For decades, when anyone heard the word “gang” they automatically associated it with violent crime in the streets, or the slums, or “the hood”; the underworld of hustling, drive-by shootings, drug trafficking, intertwined with ulterior motives, politics, and monetary incentive. But today, gang warfare and violent crime have taken a new shape and position.

In the world of government and political conflict, so much of what makes the news about severe threats to national and local security is related to malicious attacks on critical IT infrastructures, with highly sensitive data and critical assets being compromised. From secret service research to warfare strategies and allied communication, we’re talking about global-scale international threats.

Today, the malicious attacks of gangs have transitioned into cyberspace, frequently executed through online communication on social media. It entails bribery and ransomware breaches and correlated conspiracies in the internet’s gloomy underworld of the dark web. In 2020, there were over 15 billion user and account credentials for sale on the dark web which is an astronomical amount of sensitive data. That is three times the amount that was for sale just two years prior. A gathering place for hackers and online criminals, the dark web now serves as a huddle-up spot for the new technology-driven face of gangs, a sort of headquarters for lone wolves and gangs to sell sensitive data as collateral for sums.

It’s important to note that all these credentials and the data they include provide hackers with access to cloud solutions and their data. In other words, digital identity is the key to accessing cloud data that can bring full operations to a standstill with one malicious breach. Once a hacker has logged into a SaaS solution or cloud-based app, hackers find backdoor entry points to breach the overall cloud infrastructure, and when compromised, full operations can come to a halt to a point of no return. What’s even more concerning is that most Digital Identity Access Management (IAM) systems don’t come with out-of-the-box backup and recovery features or options. But the solutions IAM systems provide access to are often home to mission-critical assets that can make or break business progress– depending on how they’re utilized or who’s hands they land in.

Cybercrime gangs have mercilessly brought presidents and prime ministers to break a cold sweat, targeting critical infrastructures of organizations that directly wage war on nations these hackers support. And based on tracking data collected by the dark web monitoring platform DarkTracer, the Russian gang Conti has reached cybercrime glory, in the lead with nearly 200 more attacks on organizations than the most prolific gang today. And these hoodlums are waging war with serious force and strategy; just days ago they threatened cyber-attacks on the critical infrastructures of countries opposing Russia’s current invasion of Ukraine, with their ideology, paralleled to that of the Kremlin’s.

World War III is a cyberspace battle in the making: Russia versus Ukraine

What’s at stake? Full operational flows of government organizations with the most sensitive forms of data are on the verge of being compromised. From secret service strategies and investigative insights to warfare and negotiation tactics, the potential disclosure of data of nations allied with Ukraine could be compromised with a large-scale breach that bears a heavy weight. Australian government officials are wary of their position and stance.

Sounds scary? That’s because it is.

With Russia’s historical use of cyberattacks to threaten adversaries and leave them defenselessly frail, Conti brought the world to the edge of their seats with their attack that is positioned to be the beginning of the “first full-scale cyberwar in the making”.

Condemning the war in Ukraine while indicating they were not aligned with any one particular government, Conti threatened cyber-attacks on Ukrainian ally governments from a standpoint of political identification and stance with suffering civilians. The gang stated:

“Since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the wellbeing and safety of peaceful citizens will be at stake due to American cyber aggression.”

To create a context for the potential impact and capacity a cyberattack of this scale and type can mean to Western allies of Ukraine, like Australia, I will remind you of their past assaults. Conti executed the December 2021 cyber-attack on CS Energy, owned by the Queensland government, along with two additional state attacks of critical infrastructures, with the direct victim undisclosed. The gang fearlessly promised to apply full force in all these attacks to “[...] deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia.”

Since Conti’s previous attacks on medium and large-scale enterprises came with incentives for sizable pay-outs, their agenda is clear.

What’s the defence strategy for companies at risk?

Australia’s Prime Minister, Scott Morrison, is urging organizations to adopt heightened cyber security measures to protect critical assets due to the political escalation and conflict in Ukraine. Morrison stated:

“There has been a pattern of cyber-attacks against Ukraine and that continues now... Malicious cyber activity could impact Australian organizations through unintended interruption or unmaintained cyber activities.”

Institutions like the Australian Cyber Security Centre have suggested taking advanced measures in detecting malicious attackers or attacks in progress to ensure strategic “mitigation and response measures.”

What can organizations do to protect themselves?

With over 83% of companies citing at least one breach as access-related in 2020, today’s circumstances for SMBs and enterprises in various industries and verticals aren’t promising. With the ongoing developments of new technologies that bring businesses a multitude of misconfigurations and human errors that can produce vulnerabilities, there isn't much to be optimistic about. Digital Identity, the backdoor to hackers, opens with greater ease as an increasing number of applications that house critical assets develop, with new strategies for breaches evolving daily.

Mission-critical IT assets now require even greater protection and attention. They need to be equipped with proactive measures since the responsibility to protect data with backup and recovery is in the hands of their owners - the organizations creating and storing them. If government organizations find themselves at the mercy of hacker gangs like Conti, just imagine the level of vulnerability companies that have taken fewer security precautions to protect mission-critical assets will have. And in the event of a breach of the cloud infrastructure, if proactive measures and data backup is performed regularly with a tool designed to protect mission-critical assets housed in the cloud, recovery and resuming business as usual is an exponentially easier process. What’s more, Identity Access Management systems like OKTA are the doorway to all cloud-based applications of a particular user or multiple users within the enterprise or organization. For a solution like OKTA, there is no out-of-the-box recovery or backup feature, and the demand for a third-party solution is high. Imagine a system that governs and manages all cloud-based apps that require identity verification and authentication without backup and recovery. How does an organization get moving again?

Minimizing the risk of operational downtime, irreparable brand damage, or even national security concerns using a full tenant recovery solution that maximizes digital identity data retention can prove to be the smartest and most cost-effective route to protecting mission-critical assets and all data housed in the cloud.

Written by Muli Motola, CEO of AccSenSe