What are the implications for the security of the Metaverse when Russia and Ukraine are involved in global hackers?

The Internet of Everything is an important direction for the future development of the global network, and the deployment of the Internet of Things will far exceed any other network system. For attackers, these IoT devices will be tens of billions of new targets and new “broilers” that can cause even more damage. Therefore, in today’s article, let’s take a look at how this offensive and defensive battle has been escalated step by step, what security vulnerabilities have been exposed, and its enlightenment to the security of the Internet of Things and even the security of the Metaverse.

The Queen of Things: National Hacking Force Enters the Game

The intensification of the conflict between Russia and Ukraine has been followed by a “renaissance” of global hacking. This war started online and offline at the same time, and the offline and online were highly integrated and mutually shaped. It can be said to be the first international dispute in the Metaverse era.

In just one month, the cyber warfare has gradually escalated, from the Ukrainian Ministry of Defense convened civil hackers to fight, to the blackmail organization supporting the Russian government, and then to the US President’s desire to cut off the network, power off, and cut off supplies… Interest groups from all sides have been involved. , the warring parties are far more than Russia and Ukraine.

This is the first global information security war that broke out after the world entered the stage of digitalization. Many national-level hacking forces entered the game, targeting countries and destroying core critical infrastructure. Moreover, this information security war has a tendency to spread from the IT field to the OT and IoT fields.

The Internet of Everything is an important direction for the future development of the global network, and the deployment of the Internet of Things will far exceed any other network system. For attackers, these IoT devices will be tens of billions of new targets and new “broilers” that can cause even more damage. Therefore, in today’s article, let’s take a look at how this offensive and defensive battle has been escalated step by step, what security vulnerabilities have been exposed, and its enlightenment to the security of the Internet of Things and even the security of the Metaverse.

Tens of billions of IoT devices may be potential targets

What are the implications for the security of the Metaverse when Russia and Ukraine are involved in global hackers?

In the chaos, cyber attacks first revolved around IT systems, and then gradually progressed to industrial control and OT systems.

Hacker groups from various interest groups use distributed denial of service (DDoS) attacks, phishing fraud, vulnerability exploits, supply chain attacks, malicious data erasure attacks disguised as ransomware and other “cyber force” to attack government websites, Internet connections, Targets in the fields of national defense and military systems, satellites, railways, electricity, energy, and medical care have launched sabotage attacks, threatening key infrastructures that are related to the national economy and people’s livelihood.

On January 14, more than 70 Ukrainian government websites were attacked by the APT group, and many websites including the Ukrainian Ministry of Foreign Affairs, Ministry of Defense, State Emergency Service, Cabinet and Ministry of Foreign Affairs were forced to go offline.

In the first three days of the war, the number of cyberattacks against the Ukrainian government and military increased by 196%, while the number of cyberattacks against Russian organizations increased by 4%, and the number of phishing emails in Russian and Ukrainian increased sevenfold.

On February 24, Ukraine’s Ministry of Defense commissioned its cybersecurity provider, Cyber ​​Unit Technologies, to recruit civil hacker groups within the hacker community to help secure the country’s critical infrastructure. The company then launched an action plan to reward hackers for hacking Russian websites, promising an initial $100,000 in funding.

On February 24, the US Cyber ​​Security and Infrastructure Security Agency CISA believed that the cyber security conflict between Russia and Ukraine involving critical infrastructure may affect other countries, and every organization must be prepared. CISA also created a new SHIELDS UP technical guidance webpage detailing malicious cyber activity affecting Ukraine and recommendations for countermeasures.

On February 25, according to foreign media reports, the world’s largest hacker organization “Anonymous” announced an online attack on Russia, and many Russian government websites were hacked offline. The hacker group Anonymous shut down more than 1,500 websites related to the Russian and Belarusian governments, state media, major banks and businesses within 72 hours.

On February 27, Conti, the world’s top ransomware hacking group, announced its full support for the Russian government, saying: “If any agency decides to organize a cyber attack or any war activity against Russia, we will use all possible resources to attack the critical infrastructure of Russia. the enemy to counterattack.”

On March 1, according to Bloomberg, a hacker group hacked into Belarus’ railway management computer system, sabotaging routers and switchgear, and encrypting the information stored on these devices, paralyzing the system. Some trains in Minsk, Orsha and Osipovich have been temporarily suspended for this reason.

Rogozin, the general manager of Roscosmos, warned that hacking attempts to disrupt the operation of Russian satellites would have serious consequences after a cyber-attack on the Roscosmos space mission control center on March 3.

On March 7, three companies, Cloudflare, CrowdStrike, and PingIdentity, announced a joint effort to strengthen U.S. cybersecurity in light of increased cyber threats. They jointly launched a 4-month Critical Infrastructure Defense program to provide free cybersecurity services to particularly vulnerable industries during this high-risk period.

On March 13, Russian energy company Rosneft reported a hacking incident and issued a cybersecurity warning to other companies in the energy sector.

On March 17, according to the BBC, China’s National Computer Virus Emergency Response Center said it had “captured” a hacking tool NOPEN, which was used in US cyberattacks on China and was deployed by the US National Security Agency.This Trojan has controlled a large number of Internet devices around the world and stole a huge amount of user privacy data…

The information security war has already started, the network has become a new battlefield, and the scope of the spread is still expanding. Whether it’s government websites, rail transportation, energy and power, or aerospace, paralysis in any one area will have a profound impact on a country.

