The cybersecurity industry tends to look back at the end of the year, every year, and pronounce the past twelve months as among the most consequential time in the history of the industry. While 2022 hasn’t had a branded event the likes of Aurora, Stuxnet, WannaCry, or the Colonial Pipeline cyberattack, it unfortunately earned its place in the annals of cyberhistory as a war erupted in Europe – the largest in a half century.
Why these matters to cybersecurity is that a country well known as one of the world’s principal promoters and safe havens of cybercriminal activity, the primogenitor of ransomware as a de facto national industry, invaded its neighbor.
Once Russia invaded Ukraine, it was inevitable that the Russian government would, if not draft into service, strongly encourage its homegrown cybercriminal enterprise to spin global opinion in its own favor while attempting to sabotage the goodwill Ukraine’s president may have built up around the world. Which is exactly what happened when ransomware, malware, and disinformation groups all spun up in support of Russian aggression.
That effort, so far, has been an utter failure. Global opinion of ransomware criminals was already at rock bottom when, throughout the pandemic, gangs targeted the most vulnerable parts of the business sectors most crucial for mounting a response, including the healthcare industry, medical research organizations, businesses critical for maintaining supply chains and food and energy operations, and even educational systems. They hadn’t exactly built a wellspring of goodwill for themselves when ransomware gangs further angered the world by pronouncing their unwavering support of Russia’s invasion and declaring as targets any country or organization that opposed them.
But other members of those same gangs, based in Ukraine, saw things a little differently. And a tit-for-tat war of leaks began, revealing some of the most sensitive information ever disclosed about how ransomware threat actor groups operate. The war seemingly severed the ties between Ukrainian threat actors and their Russian (and Belarussian) counterparts, possibly permanently.
At the same time, during this period in which Russia has been preoccupied promoting its war of aggression, China has been making dramatic cybercriminal moves, targeting not only its neighbors and the countries it considers crucial in its “belt and road” initiative, but the security industry itself. In an increasingly brazen set of attacks against the companies on the front lines of protecting information and networks, China-based (and likely sponsored) threat actor groups have been attacking the hardware security products made by nearly every company in the cybersecurity and infrastructure industries.
In a very real, and very personal sense, it feels like the gloves have come off in 2022, and the two largest nations that pose a cybersecurity threat to the rest of the world have decided to do away with the pretense of noninvolvement in large breaches, major attacks on infrastructure, or disruption to education, global commerce, or healthcare. They might as well be flaunting it in our faces, as if to demand what are you going to do about it?