The world is in a tumultuous place at the time of this writing, with all eyes on the escalating ground war unfolding in Ukraine. As devastating as the news has been, cybersecurity observers are well aware of the unseen battles unfolding simultaneously in cyberspace.
The importance of businesses, governments, and other organizations protecting vital systems and sensitive data has never faced such a stark context. With that in mind, let’s take a look at some of the most noteworthy examples of global cybercrime over the past month.
February’s Biggest Cyber Attacks
Warnings Abound About Russian Hacks on Ukrainian Outlets
It’s impossible to talk about cybersecurity right now without acknowledging the elephant in the room: Russia-based cyber attacks. As the world focuses on Russia’s physical invasion of Ukraine, security experts are bracing for an escalation in the country’s longstanding propensity for online sabotage.
The Canadian Centre for Cybersecurity released a late February report warning of an aggressive new strain of malware known as HermeticWiper. This malware infects a system’s master boot record, corrupting every physical drive and partition until the system is unusable and its data is irretrievable. Russia-based hackers have already launched HermeticWiper attacks against strategic governmental, industrial, and infrastructural organizations within Ukraine.
Recent reports say those attacks were followed on February 24 by a wave of a similarly destructive malware program called IsaacWiper, a siege made all the more troubling because its attacks seemingly targeted organizations that weren’t hit during the first surge. This is potentially devastating malware in any context, but especially so for a besieged country whose resources are already stretched to the limit.
And of course, there is no reason to think these attacks will not be employed beyond Ukraine in the coming months and years as Russia retaliates against international sanctions.
Records Exposed: Essential data functions for an unknown number of Ukrainian organizations
Type of Attack: Wiper malware
Industry: Government and technology
Date of Attack: February 2022
Location: Russia and Ukraine
Key takeaway: There are not many silver linings to be found in this situation. Russia maintains one of the world’s most active and sophisticated networks of hacking groups, and it has demonstrated a willingness to attack nearly any target that stands in its way. The big takeaway is fundamental: All businesses and governments must fortify their security operations as actively as possible, and have a plan in place for restoring order if and when they’re attacked.
Logistics Company Expeditors International Slowed by Hackers
It’s been a challenging couple of years in the logistics industry, with supply chain interruptions and new pandemic-related dynamics wreaking havoc on shipping and transportation processes all across the globe.
But there’s no difficult situation that can’t be further complicated by cybercrime, as the Seattle-based logistics company Expeditors International learned in mid-February. A February 20 company announcement revealed its business had been hit with what a spokesperson called a “targeted cyberattack” that took many of its operations offline.
While the exact nature of the attack has not yet been disclosed, indicators point to a ransomware situation. Whatever the cause, the damage to Expeditors’ business processes appears to be considerable. As of March 2, many of the company’s key functions were shut down or limited, including freight booking and tracking. The security crisis has already made a profound impact on Expeditors’ finances, with several clients leaving its roster and stock prices taking a dive in the wake of the disclosure.
Fortunately, the company is slowly getting its processes back online and appears to be taking a methodical approach to recovery.
Records Exposed: Shipping and tracking operations
Type of Attack: Likely ransomware
Industry: Logistics and transport
Date of Attack: February 20, 2022
Location: Seattle, WA
Key takeaway: Murphy’s Law may be the only explanation for what is occuring in the logistics industry. A major cybercrime incident is the last thing Expeditors International needed on its plate in the midst of unprecedented supply chain challenges—and the immediate financial fallout is evidence that this is a problem the company can ill-afford.
It’s another example of why it’s crucial for businesses to keep their cybersecurity needs front-of-mind even while their resources are being diverted in other directions. If the system can’t function, all of those other concerns are rendered moot.
Foreign Hackers Are Bad News for News Corp.
The world’s largest news agency disclosed in early February that its systems were breached in an attack with origins that reach back years. A February 4 statement from News Corp., which owns the Wall Street Journal, The New York Post, and Dow Jones, among many other holdings, revealed that hackers had accessed its systems as early as February of 2020. While no culprit has been definitively identified, the attack bears the earmarks of cybercrime groups operating out of China.
It appears to be more of a spying operation than a financially motivated attack. News Corp. says that customer-related data has been unaffected, and none of the company’s day-to-day operations have been impacted. There is evidence, however, that correspondences, emails, and notes from the many journalists employed by News Corps’ various publications have been accessed by third parties. That raises serious concerns about the handling of sensitive and secret information, as well as the safety of anonymous sources all over the world.
Records Exposed: Emails, Google Docs, and other journalistic records
Type of Attack: Spyware
Industry: Journalism and finance
Date of Attack: February 2020 through present
Location: Multiple international locations
Key takeaway: While financial crimes like ransomware often dominate the headlines, cybercriminals are also motivated for other significant reasons, including espionage. Stealing data for future exploitation is one thing, but a large-scale spying operation like this one is another thing entirely.
The News Corp. hack appears to be politically motivated, but similar tactics are used in corporate espionage to steal proprietary information and company trade secrets. The cost of letting a breach like this go undetected for two years is steep indeed.
February 2022 Report: 25% of Canadian Companies Suffered Cyber Attacks in 2021
Despite worsening headlines that make it clear every organization of every size is at risk, many organizations still seem to regard cyber attacks as something abstract. Cybersecurity is too often perceived as a problem that can be handled passively with rather than something that requires a proactive, urgent approach. A February report from a Canadian tech company lays bare the fallacy of this type of thinking.
A full 25% of companies surveyed reported suffering some form of cyber attack or data breach in 2021. Compounding the issue, the same survey found that 56% of victimized organizations paid ransoms to get their systems back online. Yet even with one out of every eight Canadian companies acknowledging their fate of having to pay extortionists, only 40% of respondents said they were investing in employee cybersecurity training.
Making matters more troublesome, Arctic Wolf’s own survey of Canadian businesses found a marked lack of confidence in Canadian governmental protections against cybercrime, as well as a defiance toward the idea of paying a ransom to resume operations. This looks like a problem that’s going to get considerably worse before it gets better.
Records Exposed: A wide range of personal and corporate data
Type of Attack: Numerous types, including ransomware
Industry: Various private industries
Date of Attacks: 2021
Location: Canada
Key takeaway: Too many businesses approach cybersecurity the same way they think about fire drills. They figure all employees should have a general idea of how to respond in the case of threat, but it’s unlikely they’ll need to put that knowledge to use. That’s why the statistics revealed by these surveys should be a wake-up call. If a quarter of Canadian businesses caught on fire each year, imagine how much more effort would be put into fire safety training.
It’s an unsettling time, especially in the world of cybercrime. And the evidence is clear: Building a strong, preemptive cybersecurity program is vital to the future success of every business and government agency. Data breaches aren’t simply an annoyance—they’re now a matter of international security. Every organization must understand that.
Additional Resources
- Join the conversation with Arctic Wolf on Facebook, Twitter, LinkedIn, and YouTube
- Visit arcticwolf.com to learn more about our security operations solutions
- If you’re ready to get started, request a demo or get a quote today