Cybersecurity firms have urged organisations to improve their defences as the prospect rises of a surge of cyber-attacks as part of the Ukraine-Russia conflict.
"We are seeing a huge spike in the amount of new infrastructure deployed by the APT [advanced persistent threat] group known as Gamaredon, Armageddon or ACTINIUM," Costin Raiu, director for global research and the analysis team of cybersecurity giant Kaspersky, told the Bangkok Post. "This group has been actively targeting Ukraine in past years and is probably the most active APT group in the area at the moment."
APT is a term used for an attack in which intruders establish an illicit, long-term presence on a network to mine highly sensitive data. Kaspersky also noticed an uptick in distributed denial-of-service (DDoS) attacks, website defacements and hacks, Mr Raiu said.
Current cyberwarfare in Ukraine comprises several components, such as Gamaredon APT activity, various outsourced malware, DDoS activities and unknown or unattributed APT activity, he said. The risks of these spreading to the West are still moderate, but everyone needs to be cautious and take precautionary measures, said Mr Raiu.
"We advise all customers now more than ever to enforce effective security practices and make sure intrusions in their networks will be the least cost-effective for any attackers," he said.
According to Kaspersky's global research and analysis team, the number of cyber-attacks in Ukraine is expected to rise over the next six months. While most of the current attacks are of low complexity -- such as DDoS or attacks using commodity and low-quality tools -- more sophisticated attacks exist and are expected to happen, the company said.
Meanwhile, Germany's Federal Office for Information Security (BSI) recently warned users anti-virus software developed by Russia's Kaspersky could pose potential risks for IT security.
Kaspersky founder and chief executive Eugene Kaspersky issued an open letter rebutting such claims.
"These claims are speculations, not supported by any objective evidence nor offering technical details," said Mr Kaspersky. "No evidence of Kaspersky use or abuse for a malicious purpose has ever been discovered and proven in the company's 25-year history, notwithstanding countless attempts to do so."
According to him, BSI's decision was made on political grounds.
Palo Alto Networks, a global cybersecurity company, said it is closely monitoring rapidly evolving cyber-activity related to Russia and Ukraine through its Unit 42 threat intelligence. The firm said in a statement over the past several weeks, Russia-Ukraine cyber-activity has surged substantially.
On Feb 15, a series of DDoS attacks commenced, with the impact felt in both government and banking institutions in Ukraine, said the company. On Feb 23, a new variant of wiper malware named HermeticWiper was discovered in Ukraine. Shortly thereafter, a new round of website defacement attacks was observed affecting Ukrainian government organisations, said Palo Alto Networks.
"Future attacks may target US and Western European organisations in retaliation for increased sanctions or other political measures against the Russian government. We recommend all organisations prepare to defend against this potential threat," said Palo Alto's blog.
Fortinet, an American cybersecurity company, said it has been watching the situation in Ukraine with grave concern and it plans to suspend its operations in Russia. The firm encouraged all organisations to elevate their defence in light of the heightened security risk.
"This should include a risk-prioritised approach to updating and patching cybersecurity solutions, reviewing overall security postures to ensure any gaps are addressed, and using recent threat intelligence to protect against possible vectors," said Fortinet.
