Global geopolitical and economic conditions are ripe for an unprecedented and devastating cyber attack. Too doomsday? Possibly, but one thing is undeniably clear—the combination of microchip supply chain issues and the emergence of numerous pieces of destructive malware has created a perfect storm. These are ideal conditions for the kind of cyber attack that could cause a victim to go offline not just for days but potentially weeks. Let’s set the stage…
The Cyber Impact of the Conflict in Ukraine and Beyond—A Disturbing New Trend
In the days and weeks following Russia’s military initial 2022 offensive into Ukraine, cyber security researchers focused on potential retaliatory cyber attacks against Western entities and businesses by the Russian Government as a response to Western sanctions.1 So far, no governmental entities or cyber security researches have openly reported that those retaliatory attacks have come to fruition, but a much more insidious landscape has begun to form — one where nation states have released multiple pieces of highly destructive malware masquerading as ransomware.2
In April 2022, Microsoft released an in-depth report, “detailing the relentless and destructive Russian cyberattacks we’ve observed in a hybrid war against Ukraine.” Microsoft went on to describe how, for the first time in history, the world observed a conflict where Russia’s “use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations targeting services and institutions crucial for civilians.”
Further, in the weeks leading up to and months following the invasion, multiple cyber security researchers went on to identify seven new pieces of highly destructive malware attributed or highly suspected of being attributed to Russian nation state advanced persistent threats. Every new piece of malware is destructive, either masquerading as ransomware or working in conjunction to deploy ransomware alongside a destructive malware. Either way, these pieces of malware can be devastating, with the intent to leave infected devices inoperable.3
Unfortunately, Russia was not the only nation state to release this type of destructive malware. In mid-July 2022, a cyber attack against the Albanian government, a NATO member, halted state websites and public services. The cyber security company, Mandiant, released a report of the attack detailing a new ransomware family named ROADSWEEP that the company attributed to Iranian actors.
The report detailed the attack’s use of ROADSWEEP alongside a previously unknown backdoor called CHIMNEYSWEEP and a new variant of the wiper malware named ZEROCLEAR.4 Further, the attack occurred just before the “World Summit of Free Iran,” a conference scheduled for July 23-24 in Albania and affiliated with a well-known opposition group to the Iranian Government.
The attack caused the postponement of the conference.5 On Sept. 7, 2022, the Albanian Government and U.S. Government attributed the attack to the Iranian Government, and Albania severed all diplomatic ties, ordering all Iranian diplomats to leave the county within 24 hours.6,7 This is one of the most severe responses to a nation-state cyber attack in history.