There are conflicting reports about the extent and success or otherwise of offensive Russian activity in cyber space as part of its campaign against Ukraine. Some are suggesting that Russian efforts have been blunted by hackers actively defending Ukraine; others that Russia is holding back because it needs the infrastructure for its own reasons. Either way, some nasty stuff is being deployed, and we ignore the spill-over risk at our peril.
Cyber risk management experts are warning that the absence of a full scale ‘cyber assault’ by Russia on Ukraine should not be taken as an excuse for companies and organisations to lower their guard.
Astaara, a global cyber risk management and insurance company for the maritime industry based in Guernsey, is continuing to urge companies worldwide to reduce their vulnerability to attack and enhance their cyber risk management posture. Companies are strongly encouraged to make sure that their systems are up-to-date, patched and protected; their people trained and aware; their back-ups refreshed, tested, secured and kept safely off-line; their leaders and teams trained and ready to respond quickly to an incident to reduce recovery time.
‘We have seen conflicting media reports about cyber events underway in Ukraine. Although they appear to low profile, there is some toxic activity out there at the current time,’ said CEO Robert Dorey.
‘In 2017 the Russian government secreted malware into a commonly-used accounting platform – the result was what is known as the NotPetya destruction ware event, causing up to $10bn worth of economic damage globally. It hit firms across the world, because people were downloading compromised updates and global firms who had business with Ukraine had not segregated their networks against this kind of rapidly spreading attack.
‘This time we have seen HermeticWiper (another piece of destructionware) deployed in apparently genuine updates of the EaseUS Partition Management Software. We have seen attacks on KA-Band terminals from Satcom provider VIASAT, and we have seen attacks on websites of Ukrainian Government institutions.
‘Prior attacks including NotPetya [and the Solar Winds and the Colonial Pipeline events] were successful attacks and could have been ‘proofs of concept’ for methods and tools now being deployed in the Ukrainian theatre. For example, with HermeticWiper, we have seen the evolution of the supply chain compromise delivery method, using a trusted channel to deliver compromised content. We have also seen the attacks on SatCom terminals as part of Russia’s attempt to degrade Ukraine’s ability to communicate independently to the outside world.
Bill Egerton, Astaara’s chief cyber officer, said cyber was an important tool for offensive and defensive purposes. As an offensive measure, cyber tools and techniques are used to get intelligence and information, and to degrade infrastructure in a warfare context, to support ground operations.
‘We are seeing cyber war events aimed at infrastructure – which has already started. While some potent malware has already been released, it is worth also saying that we do not believe Russia has yet unleashed its full suite of offensive cyber tools in the Ukrainian war. The real issue for us all is more importantly that we reduce our vulnerability to malware and increase our resilience – if bad things happen, we have to have a plan,’ he said.
‘And let’s not forget that the Ukraine conflict has provided perfect cover for other cyber criminals to get busy. Some companies have reported a 25% increase in cyber attacks since the Russian invasion began. So if something does attack you, it might not be a direct result of the conflict, but could be equally damaging.’
Speaking recently to WeAreGuernsey – a joint industry and government initiative established to promote Guernsey’s financial services sector internationally – Mr Dorey explained that there three key drivers affecting the cyber world.
Astaara strongly believes that it is possible to mitigate most cyber risks.
‘In our experience more than 90% of cyber incidents arise from human error. This could be not patching when procedures mandated it, or clicking on a suspicious link. In the end you can spend a lot of money on tech, but training, leadership and implementing good cyber culture are key to meaningfully improving outcomes to your business. It is not only about tech,’ said Mr Dorey.