Cyber Warfare: How the Russia-Ukraine Conflict Changes the Global Cyber Risk Approach
With Russia’s continued — and deplorable — assault on Ukraine, questions abound on the war’s influence on cyber threats.
Not one to shy away from large-scale cyber attacks, Russia is under the watchful eye of cyber security experts worldwide, as the country continues to advance its heinous acts of violence on the ground in Ukraine.
“Putin has declared that countries taking unfriendly actions toward Russia [that inhibit the invasion] will be punished,” said William Altman, principal cyber security consultant at CyberCube.
“The more allied nations seek to impose sanctions on Russia, the more likely it is that Putin will begin to flex his military and intelligence agencies’ formidable cyber force.”
Though we can’t predict exactly how things will go, risk experts are trying to keep one step ahead by reviewing past incidents, monitoring the ongoing situation and updating best practice recommendations.
Why Is the Current Environment Ripe for Attack?
As soon as Russian military invaded Ukraine, the outside world discussion began on whether or not cyber warfare would escalate in tandem.
News outlets speculated Russian President Vladimir Putin would engage cyber attacks as part of his military strategy. Politico went so far as to say that the Russian invasion could “redefine cyber warfare” altogether.
“Russia has demonstrated the intent and the capability to attack globally and largely at will when it comes to waging cyber offensive operations,” said Altman. “The opportunity for cyber attacks to spill over into countries outside of Ukraine and Russia is apparent. Risks include self-replicating wiper malware, similar to NotPetya in 2017, and escalating retaliatory cyber attacks exchanged between parties.”
Yet cyber warfare hasn’t exactly made a big imprint on the battlefield.
“Despite the use of data-wiping malware at the start of the invasion, we have yet to see more destructive and severe cyber attacks,” Altman said.
As noted, cyber attacks were involved in the leadup to the invasion: “Google said it had uncovered widespread phishing attacks targeting Ukrainian officials and Polish military. Security outfit Resecurity, Inc. also shared evidence of a coordinated hacking campaign targeting U.S. firms that supply natural gas,” The Verge reported. These incidences were recorded before the Feb. 24 invasion.
This environment of unrest and uncertainty is ripe for cyber activity.
Sanctions placed on Russia’s banks, oil refineries and military exports are being used to stifle its economy. While Putin had spent almost a decade building one the world’s largest reserves of foreign currency — $640 billion, as reported by New York Magazine — such a stockpile became meaningless when the world started boycotting Russia.
This is because the sanctions placed on the country all but made the ruble worthless while also cutting Putin off from access to banks holding his foreign currency fallback.
And when the money dries up, who’s to say cyber warfare won’t be the most far reaching option for the Kremlin?
What About Hacking Russia Instead?
An interesting thought, one that the online hacker group known as Anonymous has already tried (and succeeded at) earlier this month.
To thwart Russian media from downplaying and even not reporting on the war at all, Anonymous hacked into Russian television broadcasts and aired on-the-ground footage of Ukraine under attack.
Cries of “fake news” rang from Russian officials, and anyone found linked to the hack could face a $14,000 fine or a prison sentence of up to 15 years, according to The Independent.
Still, it’s one way the world is fighting back. (Visit Fortune to read more about the Anonymous hack.)
Cyber Experts on the Case
For the time being, cyber activity from Russia seems laser-focused on Ukraine, with both countries openly recruiting a global volunteer cyber force to help attack their enemies’ IT systems and networks.
“The U.S. and Ukrainian cyber forces have been working together to bolster Ukraine’s ability to repel Russian cyber attacks and to defend critical infrastructure,” Altman said.
“The world’s biggest technology companies are also responding by acting on cyber intelligence to quickly address attacks flowing through their products.”
One example of such cyber defenses comes from California-based cyber insurer Coalition, whose CEO Joshua Motta announced Operation Nightingale earlier this month.
Operation Nightingale, as Motta writes, is an “effort to mitigate the impact of escalating cyber risks for nonprofits and public interest organizations around the globe — and particularly for all such organizations in Ukraine — [that] may not have the resources to invest in cyber security tools, or the capability to address and recover from a cyber attack.”
