The 2022 Russian invasion of Ukraine has sparked new fears of a cyber war along with several warnings for US businesses to improve their security posture against the possibility of retaliation and other long-ranging impacts. At the time of this writing, the conflict is still proceeding and though there have indeed been cyber attacks thought to originate from Russia or their allies, there has been no irreversible digital onslaught (yet). However, what many experts fear most is that these initial offensives were only an opening salvo, with worse yet to come based on historical precedent.
Here is what you need to know about how a potential cyber war will impact your business’s security posture in the short and long terms:
What is Happening in Ukraine as of March 2022
The origins of the Russo-Ukraine conflict are deeply rooted in both countries’ histories, but this most recent turmoil could be said to have started with a 2014 revolution that displaced the Russian-supported Ukrainian president. Tensions quickly rose as Russian-speaking citizens rebelled, with some being annexed by Russia and others in open warfare with the new Ukrainian government. The protection of these breakaway states was claimed by Putin as his primary justification, although he has simultaneously stated his intent to prevent Ukraine from joining NATO.
As the hostilities began to escalate between the new Ukrainian government, the rebels and Russia, Ukraine also found itself the victim of several major cyber attacks that nearly crippled its infrastructure and financial sector. These incidents are thought to have been part of a long-term campaign by Russia to undermine Ukraine, though their involvement have never been conclusively proven.
Russia’s History with Cyber Warfare & Suspected Attacks
Russian security and intelligence services have long been suspected of working with and even directing major hacking groups, especially ransomware gangs. Leaks have shed significant light on these accusations (more on this below), revealing a close relationship with at least one key cybercriminal syndicate. Others still have had seemingly complete immunity from prosecution, until the crackdown on the remaining members of the defunct REvil gang.
It is thought that Russia’s alliance and integration with third-party hackers gave them extended resources, reach and plausible deniability, with evidence of the benefits present over several operations. One such example could be seen in a past scenario reminiscent of the current conflict, in which Georgia’s systems were hacked during a similar type of invasion.
Cyber War Between Ukraine and Russia: 2013 – 2022
Since the beginning of the backlash against the pro-Russian regime, Ukraine has frequently been a target of disruptive cyber attacks that many observers believe came from Russia or allies. This began with efforts to sway or deflect the political unrest but escalated to two separate shutdowns of the national power grid in both 2015 and 2016. This was followed in 2017 by the NotPetya ransomware campaign, which heavily impacted Ukraine and was also considered the biggest hack in history at the time – until it was supplanted by the 2022 cyber attacks.
Before and around the onset of the invasion, Ukrainian computers in the public and financial sectors were targeted yet again by DDoS disruptions, ransomware, and data wiper programs hiding within the other attacks. However, this time the damage was quickly mitigated and systems restored just as the true war was proceeding. This time, there was a consolidated devotion of resources to cyber defense from within Ukraine and abroad, as well as a strategic shift on the Ukrainian side from countering Russian propaganda to proactive cyber warfare.
Other Suspected Russian Cyber Attacks Against US and Allies
Several past cyber attacks affecting the US, Germany and other NATO member states or allies are thought to have also been part of an ongoing campaign by Russia to help them better achieve political objectives. The SolarWinds hack is one such incident, in which Russian agents were able to use a software exploit to hack into several US government agencies and access their data. This followed previous attacks such as NotPetya, which also targeted US institutions, as well as a 2014 breach of JPMorgan Chase that the FBI suspected was in retaliation for American sanctions against Russia.
More recent operations with suspected Russian involvement include a concentrated effort to attack the US power grid in a similar manner to Ukraine’s. This campaign is worrying for several reasons, including the fact that Russian hacker groups have proven more successful than their Iranian counterparts in breaching industrial control systems (ICS) and utility firms, as well as the direct involvement of Russia’s military intelligence agency.
Backlash Against Conti Ransomware Gang Inspires Neutrality?
Despite the warnings, there have been few (recorded) follow-up cyber offenses past the initial ransomware and wiper blitz. There could be any number of reasons why – from the logistical requirements of the Russian occupation to Ukraine’s cyber defense – but there may be some revelations to glean from a recent example of a ransomware group that chose to take sides. The Conti gang made a public declaration of support for Russia soon after the war began, which was quickly followed by an internal leak exposing some of their most sensitive data.
Competitors just as quickly announced their intentions to remain neutral, highlighting the fact that many of the affiliates these syndicates rely on are based in Ukraine, or in countries that have opposed the invasion, and share their national sentiment. Though these cybercriminal organizations have professed prioritizing their business objectives over political ones, past experience indicates that there should remain a concern that the two could align if the price is right.
How the Cyber War May Play Out
It is much too soon at the time of this writing to predict how the conflict will conclude and when it will escalate into a true cyber war, if at all, but precedent dictates that eventually there will be an incident somewhere. It is important to look at the current factors to measure where risk is greatest and determine where the biggest vulnerability lies:
- Russia has proven willing to and capable of deploying a cyber attack to mask espionage
- Russia has proven willing to breach systems for political disruption as well as gain
- Russia and ransomware groups have proven willing to cooperate during peacetime and proxy war activities
- Nation-state and cybercriminal hackers have proven capable of breaching American utility and financial systems
- Cybercriminal groups tied to Russia frequently target healthcare, payroll and financial service providers, along with process manufacturers and supply chain partners more sporadically
- Nation-state and cybercriminal hackers are constantly seeking software exploits for backdoor access
- Ransomware groups see organizations with cyber insurance outside of a warzone as ‘safe’ targets
- Russia’s economy is destabilizing, which could create more Russian ransomware affiliates
- Phishing is ransomware’s top infection vector, and phishers always take advantage of crisis
It is also important to keep in mind that, depending on how the conflict proceeds or concludes, Russia could have a greater or lesser need for plausible deniability which inevitably will affect the rate and scale of future cyber attacks. This will also undoubtedly inform other frequent cyber warfare actors targeting the US, including China, Iran, North Korea and Turkey.
Update Your Security Posture Before Cyber Warfare Hits Home
Regardless of how the Ukraine conflict turns out, it is very likely that Russia and other actors will resume their hidden cyber war against US targets in the near future, with lessons learned from observing American IT resources in action. The good news is that Ukraine has (again, as of the time of this writing) shown proof-of-concept that even institutions greatly impacted by breaches in the past can learn how to mitigate damage and restore systems quickly. However, its cyber incidents also serve as examples of how much hackers are capable of with nation-state backing and how far some countries are willing to go in the impending cyber war.
SWK Technologies is launching a new cybersecurity service – 360 Cyber Guard – that is intended to help you shore up your last line of defense at the user level by enforcing best practice through dedicated awareness training. This program includes education as well as persistent testing, personalized micro-training, simulated phishing attacks, and individual vulnerability assessments to gauge each employee’s retention and risk factor. This solution can also be extended to include dark web monitoring services that identifies compromised information from your organization being traded by hackers.
Learn More About SWK’s 360 Cyber Guard & Other Cybersecurity Services
Cybersecurity has increasingly become a core requirement of modern business, and the political tensions of the world are only going to create a greater scale of clandestine cyber warfare that could easily spill over into a true cyber war. Prepare your business before it’s too late – reach out to us to learn more about our tailored security services with 360 Cyber Guard, or just get educated on what you need to do to defend yourself from growing cyber threats.
Contact SWK here to learn more about 360 Cyber Guard, and how to best protect your business during the new age of cyber warfare.
Get Cybersecurity Tips & Services