Imminent risk of cyberwar from conflict in Ukraine spreading to Asia

“For Russia, the war with Ukraine probably served as a real testing ground for its next generation of cyberweapons.

“Countries and companies watching this final chapter unfold should remember this: the frontline of online warfare can – and has – crossed borders,” he added.

Five years ago, Ukraine’s largest airport, the national bank as well as the energy authority suffered devastating cyberattacks, in what would have been a campaign launched by Russia.

At the heart of the attacks was the NotPetya virus which erased data from computers.

It wasn’t meant to spread beyond Ukraine, but it did – across the world. Total losses worldwide were estimated at more than US$10 billion (S$13.7 billion).

The malware affected hospitals in the US state of Pennsylvania, a chocolate factory in the Australian state of Tasmania as well as the digital systems of a number of major global companies, including shipping company Maersk and pharmaceutical giant Merck .

India tops the list of countries affected by NotPetya in Asia-Pacific. The country’s largest container port in Mumbai has been targeted.

Singapore emerged unscathed from the virus.

According to the US think tank Council on Foreign Relations, Wiper malware with similarities to the NotPetya wiper was discovered on Ukrainian systems in an attack in January.

“The wiper was designed to look like ransomware and offered victims what appeared to be a way to decrypt their data for a fee, although in reality the malware wiped the system. ice was found on systems across Ukraine, including the Ministry of Foreign Affairs and networks used by the Ukrainian cabinet,” he said last Friday (March 11).

Cybersecurity threats are of particular concern for countries that have decided to initiate sanctions against Russia for its invasion of Ukraine.

The alert has been issued in a number of countries, including the United States, the European Union, the United Kingdom and Japan.

Japan’s Ministry of Economy, Trade and Industry, for example, sent out a notice urging businesses to be extra vigilant against cyberattacks, The Japan News reported on Feb. 28.

Files attached to emails should not be opened carelessly, the advisory said. Data should be backed up to prevent loss, he added.

Experts have also called on people to be careful at home too, warning that cyber attackers can sometimes manipulate home devices with weak security and use them to transmit data.

Singapore’s Computer Emergency Response Team also released a briefing after the Russian invasion of Ukraine urging businesses to strengthen their cybersecurity systems and take steps to protect their data from cyberattacks.

“Asia is very vulnerable,” Dr Austin said, with many countries still investing appropriately in capacity building and because the intensity of the threat has increased.

“Singapore may be the exception,” he told the Straits Times.

A June 2021 report by the IISS assessing the cyberpower of 15 countries placed only the United States at Level 1, given its strength as a global leader in several categories, including strategy and doctrine, governance, command and control and cybersecurity and resilience.

China was the only Asian country to feature in Tier 2, along with Australia, Canada, France, Israel, Russia and the United Kingdom.

Several Asian countries – including India, Indonesia, Japan, Malaysia, North Korea and Vietnam were among Tier 3 countries. These countries had potential strengths in some categories, but significant weaknesses in others.

The report said Indonesia, for example, had identified high-priority assets that needed the strongest protection, but basic cyber defenses and incident response capacity were still not very well developed.

Malaysia, on the other hand, ranks higher in cybersecurity, but questions remain about its ability to detect and report cyberattacks as well as the level of coordination between different cybersecurity actors, he said. .

Mr. Jeremy Jurgens, Managing Director and Head of the Center for the Fourth Industrial Revolution at the World Economic Forum, said that it is the responsibility of every organization and institution to maintain a robust cyberinfrastructure.

“It should be 24/7. Attacks can happen at any time. The first step is to make sure senior management is aware. Companies must have backup plans, identify exposure points. Roles and responsibilities must be very clear,” he told the Straits Times.

“It is difficult to predict how the cyber conflict will evolve. But it is important to be prepared,” he added.

Shefali Rekhi

Editor and Director, Asia News Network
& ANN editor, The Straits Times

Previous These teens created a website that connects Ukrainian refugees with hosts offering shelter
Next Chinese Boeing crashes in mountains with 132 people on board, no sign of survivors