Since the Russo-Ukrainian conflict was initiated by Vladimir Putin on February 24th, 2022, the world has been watching. While much of the news coverage has centered around the physical battles being fought on the streets of Ukraine, cyberattacks have been a major component of Russia’s offensive initiative.
Just weeks before Russia attacked Ukraine unprovoked, threat actors surreptitiously deployed several different types of destructive malware that were designed to cripple Ukrainian technological assets.
Rising tensions between the United States and Russia have caused concern that the latter may direct its next wave of cyberattacks at the U.S. Despite the fact that United States officials consider vital infrastructure to be the prime target for such an offensive, private businesses of all sizes are also at an increased risk.
In this article we explore just how severe the threat of cyberattacks is and provide information to help businesses weather the storm created by the Russo-Ukrainian conflict. We also examine why American businesses should be concerned, identify some of the most at-risk sectors, and discuss what your organization can do to increase its preparedness.
How Severe Is the risk to U.S. business?
Organizational leaders, particularly those in charge of small to medium-sized businesses (SMBs), sometimes behave as if they will never be the victim of cyberattacks. Unfortunately, this approach can lull them into a false sense of security, as the use of malware and ransomware is nowhere near as rare as it once was.
In fact, cyberattacks have increased substantially in terms of both frequency and sophistication in just the last five years. According to the Federal Bureau of Investigation’s Internet Crime Complaint Center’s 2020 Internet Crime Report, there were over 791,000 complaints of cybercrime in 2020.
In total, cybercrime accounted for $4.2 billion in losses. While many of those crimes were perpetrated against individuals, businesses were also frequently targeted.
If these statistics tell us anything, it is that virtually everyone is a potential target for cyber atttackers. As such, SMBs, individuals, and large corporations must take action to protect themselves and their vital data.
Why American Businesses Should Be Concerned About the Ukraine Incident
The United States, along with many other nations, is taking swift action against Russia in response to its aggression in Ukraine. While the U.S. is not directly participating in the fighting, the federal government has intensified its sanctions against Russia.
Naturally, these sanctions have drawn the ire of the Russian government, which is why many cybersecurity experts believe that U.S.-based entities may be at an increased risk of cyberattack.
Other causes for concern include:
Russia Has a History of Co-Opting Cybercriminals
In a recent whitepaper, the Center for Internet Security (CIS) outlined the Russian government’s long history of co-opting cybercriminals in order to support state actions.
According to the whitepaper titled From Russia…With Love? evidence of the Russian government utilizing cybercriminals for state-sanctioned activities can be traced back to the 1990s.
During that string of incidents, the infamous Russian intelligence agency known as the FSB utilized hackers to “deface pro-Chechen websites.” This defacement is just one example of Russia’s unscrupulousness when it comes to cybercrime.
Throughout the 2000s, Russian intelligence entities continued to work with cybercriminals in order to strike out at their enemies. For instance, the Russian Business Network (RBN) hosted the digital infrastructure targeting Georgian assets in 2008 while the government was taking military action against Georgia.
For over two decades, the Russian government has demonstrated a willingness to work with and harbor cybercriminals within their borders. Therefore, there is no reason to suspect that it will not be willing to do so again, especially if doing so will give it the ability to “retaliate” against its enemies.
Russia’s security services are not only willing to work hand-in-hand with cybercriminals, but they are quite dangerous in their own right.
Entities such as the FSB have exhibited prowess for carrying out cyber-offensive actions against their enemies on multiple occasions. In light of these facts, it is vital that businesses do not underestimate the capabilities, or the ruthlessness, of cybercriminals.
Cyberwarfare Is Already Being Used in the Ukraine/Russia Conflict
The Russian government not only has a history of utilizing cybercriminals to cripple the digital infrastructure of its adversaries, but it continues to leverage these tactics to this very day.
Over the years, Ukraine has been the target of several Russian cyberattacks. In 2015, Russian hackers took Ukraine’s electrical grid completely offline. They carried out a similar attack the very next year.
In 2017, Russian cyber attackers escalated things even further by carrying out a highly destructive ransomware attack against Ukraine.
