What’s Next in Cyber Security | MIT Technology Review
One of the reasons why cyber has not played a bigger role in the war, according to Carhart, is because “throughout the conflict we saw Russia being underprepared for things and not having a good game plan. So it’s not really surprising that we see it in the cyber domain as well.”
Also, Ukraine, under the leadership of Zhora and his cyber security agency, has been working on its cyber defenses for years, and it has received support from the international community since the war began, according to experts. Finally, an interesting twist in the internet conflict between Russia and Ukraine was the emergence of the decentralized, international cyber coalition known as the IT Army, which received some significant hacks, showing that war in the future may also be fought by hacktivists.
Ransomware is running out again
This year, apart from the usual companies, hospitals and schools, government agencies in Costa Rica, Montenegro and Albania were also subjected to damaging ransomware attacks. In Costa Rica, the government declared a national emergency, the first after a ransomware attack. And in Albania, the government expelled Iranian diplomats from the country – a first in cyber security history – following a destructive cyber attack.
These types of attacks were at an all-time high in 2022, a trend that is likely to continue next year, according to Allan Liska, a ransomware researcher at cybersecurity firm Recorded Future.
“[Ransomware is] not just a technical problem like an info stealer or other malware. There are geopolitical implications in the real world, he says. In the past, for example, a North Korean ransomware called WannaCry caused severe disruption to the UK’s national health system and hit an estimated 230,000 computers worldwide.
Fortunately, it’s not all bad news on the ransomware front. According to Liska, there are some early signs that point to the “death of the ransom-as-a-service model”, where ransom gangs rent out hacking tools. The main reason, he said, is that when a gang gets too big, “something bad happens to them.”
For example, the REvil and DarkSide/BlackMatter ransomware groups were hit by governments; Conti, a Russian ransomware ring, unraveled internally when a Ukrainian researcher appalled by Conti’s public support for the war leaked internal chats; and the LockBit crew also leaked the code.
“We’re seeing a lot of affiliates decide that maybe I don’t want to be part of a big ransomware group because they all have targets on their backs, which means I could have a target on my back and I just want to execute my cybercrime, says Liska.