Tech giant Microsoft has already lent a helping hand as well, stopping a malware known as FoxBlade from infiltrating Ukrainian computers as early as the start of the invasion.
The question turns to the world’s preparedness. The potential for the current Ukraine-Russia attacks to spill out into the world at large, much like the NotPetya attack Altman alluded to, is high. Cyber disaster scenarios could include attacks on critical infrastructure such as banks, oil and gas, electricity, shipping and mobile network operators.
Glenn S. Gerstell, a senior adviser at the Center for Strategic and International Studies and the former general counsel of the National Security Agency, told The Guardian that the U.S. is “not ready to defend [a cyber attack] as a country.”
It’s a worrisome sentiment, considering that the world is waiting for the cyber shoe to drop.
“The U.S. has been reactive and side-stepped cyber responsibility by simply grafting it on to existing government agencies, making each agency responsible for its own area,” Gerstell said.
But that isn’t to say all businesses and individuals are completely at a loss.
Altman and the team at CyberCube published a study on the cyber threat shift caused by the current situation, looking at the impact cyber warfare may have on the insurance and reinsurance industries.
CyberCube’s Study at a Glance
The CyberCube study, “War in Ukraine Creates Fundamental Shift in the Cyber Threat Landscape,” reiterates that while cyber has yet to make a big impact on the ongoing conflict, it has the potential to become a critical — and disastrous — player.
“We are continuing to watch the criminal cyber threat landscape closely. This includes studying the known tactics, techniques, and procedures of the prolific ransomware threat actors that have pledged their allegiance to the Russian state,” Altman said. “We think these threat actors will continue to hunt opportunistically for targets with lapses in cyber security.”
Of note, the study reports on three main types of cyber attacks witnessed to date, including distributed denial of service (DDoS) attacks, data corruption and wiper malware with self-propagating capabilities, and misinformation campaigns.
Altman stated that the initial set of DDoS attacks were created to undermine Ukrainians’ faith in their government, but so far, such attacks have fallen short as the citizens bravely fight on for their home.
DDoS aren’t slowing, however: “Today, we see similar attacks including DDoS and website defacement being waged on both sides of the conflict and by hundreds of volunteer cyber forces operating from around the world,” Altman said.
Government websites, agencies and ministries on both sides have seen denials of service as well as data leaks since the start of the invasion. But, Altman relayed, “these attacks contribute to the escalatory nature of the conflict and muddy the waters for properly attributing cyber attacks to nation states.”
The key takeaway, Altman and the experts at CyberCube said, is that these current events could change the cyber threat landscape for years to come. It’s setting the stage for how war could play out in the digital age. For insurers and reinsurers, that could mean finding their businesses or their clients’ businesses in the crosshairs.
Would such events fall under an act of war? Cyber policies and general P&C policies often include “war exclusion” or “hostile act exclusion” language. (Though, pharmaceuticals company Merck recently landed a $1.4 billion victory over NotPetya after a New Jersey judge deemed the attack as not an act of war.)
Added to policy exclusions, rates are rising, as Risk & Insurance reported in February, and protecting against threat of ransomware is becoming an evermore challenging environment.
So what can be done in the interim while events unfold?
“Russian APT [advanced persistent threats] actors and their criminal cyber gang counterparts are opportunistic hunters,” Altman said. “They will look for targets that meet strategic as well as operational criteria. This means primarily compromising companies that fail at cyber security basics.”
These basics include training employees to detect even the simplest of phishing attempts, as well as keeping systems and software up-to-date, requiring multi-factor authentication when logging in, and backing up data as often as possible.
“Companies that maintain a consistently high level of cyber maturity for phishing prevention, logging, monitoring and identity access management are poised to defend themselves,” noted Altman.
The good news for now is that full escalation still seems to be at bay: “Both the U.S. and Russia are likely to be embedded in each other’s critical infrastructure systems, creating a non-nuclear form of mutually assured destruction. Both sides are treading very carefully in cyber space trying not to trigger escalation,” he said. &