From IoT Security to Building a Trusted Metaverse

What are the implications for the security of the Metaverse when Russia and Ukraine are involved in global hackers?

With the continuous upgrading of information infrastructure that is critical to people’s livelihood, more and more IoT devices and networks will be used in the process of intelligent transformation. According to the statistics of the Global System for Mobile Communications (GSMA), the number of IoT devices in the world has grown rapidly from 2010 to 2020, with a compound growth rate of 19%. According to forecasts, the number of Internet of Things devices (both cellular and non-cellular) worldwide will reach approximately 24.6 billion by 2025.

The series of incidents surrounding the Russian-Ukrainian cyber conflict revealed that the hackers’ attack targets are no longer limited to IT networks, computers and mobile phones, but have already targeted the Internet of Things and even the infrastructure above it, and have the ability to attack the real industry. The ability to inflict an attack.

Hackers targeting brick-and-mortar industries have been invading for many years, and there are many other examples. For example, in the Florida water plant poisoning incident in February 2021, the Oldsmar water treatment plant became the target of a cyberattack by hackers. The attackers tried to use technical means to poison the water supply system that supplies 15,000 people in the area.

In the spring of 2021, a cybercriminal group launched a ransomware attack on the largest U.S. fuel pipeline, targeting a pipeline that transports 45% of the U.S. East Coast’s fuel supply and sustains the Republic and life from Texas all the way to New Jersey . This is the largest oil pipeline in the United States, transporting more than 100 million gallons of fuel to Americans every day, or about 2.5 million barrels. Due to the attack, 5,500 kilometers of oil pipelines had to be temporarily closed.

In March 2022, as many as 7 security vulnerabilities were disclosed in the Axeda software of well-known company PTC, collectively referred to as “Access:7”, which could affect more than 150 devices from more than 100 different manufacturers, thus constituting a significant supply chain risk. Of the 100 affected equipment vendors, 55% belong to the healthcare industry, followed by IoT (24%), IT (8%), financial services (5%) and manufacturing (4%). Affected devices include medical imaging equipment, ATM machines, vending machines, cash management systems, label printers, barcode scanning systems, IoT gateways, and SCADA systems, among others.

The operation of modern enterprises often spans the infrastructure of IT information technology and OT operational technology, usually covering thousands of devices, and these devices are increasingly interconnected through the Industrial Internet of Things (IIoT), and the security issue becomes extremely complex. .

It is generally accepted that OT security is a part of cyberspace security, a subset of IoT security, which intersects with IT security, but is also quite different. The difference between IT security and OT security is shown in the table below.

IT Security OT security
different update frequency IT systems require frequent repairs, upgrades, and replacements OT systems may not be updated for years or even decades
different performance requirements The latest software and hardware with the best performance Stable, reliable, and long-term running software and hardware
Different reliability requirements Can tolerate short service interruptions Long-term stable operation to avoid unplanned downtime
different access controls Relatively loose access control Access levels can be limited according to each person’s needs
Private Networks, Systems and Programs Office networks are often divided by department, using standard Ethernet protocols Private networks and programs where communication is routine and predictable
different security mechanisms Using encryption and authentication Encryption and authentication can create security barriers in some cases, slowing down emergency response
Different risk management objectives Important information is not leaked Enhanced security at the expense of flexibility for stable operation

While OT security is part of Internet of Things (IoT) security, IoT security also needs to comprehensively consider Enterprise Internet of Things (EIoT) security, Industrial Internet of Things (IIoT) system and device security, and Industrial Control System (ICS) security.

In the digital age, everything is interconnected. Today, our various devices are gradually connected to each other. Every link in the key information infrastructure is the central nervous system of the real world. Consequences, any weak link, could lead to a disaster at the cost of hundreds of millions or even billions of dollars in losses.

Therefore, we need to consider security issues from a larger perspective. From IoT security to the trusted Metaverse, security, privacy, security, reliability, and toughness are not isolated dimensions. They are integral parts of the trusted industry Metaverse. Multi-faceted.

As mentioned in the previous article, “She was harassed in the Metaverse!” How can the security and privacy of the Metaverse be guaranteed?”, the Industrial Metaverse consists of a 7-layer architecture, so the Trusted Metaverse covers terminal hardware, Transmission network, application platform and other aspects and perspectives face various challenges and needs, including privacy protection, data protection, access management, edge security, communication protection, situational awareness, etc.

What are the implications for the security of the Metaverse when Russia and Ukraine are involved in global hackers?

write at the end

The battle around information and the network has two dimensions: the first is the psychological dimension, which draws people’s thinking through the release of information, and then influences public opinion; the second is the technical dimension, which conducts hacker attacks and aims to hinder social infrastructure such as railways and electricity.

Technology itself is neutral, but the different characteristics of technology often resonate with a certain orientation of values ​​and organizational logic, which is conducive to the spread of specific values ​​and organizational forms. This is not uncommon in history.

Ensuring the security of the Metaverse is a long-term process that requires the joint efforts of the industry to continuously improve and evolve. In the “Open Source” new book “Industrial Metaverse” , the security issues of the Metaverse are presented and discussed in “Chapter 6, the security and trustworthiness of the industrial Metaverse is crucial”.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/what-are-the-implications-for-the-security-of-the-metaverse-when-russia-and-ukraine-are-involved-in-global-hackers/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-03-20 23:24
Next 2022-03-20 23:28

Related articles