2 minute read
THE IMPORTANCE OF THE DEEP DARK WEB IN THE RUSSIA-UKRAINE CONFLICT
by Deika Elmi , Vice President Of Security Engineering at Goldman Sachs
The Russia-Ukraine conflict has been described as the world’s first hybrid war. In addition to traditional, kinetic warfare involving deadly weapons and boots on the ground, there is also a cyber war taking place online. Cyberattacks, coordinated with the aid of the deep dark web, may be less lethal than bombs and firearms, but the risk they pose to financial institutions and critical infrastructure is substantial, and actors from both sides have been fighting in cyberspace with the same fervour as conventional forces.
The deep dark web can be as scary as it sounds. It is a version of the internet with significantly fewer oversights where hackers and cyber criminals sell identities, weapons and illegal drugs, launder money and traffic human beings. This alternate network is not indexed by search engines and cannot be accessed by standard web browsers. Special tools like the Tor browser are needed to access it, and it is here that hackers use dedicated forums and chat services like Telegram for recruitment and coordination.
Much online activity in Russia has moved to the deep dark web as a result of sanctions, voluntary actions and self-imposed restrictions, taking Russia away from popular Western platforms.
A pro-Russian hacker group, charmingly named Killnet, is one such cyber army using the deep web to attack Ukraine and its allies. This criminal collective has committed a number of distributed denial of service (DDoS) attacks against government organisations in Romania, Moldova, Czechia (the Czech Republic) and Italy, temporarily shutting down websites and making them unavailable to users.
DDoS attacks are akin to multiple people crowding a brick-and-mortar store’s doorway, preventing legitimate customers from entering. To accomplish a DDoS attack a large number of machines from different sources are needed, all infected with novel malware (undetectable by standard cybersecurity software) that hands over control to hackers. Phishing scams, where a person is tricked into clicking on a fraudulent link, are a popular way to install said malware. These scams can also be used to gain the credentials needed to access sensitive information, which is then leaked on the dark web.
But this is not a one-sided battle. Fire is being fought with fire. Groups like the hacktivist collective, Anonymous, have declared war on Russia and Killnet, pledging to leak details of Russian troop movements and other military information.
Using search patterns and other means to identify anomalous behaviour, pro-Ukraine actors are setting up malware lures to entrap cyber criminals before they can strike. These groups are also doxing and exposing the hidden assets of pro-Putin Russian oligarchs and companies that either owned by Russians or are doing business with Russia.
In May, Killnet’s planned DDoS attack against the Eurovision Song Contest was foiled and Ukraine’s entrant declared the winner.
The cyber war between Russia and Ukraine has shown no signs of slowing down.
Follow these best practices to protect your data and digital assets: www.linkedin.com/in/deikaelmi
• Keep your operating system, applications and firmware up to-date.
• Enforce multifactor authentication (MFA), and secure remote desk protocol (RDP) and other risk mitigation services.
• Implement network segmentation.
• Maintain backups of your systems in geographically dispersed locations.
• Know your exposure, and have a prepared incident response plan in place.
• Improve the cybersecurity awareness of your end-users with training.
• Use geo-blocking and positive rules for apps.
• Monitor traffic for suspicious activity.
