Russia-Ukraine Cyberattacks Put Businesses Worldwide in Danger

Nation-State Cybercrime is Everyone’s Problem Now

Conventional military tools are no longer the only weapons of war that nations wield.  Today’s conflicts also include a significant cyberattack component.  The world has been shown an example of how nation-state hacking can be used against an adversary in the last few weeks.  That leaves many people wondering if the cyber activity that preceded the current conflict between Russia and Ukraine is an example of what we can expect to see in the future of international conflict and how that could impact businesses.

The Russia-Ukraine conflict has been heralded by a blizzard of cyberattacks, primarily waged by Russia-aligned threat actors against Ukraine.  That blizzard has won Ukraine the unwelcome designation of the second most cyberattacked country in the world (the US is #1).  Following an inaugural spate of cyberattacks against Ukrainian government agencies in December 2021, another flood of denial of service (DDoS) attacks was perpetrated by suspected nation-state cybercriminals associated with Russia and Belarus in January 2022, crippling the websites of Ukrainian government agencies and at least two major banks.  That attack was categorized as the largest in Ukrainian history.

But they weren’t finished.  ESET announced on February 23 that they’d uncovered data wiping malware at work that had allegedly been at work for months, infecting hundreds of machines.  Reuters reported that a copy of the malware in question was uploaded to the crowdsourced cybersecurity site VirusTotal, giving cybersecurity professionals the opportunity to dissect it.   The same day, the websites of Ukraine’s government, foreign ministry, and state security service were knocked offline in a fresh onslaught of DDoS attacks that also impacted Ukraine’s parliament and multiple banks according to Ukrainian officials.  The Security Service of Ukraine (SSU) reported that most of the impacted resources were restored and that no data was stolen.

The cyberattack component of this conflict is not new.  Sky News offers an excellent timeline of cyberattacks believed to be launched by Russia against Ukraine leading to this point.  Two power outages in Kyiv in 2015 and 2016, several incidents of disruption of government online services, probable election interference, and targeting of Ukrainian military assets for intelligence purposes have all featured in the Russia-Ukraine saga since Russia annexed Crimea in 2014.  Experts also agree that Russia is responsible for the legendary NotPetya malware plague, originally launched against Ukrainian companies before spiraling out of control.  However, even though the cyber portion of the Russian-Ukrainian conflict has been going on for some time, the current series of events has led to unprecedented circumstances that have created heightened risk for businesses worldwide.

Red Flags Are Flying High

The US Cybersecurity & Infrastructure Security Agency (CISA) has not equivocated about the danger that cyber activity of this sort could present to businesses outside of Ukraine.  In their “Shields Up” advisory released last week, CISA identified Russia as a potential aggressor against US businesses in the nation-state cybercrime arena right now, saying that they are “mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.”  The agency also issued a strong reminder to organizations that may think they’re in the clear because they don’t conduct business in Ukraine, stating “Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.”  The advisory goes on to recommend that all organizations regardless of size or industry adopt a heightened cybersecurity posture.  UK officials also warned UK businesses that they were at heightened risk of potential Russian-aligned cybercrime activity this week.

That CISA advisory was hot on the heels of another one that called out Russia as a potential source of cyberattacks, against US defense contractors.  CISA, the US Federal Bureau of Investigation (FBI), and the US National Security Agency (NSA) issued an advisory warning that US defense contractors and the Defense Industrial Base (DIB) are at heightened risk of trouble.  The advisory bluntly states that those agencies have “observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors.  The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources.”  Some focus areas were called out specifically including U.S. Department of Defense (DoD) and Intelligence Community contractors in command, control, communications, and combat systems, intelligence, surveillance, reconnaissance, and targeting, weapons and missile development, vehicle and aircraft design and software development, data analytics, computers, and logistics.

How This Cyber Activity Could Endanger Businesses Outside of Ukraine

Nation-state cybercriminals aren’t just focusing on official targets like government agencies or militaries anymore.  They’ve stepped up their efforts as they branched out – nation-state cybercrime has doubled since 2017.   In the most recent waves of attacks by Russia-backed threat actors, banks and other organizations outside of the “official” sphere were on the list.  An estimated 90% of Advanced Persistent Threat Groups (APTs) regularly attack organizations outside of the government or critical infrastructure sectors.  In fact, Enterprises are now the most common targets of state-sponsored cybercriminals.  

 Dr. Mike McGuire and HP, Nation States, Cyberconflict and the Web of Profit

Danger is Headed to an Inbox Near You

How are nation-state cybercriminals most likely to attack businesses?  Through spear phishing and ultimately, ransomware or other malware.  Ransomware is the preferred weapon of nation-state cybercriminals.  These days, they don’t even have to do the phishing themselves; it’s easy and cheap to hire freelancers or smaller cybercriminal gangs to run everything from run-of-the-mill phishing scams to sophisticated spear-phishing operations in the booming Cybercrime-as-a-Service economy that thrives on the dark web.

Make Smart Security Choices Now to Avoid Trouble Later

CISA recently recommended that companies step up their security awareness training programs to combat the current tide of ransomware and phishing threats.

• Security awareness and compliance training helps prevent expensive cybersecurity incidents ad compliance failures
• Empower employees with the knowledge that they need to spot and stop the threat they see the most: phishing

Stop credential compromise threats before they start by ensuring that your company isn’t going to receive a nasty surprise from the dark web with the leading dark web monitoring solution in the channel, Dark Web ID.

• 24/7/365 monitoring that you can feel confident about
• Real-time analysis alerts you to trouble fast
• Monitor business and personal credentials, domains, IP addresses, and email addresses

Be sure to schedule a Free Cyber Security Risk Assessment.