Will conflict in the Ukraine raise the risk of cyber attacks

Will conflict in Ukraine raise the risk of cyber attacks in other countries?

In a nutshell, the general consensus is, yes. Conflict in Ukraine will raise the risk of cyber attacks in other countries. If as is expected, the situation in Ukraine escalates to all out conflict, we can expect significant offensive cyber operations against Ukrainian government, utility and industrial targets and targets beyond Ukraine as well.

Not NotPetya again?

As we saw in 2017 with the NotPetya Ransomware campaign, which was aimed at Ukrainian companies via a popular local accounting software platform, that was widely attributed to Russian threat actors in the wake of the Crimean peninsula annexation, cyber attacks can spread in an uncontrolled manner, even when the threat actor is not specifically targeting a wider audience. NotPetya ended up seriously affecting the business operations of hundreds of companies around the world, including A.P. Møller-Mærsk (who reported $300m losses as a direct result of the attack), Mondalez, Saint Gobain (who reported losses of $250m) and Merck & Co.

Within the last month, crippling offensive cyber attacks on Ukrainian government and industrial targets have been attributed to Russia; but thankfully for the wider community, do not seem to have had more wide-ranging affects – yet.

We have our fingers crossed that we will not see the re-emergence of malware variants, like NotPetya, but it would be prudent to assume that the risk of these kind of attacks will rise if conflict in Ukraine becomes reality. Strengthening and validating your security controls and detection capabilities should therefore be a high tactical priority for companies.

UK Banking regulator warns banks over threat of cyber attacks

There are however, ominous signs that attacks could be around the corner. Just this week, the UK’s Financial Conduct Authority (FCA) issued a formal warning to banks to expect the threat level of Russian State-sponsored cyber attacks to rise. In a letter to financial services CEOs, the FCA warns that if Russian oligarch’s and Russian assets are affected as a result of sanctions arising from conflict in Ukraine, Banks and other financial services organisations can expect to be punished with retaliatory attacks.

The European Central Bank has also requested clarifications on contingency plans from European banks with particularly strong exposure to Russian markets, like Société Générale, Raiffeisen Bank International and Unicredit.

Will the United States force Russia to be excluded from the SWIFT banking network?

The United States has threatened punishing sanctions on Russia and its ability to move assets and money should the situation in Ukraine escalate to all out conflict. This includes lobbying the Belgian-administered global SWIFT payments facilitator to prevent Russian banks from being able to use the SWIFT network. If this were to happen, Russia would effectively be cut off from the rest of the world from a financial perspective. According to the Carnegie Institute, this could cause Russian GDP to fall by around 5%.

If this were to happen, the threat of retaliatory cyber attacks would be significantly raised. This would also clearly impact European businesses who trade with Russian companies as well.

What is the threat of cyber attacks to banks and other companies outside NATO aligned countries?

It would have to be assumed that the main focus of any direct retaliatory offensive cyber attacks by Russia would be aimed at NATO-aligned countries. However, as we witnessed with NotPetya and other attacks, these can often spread wide and far and therefore everyone should expect the cyber threat level to rise. It would be Elasticito’s advice to step up efforts to reduce the cyber attack surface by hardening network and security controls and testing of security control effectiveness should be hastened.

Understand your company’s cyber risk posture and inherent risk from third parties

Understanding what your company looks like from an external attacker perspective is critical to understanding your company’s cyber risk posture. This goes for key vendors and third parties that you work with as well. Those companies with the worst cyber risk posture stand to become easier targets for direct or indirect offensive attacks.

The Elasticito team are subject matter experts in helping companies to reduce their cyber risk exposure. Get in touch with us today if you would like to learn more.