisations started having their own cyber security complement, because they realised this could happen to them. The same is true today: Anonymous, having proven the damage that hackers can cause, has reinforced the idea that security is no longer a luxury, but a necessity.
Heightened tensions and greater risks
“The NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine,” says a spokesperson for the National Cyber Security Centre. “In heightened periods of international tension, all organisations should be vigilant to the risk of cyber compromise and follow our guidance for heightened periods of cyber risk.”
This heightened tension has been seen in many organisations mandating additional levels of security. For example, the finance sector has responded by requiring additional confirmations of identity whenever online purchases are made.
However, organisations that take the appropriate steps to reinforce their cyber security posture, by ensuring their systems are securely patched and by having a robust online and offline backup policy, will mitigate the risk of their systems being penetrated.
“Many applications are willing to take the risk of frustrating customers with multi factor authentication for the benefit of being sure that they don’t get hacked,” says King.
A further step in their preparedness will be ensuring that the appropriate disaster recovery plans are in place, in the event of loss of websites or key systems, as well as ensuring that contingency plans are up to date with the latest network details.
“The majority of companies who take cyber security seriously will expect to at some point be hacked in some shape or form,” says Lear. “There is so much capability out there that you cannot stop everything. What you have to do is balance between the impact and how you deal with it.”