Russia’s decision to invade Ukraine in 2022 was met with widespread condemnation, but the assets being used to wage war with a sovereign nation are unlikely to be purely physical. And while the military forces of both countries are engaged in conventional warfare, there has been a surge in the number of Russian cyberattacks directed against both the occupied country and, increasingly, any Ukrainian allies that oppose the ongoing conflict.
Cyber warfare is now considered to be the best form of attack, and there is a consensus among security professionals that Russia’s black hat community has a particular set of skills that make this nightmare a reality.
So, what are these digital warriors trying to achieve and, more importantly, how can companies avoid constantly playing defense?
Russia benefits from being a hostile nation-state
We should first acknowledge that Russia has been engaged in digitally created disruption for more than 20 years. The recent surge in cyberattacks that can be linked to its current battlefield operations is, for all intents and purposes, business as usual.
There are thousands of examples of Russian and/or Eastern European hackers using their talents to sow chaos and engage in criminal activity, some of which are sanctioned by the state. However, we must take into account that cyberattacks are not only an accepted part of our digital ecosystem but also a contributor to a company’s risk management policy.
Although the war in Ukraine has contributed to a rise in black hat activity, there is evidence that the frequency and intensity of these attacks are as much of a threat signal as they are an attempt to destabilize and disrupt society.
What is also important to note is that Russia uses cyber weapons during peacetime to target critical infrastructure – IT servers, banks, media and power plants, for example. That focus doesn’t change when the country is on a war footing. In recent years, it has been waging what its leadership considers to be a “hybrid war” against the West.
This “hybrid war” involves using cyber as a means of preventing an armed or physical response. That tactic, unsurprisingly, is more likely to be directed at gaining access to data and, ultimately, inflicting financial pain.
Denial of service attacks, misinformation, hacked infrastructure, data theft, ransomware — the potential for unwanted disruption is almost endless. More often than not, the malicious actors who want to disrupt business activities and disable essential virtual systems can be traced back to malicious actors based either in the former Soviet Union or a Russia-friendly territory
We are all used to the concept of cyber criminals targeting companies and groups of individuals, but when that actor is state-sponsored then the stakes become a little higher. Simply put, organizations have to be aware of where they are vulnerable, and ensure that they have the proper protection protocols in place.
Detect, defend, deter
A successful cyberattack will inevitably have a negative impact on a business entity. Notwithstanding the hit to brand reputation, the financial consequences and impact on working practices can be significant. As we noted above, data and confidential information are usually the assets that these people want to access.
Dark Reading cited research that revealed the average cost of a data breach in 2022 is $4.4 million – a 13% increase since 2020. In addition, companies need around 277 days to identify and contain a data breach. When you link those numbers to an increase in the level of Russian-based cyberattacks, then the need for an effective defense strategy is self-evident.
Standard protocols such as securing networks and databases, the regular backing up of company-owned data and consistent employee education are good places to start. Business leaders should make the creation of security policies and practices a priority, and provide guidelines as to how they will be implemented. In addition, instilling a culture of cyber awareness across internal and external networks will limit the chances of suspicious activity going completely under the radar.
Digital disruption has no borders
So, should companies be concerned about the rise in Russian cyberattacks? The simple answer is yes. Acknowledging this fact doesn’t mean that business leaders should just assume that a cyberattack is inevitable.
A recent report by Microsoft, which looked at the first four months of the war in Ukraine, concluded that there were lessons to be learned from Russia’s cyber strategy. Attacks were not being limited to the occupied territory, the report said, with the “unique nature of cyberspace” allowing digital weapons to be deployed against a number of public and private sector targets.
These lessons included the ability for “countries to disburse and distribute digital operations and data assets across borders and into other countries,” the need for advanced cyber threat intelligence and end-point protection, and the integration of coordinated strategies to defend against the full range of “cyber destructive, espionage, and influence operations.” In other words, the report said, there must be a concerted in-house effort to detect, defend against, disrupt and deter foreign cyber threats.
If Microsoft’s assessment is accurate, then that could put added pressure on companies, government agencies and individuals to reduce the potential for Russian-generated cyber carnage. On the plus side, the recent surge in Russian cyberattacks has given business leaders a clear view of the threat landscape and where their companies are vulnerable. Knowledge is power, and knowing where the cyberattack will come from makes defense a lot easier.