Originally Posted by Skybird
Frankfurter Allgemeine Zeitung:
-----------------------------------
"The Russians are in our networks"
Cyber defense specialists warn of Russian hacking attacks. They represent a new type of digital warfare. German companies and government agencies may be targeted even more than they already are.
Germany is under constant digital fire. The federal government in Berlin, Frankfurt-based financial institutions, Munich-based defense contractors, the taxpayers' association, energy providers and humanitarian aid organizations - they all have to defend themselves against cyberattacks. Just recently, hackers took down the websites of German airports using relatively simple methods. Their attacks are well camouflaged, but in the search for the perpetrators, eyes are turning toward Russia.
Several cybersecurity experts interviewed by F.A.Z. and a new analysis by Internet company Google report a new type of digital warfare and see a "politicization of attacks." Germany is one of the countries increasingly targeted by Russian-based hacker groups. The main target is Ukraine, where, according to Google, cyberattacks already skyrocketed last fall and where the Defense Ministry in particular was attacked.
The vice president of the German Federal Intelligence Service (BND) had already warned last summer at the HPI security conference in Potsdam: "Russia is in our networks. China is in our networks." Now, IBM security experts declare in their X-Force security report that Russia is massively arming itself on the digital front. And Google, in its new "Fog of War" analysis, describes how Moscow is pulling out all the stops to do so, recruiting private hacker gangs and harnessing them to the cart of the GRU military intelligence agency.
IT security companies such as German firms Link11 or Avira and U.S. technology groups also repeatedly report masses of Russian cyberattacks. "We're seeing a kind of politicization of attacks at the moment," says Marc Korthaus of Berlin-based security firm Sys11. With the German government's decision to supply battle tanks to Ukraine, the number of attacks on German targets skyrocketed. "But these were not sophisticated and particularly sophisticated attacks," he explains. "And that worries us. Because these attacks are little more than a warning signal - and we have to take that seriously. So we should look closely at what was going on in the networks there before the actual attack on Ukraine." That's because relatively simple attacks - like the recent one in Germany - were followed by technically smart attacks.
Alexander Vuckevic, director of Protection Labs at IT security firm Avira, says, "Every time Europe tightened sanctions against Russia or pushed aid to Ukraine, hackers massaged their attacks. The Bundestag voted in favor of tank deliveries - a wave of attacks swept over German IT systems. At the security conference in Munich, Moscow's invasion was pilloried - hackers attacked NATO's IT systems. Bulgaria sided with Ukraine - the Russian Killnet group attacked the government's computers in Sofia.
Christian Dörr, professor of cybersecurity at the Hasso Plattner Institute (HPI) in Potsdam, says, "Cyber war exists." It's just showing up in a different way than we thought. Among other things, he says, the Russians have learned lessons from their "Viasat hack." A year ago, hackers had attacked the communications satellites of U.S. operator Viasat used by Ukraine - and also hit data links of German wind turbines. In 2017, the Russians had caused heavy collateral damage with the Not-Petya Trojan attack. The malware first attacked Ukrainian banks, but then spread uncontrollably throughout the global data networks - and thus also found its way onto the computers of companies such as Beiersdorf and Maersk.
Today, the Russians are trying their hand at digital precision attacks, says HPI security specialist Dörr. According to analyses by Google parent company Alphabet, Moscow is having cyber groups attack selected targets with customized software in order to prevent digital viruses, worms or Trojans from spilling over into the vastness of the Internet. Russian cyber mercenary groups such as Frozenlake, Pusha or Krymsky Bridge can now draw on arsenals of digital weapons. Their scattering effect in the digital space can be limited, but that does not make them any less dangerous.
For example, the Ukraine war continues to put even experienced cyber specialists like Sandra Joyce in dicey situations. Joyce heads global threat intelligence at Mandiant, an IT security company that was just bought by Google's cloud division. The company is known for its rapid digital response force. When hackers from Russia attacked Ukrainian businesses or government agencies and the Mandiant team provided first aid, communications might suddenly cut off, Joyce says. "Time and time again, the power went out because of bombings, or the contacts had to go into the bunker."
That's because the cyberattacks have a system. The Russians precisely prepared the majority of attacks by their artillery, infantry and tank forces through the use of malware in cyberspace. They not only bomb power plants or clinics, they also target computing and data centers. "In the first four months of the war alone, we've seen more destructive attacks than in the previous eight years," Joyce says.
Unlike ransomware attacks on civilian targets, in which hackers penetrate their victims' systems, hijack their data, encrypt it and release it only after paying a ransom, war hackers use special programs to erase their enemies' data. The procedure: on hacked computers, the hard drive is erased. The goal: maximum chaos. Programs such as Paywipe or Caddywiper were developed years ago for this purpose. The Russians first tested these data destroyers after the occupation of Crimea. Google calls them simply "destructive."
The key messages of Google's just-released "Fog of War" report are: Moscow wants to control the virtual battlefields in order to gain decisive advantages in the real combat regions. To this end, it is pursuing "aggressive, multi-layered strategies. These ranged from simple data bombs to digital precession weapons; from simple DDoS attacks that simply collapse foreign computers with data garbage to data-killing destruction programs.
Moscow's hackers had been attacking Ukraine with these long before Russian troops invaded last year. To bolster this network force, Russia mobilized additional gangs from the ranks of cybercriminals. Thus, it built up a small army of cyber mercenaries. "The lines between state hacker groups and cybercriminals are blurring," says Mandiant's Joyce as well.
The capabilities of these units should definitely not be underestimated, says Christian Dörr of HPI. They can camouflage their attacks almost perfectly, make them very flexible, and ramp them up or down at any time. After all, the Russian state hackers also use digital platforms, forums and resources of well-known cybergangs from the darknet - and that's where a lot of sensitive data of large German companies is now circulating.
-----------------------------------------
|