Examining the Cybersecurity Risks of the Russia-Ukraine Conflict

We are living in an era of digital warfare, and have been for quite some time. Threat actors all over the world have been increasingly acting on the behalf of nation states. Last year alone, Google sent over 50,000 warnings of state-sponsored phishing or hacking attempts — and in December, Check Point Security predicted that what it termed the cyber cold war would intensify in 2022, leading to a sharp increase in state-backed attacks. 

Given the above, it should come as no surprise that the Russia-Ukraine crisis has echoed into the digital realm. In the two days immediately following the breakout of hostilities, US-based cybersecurity agencies saw an 800% increase in suspected Russian-sourced attacks. It is clear that as long as the conflict draws on in Ukraine, cyber attacks against both the country itself and the actors that support it will continue in perpetuity.

Modern warfare has a fundamental cyber element to it, something both sides of the conflict understand. Just as Russia has its own black hats and threat actors, Ukraine has what has been colloquially termed the IT Army. You may think that as a private company based in North America, this doesn’t affect you. 

You would be very, very wrong. 

Now more than ever, it is imperative that you understand the current cybersecurity risks your company faces. Now more than ever, it is crucial to take the necessary measures to mitigate those risks and keep your assets safe. Because no matter where you are and no matter what you do, there is always a chance you may be caught in the crossfire. 

Cybersecurity Risks of the Russia-Ukraine Conflict

The Cyber Threats of the Russia-Ukraine Conflict

Before we discuss the specific attack types that may spill over, there is one thing that we should first make clear. Although your business faces increased cyber risk as a result of the conflict, there is no reason to panic. Your best play at this point in time is to remain vigilant and be proactive — pay attention to the developing situation, and keep an incredibly watchful eye on any news that surfaces about emerging cyber threats. 

As is usually the case in cyberwarfare, the primary motive of cyberattacks stemming from the crisis is unlikely to be either financial or informational. Instead, actors on both sides will seek to create as much disruption and destruction as possible. With this in mind, there are several predictions we can make about the current global threat landscape. 

  • Large-Scale Distributed Denial of Service Attacks. Between early reports of DDoS attacks against Ukrainian websites, the fact that Russia has leveraged DDoS attacks in past conflicts, and the fact that multiple hacking groups have claimed responsibility for DDoS attacks targeting Russian assets, attempts to disrupt and overwhelm connected infrastructure represent one of the most common tactics on both sides of the war. 
  • Phishing Emails. In the months leading up to the Russia-Ukraine conflict, a Belarusian hacking group unleashed multiple waves of phishing emails targeting Ukrainian military personnel. Though less of an attack vector in and of itself, phishing and spear phishing attacks, phishing attacks could serve as a precursor to other attacks, stealing credentials or delivering malicious software. 
  • Malicious Software. Well prior to the conflict, cybersecurity officials were keeping a close watch on multiple Russian hacking groups with suspected government ties, including Cozy Bear, Conti, and Evil Corp. There is no reason to believe that these groups will cease operating in the current climate; instead, we suspect they will further amplify their efforts. We also believe it likely that we’ll see an uptick in general malware designed to wipe data and destroy systems. 
  • Brute Force Attacks. Sometimes the simplest attack is the most effective. As with phishing, brute force attacks are generally a precursor to something else. With that said, they’re incredibly easy to carry out — such that we doubt there is a single intelligence agency in the world that has never leveraged them. 
  • Website Defacement. Again, defacement is a tactic commonly used by both sides of the conflict, and may either be a propaganda tool or a malware delivery mechanism. 

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days

Defending Against State-Sponsored Attacks

As you can see above, the attacks stemming from the current crisis are nothing you haven’t heard of before. Although we may see new techniques, tactics, and strains of malware, these are ultimately the same threats your business has always faced. That isn’t to say you shouldn’t take them seriously, of course.

Left unchecked, they still have the potential to cause serious harm to your business. In the worst-case scenario, they could even render it defunct. So with that in mind, here’s what you should do to protect yourself. 

Keep Everything Up to Date

Every time you put off installing a patch or update, you’re putting your systems at risk. Make sure you’re using the latest version of all software. Configure auto-updates where possible and track new releases of software and hardware. If that’s not possible, ensure you have a way to mitigate the risk represented by unpatched systems. 

Educate Personnel

Remember that the largest gap in any organization’s cybersecurity posture is its people. Make sure all your employees understand how to recognize and avoid common phishing and social engineering attacks. We also recommend establishing and training people on comprehensive policies around acceptable use and approved software. 

Ensure Business Continuity 

It seems likely, perhaps even inevitable, that in the coming months we may see a DDoS attack large enough to take an entire region offline. Something like that already happened in 2016, and botnets have only grown larger and more sophisticated since then. 

To prepare for this eventuality, you need to ensure you have a proper incident response plan in place, including plans for failover and system restoration. This includes retaining complete, air-gapped backups of critical systems and data. 

Revisit Access Controls

Passwords alone are not enough to protect your assets. They haven’t been for years. In addition to ensuring everyone within your organization is using strong credentials — we recommend investing in a password manager — you need to enable some form of multifactor authentication. 

One word of advice, though? Avoid SMS 2FA. It isn’t secure.  

Perform a Thorough Risk Assessment

In cyberwarfare, information and preparation are your best tools. We therefore strongly recommend carrying out a full risk assessment and business impact assessment on both your own business and your suppliers/partners. Identify and remediate any vulnerabilities or misconfigurations likely to be exploited by a bad actor.

Monitor, Mitigate, Respond

Last but certainly not least, remain vigilant. Pay careful attention to updates and recommendations provided by governments and security advisors, and ensure you have the necessary systems in place to continuously and automatically monitor your systems and endpoints. Remember that cyberattacks rarely occur during business hours — it is far likelier you’ll be struck when everyone’s out of the office. 

A Developing Situation

At present, there’s no way of predicting the long-term impact the Russia-Ukraine crisis will have on the cybersecurity space. 

The best thing any of us can do is shore up our defenses and wait. That way, if any of us do end up caught in the crossfire, we will at least be ready to respond. 

For companies looking to streamline risk management, some careful planning and the right solutions can make all the difference. Start your free Centraleyes demo today and gain instant visibility into your organization’s biggest security gaps.

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days