RESOURCES
Since December 2022, Sweden has experienced several politically motivated cyber-attacks. Anonymous, a well-known hacker group, took down the main government website as a protest against the extradition of a Kurdish politician to Turkey (1). In February 2023, a pro-Russian cybercriminal gang called Anonymous Sudan (2) orchestrated a series of Distributed Denial of Service (DDoS) attacks on Scandinavian Airlines, Swedish Railways, Swedish Post, and Telecom Authority. In the case of Scandinavian Airlines, some customer data has been leaked. It seems that wave of attacks is still underway.
Sweden has been under the geopolitical spotlight since the beginning of the war in Ukraine. Its membership application to NATO triggered a spiral of events involving Russia, Turkey, and political figures from far right and extreme Islamist groups. Anonymous Sudan, in collaboration with different nation-state actors, has been mobilising cyber-attacks to disrupt the operations of key institutions in Sweden in response to these geopolitical developments.
HACKTIVISM AND NATION-STATE BACKED ATTACK CAMPAIGNS
Political hacktivism is not new, and it is mostly orchestrated by groups with specific political agendas, in their own accounts, such as defending freedom of speech, supporting political asylum cases, or raising awareness of environmental concerns. Nation-state backed campaigns are far more dangerous and aim to take down critical infrastructures such as electricity, gas, and healthcare networks in the targeted countries. Threat actors “offer” their services to facilitate and run these potentially very dangerous cyber attacks on behalf of others.
CYBERCRIME IS A BIG BUSINESS
The size of the cybercrime underworld is estimated at over 1 trillion USD, nearly ten times larger than the cybersecurity market overall. Over the years security researchers revealed extremely complicated and skilful threat actors that offer tools, infrastructure, information and services to groups and nations. Lazarus Group, REvil, Sandworm, Carbanak, UAC-0056 are a few of the many active threat actors that were behind high-profile attacks. These actors execute DDOS attacks, develop highly sophisticated malicious codes and exploit kits and make their infrastructure available for the use of others in exchange for money. Every piece of information (hacked personally identifiable information, compromised email accounts, etc), infrastructure (i.e. masked servers), tools (malware, ransomware etc) and services (i.e DDOS) have a price defined in the “free market” of the criminal underworld. For example, a DDoS attack service is currently marketed at around 5,000. – USD per day. Not at all expensive for a nation state.
CYBER WARFARE IS HAPPENING TODAY
Cyber warfare is not a futuristic dystopia. It is happening today with an increasing intensity. We experience city-wide electric cuts, communication interruptions, disrupted healthcare or travel services. USA, UK and EU have been tightening their legislations. New nationwide cyber security directives are put in effect one after the other. Collaboration among democratic countries is increasing.
Some strategic initiatives countries have been implementing to combat cyber warfare are:
- tightening cyber security regulations for critical infrastructures
- enforcing zero trust/micro segmentation to minimise and contain a possible damage
- increasing awareness for good security practices such as the use of multi factor authentication and strong passwords
- deploying deception technologies
- making cyber security a CEO responsibility
- deploying offensive security practices to take down cybercriminal infrastructures.
References:
(1) https://medyanews.net/hacker-group-anonymous-hacks-swedish-official-website-in-protest-at-extradition-of-kurdish-politician
(2) As it appears, Anonymous and Anonymous Sudan are two separate cyber threat actors.
-
Regular EDR Policy Tuning
The cyber security world has recently focused on EDR technology due to its significant impact across industries. This post explores the evolution from early antivirus software to EDR platforms. Key milestones include the introduction of commercial antivirus software in 1987, the emergence of heuristic and behavioural detection methods in the early 2000s, and the development of Next-Gen Antivirus (NGAV) in 2010. EDR solutions, emerging around 2013, are crucial for detecting, investigating, and mitigating security threats but require regular policy updates and meticulous tuning for optimal performance.
-
Mastering Log Management: Enhancing SIEM and SOC Efficacy
Efficient log management is critical for SIEM and SOC efficacy. Challenges include log agent malfunctions, configuration errors, and network issues. This blog explores four log problem categories, from detection failures to incomplete logs, and introduces innovative solutions for proactive threat detection and response. Learn how Cynode's integrated threat simulation and log validation processes ensure optimal log coverage and enhanced security monitoring. Stay ahead of cyber threats with robust log management practices.
-
Understanding WebApp Exposure
WebApp Exposure Monitoring involves regular assessments and updates to perimeter defence platforms like WAF policies, ensuring alignment with the latest threat intelligence. Having a proactive stance to WebApp attacks is crucial as cyber threats incredibly fast, often outpacing traditional security defences. The process of continuously monitoring web applications allows organisations to more readily detect anomalies and respond to threats in real-time, minimising the risk of data breaches and other cyber incidents.
-
Introduction to Managed Security Service Providers (MSSPs)
Businesses increasingly struggle with cyber security management, especially with limited resources. Managed Security Service Providers (MSSPs) like Cynode offer comprehensive, efficient solutions, managing everything from security infrastructure to incident response, often using cloud services for cost efficiency. This article explores the benefits and services MSSPs provide, underscoring their importance in modern cyber security strategies.
-
Improving SIEM Efficacy as the Market Evolves
As the SIEM market evolves with new mergers and partnerships, Cynode supports practitioners to ensure no security event is missed, offering comprehensive services from threat-centric log and rule validation to complete SIEM management.
-
Welcome Konrad Falk as Our New Senior Cyber Advisor & Architect!
Konrad brings extensive experience in Cyber Security and IT, with a background in programming, networking, and security. Passionate about securing companies and educating others, he values the trust of our leadership and is eager to manage security incidents and tackle evolving threats hands-on.
-
“Trust me, I was an engineer” – Björn Nilsson
We are pleased to announce Björn Nilsson as the new Head of Security Operations Sweden at Cynode. His extensive experience in cyber security and IT infrastructure marks a significant milestone in enhancing our capabilities. Björn brings a wealth of expertise from various critical roles within the industry.
-
Cynode Boosts Team with Gustav Bivstedt's Technical Expertise
Cynode hires Gustav Bivstedt as a Cyber Advisor to enhance our Cyber Advisory and Assurance Services. His expertise strengthens our technical capacity and supports business growth, including new offerings in security testing, cyber maturity assessments, and proactive risk management with Cyber Threat Intelligence.
-
Meet our "VP of Product" Cumhur Hatipoglu
As Cynode’s CMO, I am constantly impressed by our team's innovation and engagement. Cumhur Hatipoglu, our new VP of Product, enhances our mission to innovate in cyber security and MDR services. His approach integrates NIST CSF and best security practices to ensure our solutions meet clients' evolving needs.
-
EU updates NIS Directive. Are you compliant?
The European Union introduced the NIS 2 Directive to improve the cyber security of critical infrastructure systems within its member states and to ensure that digital service providers and operators of essential services have adequate security measures in place to secure their networks and data.
-
Rise of Cyber Due Diligence in M&A Processes
Sweden's post-pandemic economic recovery has spurred M&As. Cynode emphasises integrating cyber due diligence to address vulnerabilities, protect essential information, and optimise security spending, enhancing the security posture before, during and after M&As.