News + Resources

Industry news, Astaara press releases & maritime cyber risk resources

Wednesday, March 23, 2022
Russia/ Ukraine: Russia’s offensive cyber capabilities on hold or held back?

There are conflicting reports about the extent and success or otherwise of offensive Russian activity in cyber space as part of its campaign against Ukraine. Some are suggesting that Russian efforts have been blunted by hackers actively defending Ukraine; others that Russia is holding back because it needs the infrastructure for its own reasons. Either way, some nasty stuff is being deployed, and we ignore the spill-over risk at our peril.

Cyber risk management experts are warning that the absence of a full scale ‘cyber assault’ by Russia on Ukraine should not be taken as an excuse for companies and organisations to lower their guard.

Astaara, a global cyber risk management and insurance company for the maritime industry based in Guernsey, is continuing to urge companies worldwide to reduce their vulnerability to attack and enhance their cyber risk management posture. Companies are strongly encouraged to make sure that their systems are up-to-date, patched and protected; their people trained and aware; their back-ups refreshed, tested, secured and kept safely off-line; their leaders and teams trained and ready to respond quickly to an incident to reduce recovery time.

‘We have seen conflicting media reports about cyber events underway in Ukraine. Although they appear to low profile, there is some toxic activity out there at the current time,’ said CEO Robert Dorey.

‘In 2017 the Russian government secreted malware into a commonly-used accounting platform – the result was what is known as the NotPetya destruction ware event, causing up to $10bn worth of economic damage globally. It hit firms across the world, because people were downloading compromised updates and global firms who had business with Ukraine had not segregated their networks against this kind of rapidly spreading attack.

‘This time we have seen HermeticWiper (another piece of destructionware) deployed in apparently genuine updates of the EaseUS Partition Management Software.  We have seen attacks on KA-Band terminals from Satcom provider VIASAT, and we have seen attacks on websites of Ukrainian Government institutions.

‘Prior attacks including NotPetya [and the Solar Winds and the Colonial Pipeline events] were successful attacks and could have been ‘proofs of concept’ for methods and tools now being deployed in the Ukrainian theatre.  For example, with HermeticWiper, we have seen the evolution of the supply chain compromise delivery method, using a trusted channel to deliver compromised content.  We have also seen the attacks on SatCom terminals as part of Russia’s attempt to degrade Ukraine’s ability to communicate independently to the outside world.

Bill Egerton, Astaara’s chief cyber officer, said cyber was an important tool for offensive and defensive purposes. As an offensive measure, cyber tools and techniques are used to get intelligence and information, and to degrade infrastructure in a warfare context, to support ground operations.

‘We are seeing cyber war events aimed at infrastructure – which has already started.  While some potent malware has already been released, it is worth also saying that we do not believe Russia has yet unleashed its full suite of offensive cyber tools in the Ukrainian war.  The real issue for us all is more importantly that we reduce our vulnerability to malware and increase our resilience – if bad things happen, we have to have a plan,’ he said.

‘And let’s not forget that the Ukraine conflict has provided perfect cover for other cyber criminals to get busy. Some companies have reported a 25% increase in cyber attacks since the Russian invasion began.  So if something does attack you, it might not be a direct result of the conflict, but could be equally damaging.’

Speaking recently to WeAreGuernsey – a joint industry and government initiative established to promote Guernsey’s financial services sector internationally – Mr Dorey explained that there three key drivers affecting the cyber world.

  • Increased digitisation – the more connected we are, the higher the risks
    • COVID – the pandemic fast-tracked remote working and place a greater reliance on digital platforms with a larger (and less protected) footprint; ie home and work domains
    • Interface between operational technology and information technology
  • Significant cyber incidents over a period of 10 years which have caused billions of economic losses to the global economy
    • These cyber-attacks range from script-kiddies using a laptop, to organised crime groups stealing huge amounts of users’ cash, whether for drugs, money-laundering or -worse – the funding of terrorism; to state-sponsored attacks on infrastructure, supply chains or focused on the acquisition of intelligence or theft of Intellectual Property
  • Regulations – the key that the marine world and the financial services sector have in common is that cyber is woven into a ticket to trade. For ships cyber is one element of seaworthiness. This is the same in the financial world – if you fail to demonstrate adherence to the spirit and letter of the regulations you could lose your financial licence.

Astaara strongly believes that it is possible to mitigate most cyber risks.

‘In our experience more than 90% of cyber incidents arise from human error. This could be not patching when procedures mandated it, or clicking on a suspicious link.  In the end you can spend a lot of money on tech, but training, leadership and implementing good cyber culture are key to meaningfully improving outcomes to your business. It is not only about tech,’ said Mr Dorey.

  • Robert Dorey