ThreatSTOP Blog

Security Threats In Nation-State Conflicts - What You Need To Know | ThreatSTOP

Written by threatstop | December 16, 2022

In today’s world, there are constant threats for not only our personal data, but national data. Countries are consistently monitoring, improving, and upgrading their systems. Watch the video below as Paul talks about the attacks going in our nations and how to protect yourself and your organization.

 

 

Using a secure network is your best defense against attacks. But it’s important to know what to look for. Knowing what to spot between a secure site and a spoofed site is the difference between your organization remaining secure. This can open doors to hacks, security breaches, Trojan attacks, and much more. The damage could be costly and irreversible.

Don’t wait until it’s too late. Let ThreatSTOP protect you from the threat before you become apart of it. We have answers to your questions, we offer customer support beyond your purchase, and we are always upgrading our technology to keep you safe. Get in touch with us today.

 

Learn More:

What DNS Security Does A Typical Enterprise Need?

DNS Defense Cloud 

DNS Defense 

 

Video Transcript

Timestamps

0:00 Intro
0:28 IISI Questions
0:53 5th Domain Of Warfare - Cyber
1:36 5th Domain Objectives
3:47 Internet Ownership In Kherson
5:18 Man-In-The-Middle Significance
7:29 Russian Attacks On Ukraine

Hello. Today, we're here to talk about active threat protection which is basically, what can you do to defend yourself in the face of attacks from nation states such as the Ukraine. This is in response to a bunch of questions that we got asked by one of our potential customers about exactly how would we deal with this kind of thing with the change the situation and constant flux.

0:28 IISI Questions
Questions they asked were what's different about security threats from nation states such as we've seen in the Russia-Ukraine conflict? How does ThreatSTOP address these threats? What happened to the victims? What solutions would we deploy? And what's our long-term focus with regard to this kind of threat?

0:53 5th Domain Of Warfare - Cyber
I think the way that I think about this is a way that was explained by Richard Clark who started out as cybersecurity Czar way back when with the Clinton administration, and he wrote a book called ‘The Fifth Domain’, and basically it's arguing that cyber is one of the fifth dimensions of warfare, and it's a kind of war that's going on continually between nations. Started a decade or so ago, and it's ongoing and we have conflicts between different pairs of nations and different coalitions, but it's something that's always simmering in the background.

1:36 5th Domain Objectives
So what's different in the fifth domain? Well, one of the things that's different is the objectives that are out there. Sometimes the war is hot, such as we have in Russia and Ukraine. So there's an active conquest going back and forth. There's an attempt to spread disinformation. There was a recent deep fake video for example, where Zielinski was telling everybody to put down their arms and surrender the Russians. There's intelligence gathering; the Ukrainians in particular are trying to tap into the Russian cell phone traffic. They're all trying to keep their population and allies in line by a very tailored social media to make their points. There's disruption of infrastructure and active sabotages out there. That's one kind of fifth domain conflict.

Another is sort of cold wars where in which there's long-term penetration or sometimes called preparation of the battlefield. So all of us in the U.S for example, that have had our resumes sent to China are familiar with that. They managed to get all the US government resumes, particular forms, personnel forms, and that's going on.

There's long-term data exfiltration. So for example, the Chinese were quite interested in what was going on at Scripps research in La Jolla, and we're just collecting the results of their research on an ongoing basis. Data exfiltration, where there's a constant drip feed and a constant copying of information out, is this kind of cold war. But sometimes the attacks here are just plain commercial attacks, ransomware from the North Koreans for example is a great example. So all of these different types, sometimes more than one, are ongoing.

3:47 Internet Ownership In Kherson
If we take a look at the New York Times map for Kherson starting in late May and into June, well what happened was that as the Russian forces advanced, they took over the ISPs one by one in the occupied parts of the Ukraine and rerouted the traffic through the Soviet Union through Moscow. In fact, what they did is they started re-engineering the whole set of networks that were in the Ukraine to give better and better paths back through Russia, occasionally turning this feature on and off to confuse the users in that part of the Ukraine and basically allowing themselves to do a bunch of man-in-the-middle attacks, which we'll talk about.

One of the anecdotal things here was that the Ukrainians at the nuclear power plant, once they could take a look at which way their nternet service was on or off, and if it was off, they knew that there was an attack incoming. So they would go down to the bunker, and once the internet came back on, they would assume, okay, the attack's over. Strange kind of behavior, but one that just adapted to the situation. So this rerouting of traffic. 

5:18 Man-In-The-Middle Significance
Now why is that such a big deal? Why is a man-in-the-middle attack so significant? So here we hit the diagram here, kind of shows, supposing we had a computer that was trying to talk to a server, and both of those are being run by Ukrainians. If the Russian infrastructure is in the middle, well, they might pass some of the traffic through, and represented by the black arrows here, and everything would look normal even though it was going through the Russian infrastructure. But then what they could do is they could create their own traffic shown in the red arrows, either spoofing the servers being a DDOS attack, whatever. The thing that's significant here is by controlling the traffic flow, they could just totally shut off service if they want to do that, which they did while they were attacking the nuclear power plant.

But more importantly, they could do things like DNS spoofing and so forth so that if everybody who is sending their traffic that way wasn't being squeaky clean on all of their security, they could intercept traffic or inject Trojan Horse attacks. Basically, what happens here is that seeing as some of the big service providers, the big cloud services don't really use DNS sect to protect data and the user doesn't insist on enforcing DNS sect signatures, the only thing that was keeping you from spoofing a site or intercepting email or whatever was having the x509 certificates be completely accurate.

Now spoofing of certificates is its own art form. Seeing as there's about 200 certificate authorities, and people oftentimes would misinterpret a broken certificate as being something, well, it's just expired and let's go use it, there was lots of opportunities for getting in the way. So that's why man-in-the-middle attacks are so significant.

7:29 Russian Attacks On Ukraine
Other kinds of attacks on Ukraine, the satellite network, the Telecommunications super service providers. We talked about how they were taking over the ISP traffic. That was also done with the telephone infrastructure, mobile phones. There was fishing and impersonation attacks on government websites. They were even going after some of the charity websites out there to prevent the distribution of emergency food, medicine, etc., and they wiped the border control station data.

So these are all examples of active things that are going on.