This attack targeted energy, financial, and government infrastructure. In addition, hackers zeroed in on global corporations that had offices in Ukraine. This attack remains one of the most damaging ransomware incidents ever.
Russia pre-empted its latest incursion into foreign territory by targeting Ukrainian assets with highly destructive malware.
In January of 2022, Microsoft’s Threat Intelligence Center confirmed that WhisperGate, a specific type of malware, was used to target several Ukrainian organizations. When deployed successfully, WhisperGate renders target devices completely inoperable.
On February 23rd, just one day before the invasion, researchers disclosed that HermeticWiper, another form of malware, was being used to target several entities in Ukraine. This malware only affects Windows hardware and can prevent it from booting up properly.
Clearly, Russia intends to incorporate cyberwarfare into its military offensives as a means of crippling its enemies’ ability to utilize their digital assets.
Cyber Defense Organizations Have Released Multiple Security Advisories
America’s preeminent cybersecurity organization, the Cybersecurity & Infrastructure Security Agency (CISA), has released multiple security advisories that directly reference the Ukraine conflict.
For instance, CISA published such an advisory on January 18th, 2022, in which it urged organizations to “implement immediate cybersecurity measures”.
Specifically, CISA encouraged organizational leaders, IT personnel, and other key decision-makers to be on high alert for any malicious activity.
The agency also recommended that all organizations, “regardless of sector or size,” take certain actions in order to improve detection, ensure preparedness, enhance resilience, and reduce the likelihood of experiencing a cyber intrusion.
CISA also launched its “Shields Up” initiative, which provides additional guidance for guarding against cyberattacks. This initiative includes detailed guidance for individual consumers, corporate leaders, and organizations of all sizes.
While CISA has repeatedly stated that there are currently no credible or specific cyber threats to the United States, the fact that they have issued repeated advisories should draw the attention of business owners across all industries.
CISA does not make these recommendations without cause, so it would be wise to heed the cybersecurity agency’s warnings.
Which Sectors Are Most at Risk?
While no one can say for certain which businesses will be targeted, Russian cyber attackers have historically focused their efforts on several key sectors, including:
Sanctions levied by the United States and other nations have been disastrous for the Russian economy. That is why some experts believe that Russian hackers may target U.S. banks and credit unions in order to disrupt America’s economy. Banks have also been a popular target in the past due to the obvious financial incentive.
However, financial institutions have drastically enhanced their cybersecurity protocols over the last couple of years. As a result, they are not nearly as easy to attack as they once were. That is why some experts believe that Russian hackers may turn their attention to more susceptible entities.
The 2021 hack that caused the Colonial Pipeline to be taken offline was incredibly disruptive to the United States. The impacts of the attack were highly publicized, which means that it might have drawn the attention of Russian malicious actors.
With that being said, energy infrastructure such as pipelines, power plants, and other key assets generally have robust cybersecurity solutions in place. Therefore, it would be incredibly difficult to duplicate the Colonial Pipeline ransomware attack. Again, this may lead Russian bad actors to shift their attention to softer targets.
Some experts fear that hackers may target the digital infrastructure of hospitals, as this would allow them to maximize the disruption that they cause. While penetrating a hospital’s network will not create economic disruption, it will send a powerful message to Americans.
Like hospitals, schools are generally viewed as “off-limits” in the eyes of the American people. However, Russian hackers likely do not share this sentiment, which means that school districts may be targeted with sophisticated ransomware.
In addition to the entities outlined above, everyday small to medium-sized businesses are at an increased risk of experiencing a cyberattack due to the Russo-Ukraine conflict. Many of these businesses are vulnerable because they have neglected to invest in cybersecurity solutions.
How Can Companies Insulate Themselves Against Ransomware Attacks?
While the threat of cyberattacks is very real, there are ways you can insulate your business from the dangers of ransomware and other types of malicious software. Specifically, you can partner with an experienced managed security services provider, such as Touchstone Security.
To learn more about our dynamic security services Touchstone Secure, contact Touchstone today. We will gladly provide you with a no-obligation consultation.
Touchstone Security’s XDR offerings enable companies to work with the knowledge that their devices are monitored for security incidents and malicious data around the clock. We focus on providing cybersecurity that results in real, meaningful risk reduction.