Is there an enemy behind software?

Is there an enemy behind software?

War and software

The outbreak of the war on February 24, 2022, between Russia and Ukraine meant that everyone using software from these countries finally began to seriously analyze it. Until now, it seemed that many organizations accepted the information that it could be dangerous but did not change the supplier of IT tools.

The problems

There can be several threats resulting from the use of an application from a hostile source.

The most obvious and dangerous is to use software to attack a computer on which this type of software is running. If there is an upgrade of such software, the new version may contain additional “functionalities” which can be harmful.

The first option — the software will be used to spy on users in various ways — it can work as a keylogger, sending information about logins and passwords or it can scan the content of files and send their content into the wrong hands. Keylogging information will most likely be used to log into a bank or other service, take over your identity, steal money from a bank via the online banking system, obtain information from other systems for business and even military purposes.

The second option — the utility software can become malicious — including ransomware, which can also do a lot of damage over time — starting with the data theft, “hostile” encryption and, of course, ransom demand, and earlier, causing the working computers and servers to be disabled in the organization that was the victim of the attack.

The third option — the software can turn the victim’s computer into a “zombie computer” sending links to malicious code via instant messaging or e-mail messages, or even JavaScript code, which, when launched, will infect other devices and systems. The attacked computer may become a “zombie-DDoS,” i.e., a computer that generates queries to the attacked (without the knowledge of any unaware user) servers (e.g., www) used to carry out DDoS attacks.

Not only cybersecurity

The problem with the use of any applications from these countries may be not only the possibility of hacking an attack through them, but also the fact that such software is not continuously updated or its functioning is interrupted. This applies not only to software from “hostile” countries, but also from countries affected by the war, including Ukraine. Many technology companies from Ukraine have ceased their operating activities, some of them were based on infrastructure that has stopped working, some companies do not work for a simple reason — employees have been drafted into the army, have become victims of the war or live in hiding.

Software updates are one of the main practices to ensure security to remove detected vulnerabilities and to ensure proper functioning. Software vendors periodically introduce new versions so that they comply with legal requirements, are compatible with new libraries or operating systems, or do something they were designed for. The cybersecurity aspect in software updates is very important — practically every application has some bugs, errors also appear due to changes and updates of operating systems for which the software is intended or changes in components used to build the right website or application.

What software is it about?

Software from “dangerous” countries can be divided into several categories. The most famous brands of system software are anti-virus and anti-malware tools from producers such as Kaspersky Lab, Dr Web (also tried his hand at the Polish market) and Outpost (less popular but used). Solutions of this type are so dangerous that their work is to scan files from the user’s device (to check if they are not infected), downloading data from the manufacturer (signatures and other data about malware) and sending them from our computer more than once (data on detected malicious samples, “behavior” of suspicious software).

It should also not be forgotten that several well-known Linux distributions have been created in Russia, including ALT Linux, ROSA Linux, Calculate Linux, and Astra Linux. Linux distributions from Russia had their own group of “fans,” so they were installed on servers in many organizations, performing various functions.

Yandex (a Russian combination of a search engine and a large information portal) is also a producer of a web browser used by citizens of Russian-speaking countries for various reasons (usually not hostile).

We should also remember that one of the most popular messengers — Telegram — comes from Russia. The creator of Telegram is Pavel Durov, a Russian entrepreneur, programmer and billionaire who has repeatedly cut himself off from the Putin regime.

In addition to the above-mentioned software or the Linux distributions, there are many applications and tools on the market, the origin of which no one looks at, and sometimes even impossible to determine. The main threats are open-source applications because the problem is simply checking the source code if it does what it should according to its documentation.

What do regulators say to that?

The Polish Information Society warns companies and organizations not to buy and use applications and equipment from Russia. “The use of software from these vendors in the digitization processes of companies or administration, and even for the needs of consumers, may cause vulnerability to attacks, including loss of control over the operation of the system and irretrievable loss of data. (…) We are witnessing the largest cyber war in history waged on many fronts. The analytical capabilities of individual countries and, consequently, operations based on big data are one of the forms of strategy preparation and targeting cyberattacks. Their effects can be extremely difficult to predict today,” concludes Polish IT Society.

Until recently, the official distributor of Kaspersky’s software in Poland was Kaspersky Lab Polska, which at the beginning of April this year decided to end the sale in connection with the war in Ukraine. In mid-April, K Distribution, a company founded by former employees of Kaspersky Lab Poland, became a distributor of Kaspersky solutions. On April 26, the Polish authorities issued sanctions against 35 business entities with Russian capital and 15 businessmen from Russia. The list includes, among others, the manufacturer of Kaspersky Lab anti-virus software, and the sanctions included: freezing of funds and economic resources, exclusion from public procurement or competition procedures.

What’s next?

Most importantly, be aware of and monitor your IT environment. Switch to applications from outside Russia and Belarus because their use carries considerable risks related to your cybersecurity and business continuity.

Author: Przemysław Kucharzewski

About Przemek Kucharzewski

Przemek is a co-founder and VP of Sales at Cypherdog Security Inc., a vendor of solutions for encrypted communication. Przemek has 26 years of experience in building sales channels, marketing, and commercialization of IT solutions. In recent years, he has been focusing on cybersecurity and cloud solutions. Earlier in his career, he mainly worked for the largest IT distributors in the CEE region. He also worked as Interim Manager for IT system integrators and vendors in advanced solutions selling​​. He is the author of many articles in the IT & business media, speaker, lecturer, and podcaster.