3 biggest cyber risks from the Ukraine-Russia conflict

The invasion of Ukraine by Russia is reason enough for all CISOs to place their teams at a heightened state of alert and readiness in the event of deleterious cyber actions by nation-state actors or the cybercriminal groups. Three areas that should be reviewed immediately are preparation for cyberattacks, supply chain disruption, and business continuity concerns.

U.S. preparing offensive cyber measures?

NBC News reported on February 24, that the White House had been provided a plethora of cyber options which could be used against Russia, which included disrupting the internet, attacking infrastructure and transportation networks, which was sourced to “two U.S. intelligence officials, one Western intelligence official, and another person briefed on the matter.”

If accurate, it should not be a surprise to many, given the comments of General Paul Nakasone, who is both the head of U.S. Cyber Command and director of the NSA, made to the New York Times in early December 2021. His comments, made in the context of cybercriminals, were clear, “… government is taking a more aggressive, better-coordinated approach against this threat, abandoning its previous hands-off stance.”

That said, within hours of the NBC News report, the White House National Security Council spokesperson Emily Home said via a statement, “This report is wildly off base and does not reflect what is actually being discussed in any shape or form.”

Cyberattacks against both Russia and Ukraine spilling over the borders

On 23 February, ESET Research published a report on destructive malware which has been detected circulating within Ukraine. ESET published its findings in a blog post, which highlighted how the “data wiper malware” had been installed on hundreds of machines. ESET gave the malware the name ”HermeticWiper.” Particularly noteworthy is how this malware came just hours behind a series of distributed denial-of-service (DDOS) attacks that took offline many entities within the government and financial sectors, the same sectors that HermeticWiper targeted. 

A month prior, a warning to CISOs was provided. Within this piece, Microsoft’s Threat Intelligence Center had shared how destructive malware had been targeting Ukrainian organizations.

The above and prior hacking and attempts to destroy data within the Ukraine infrastructure may have been the impetus behind Ukraine’s request for the global cyber community to come to the aid of Ukraine’s cyber defense. Yegor Aushev, a co-founder of a Ukrainian cybersecurity company, Cyber Unit Technologies, says he is making the request at the behest of the Ukrainian defense ministry. Aushev told Reuters that volunteers would be divided into offensive and defensive units, with the offensive unit being used to conduct digital espionage against the Russian forces.

The United States has been providing a steady stream cybersecurity expertise and aid to Ukraine as detailed by the White House in early February prior to the Russian invasion. At that time U.S. entities, especially within the national infrastructure domain, were asked to double down and ensure they are prepared in the event of a cyberattack by an adversary.

Additionally, the government of Ukraine, via its ambassador-designate Dmytro Ponomarenko, has asked the Republic of Korea to provide cybersecurity aid, “We would also be grateful if the Republic of Korea, being a highly developed hi-tech country, gave us a hand in strengthening our cybersecurity capabilities.”

It is important to remember that nation-state activities targeting the United States or entities within the U.S. are not limited to the combatants. Indeed, on the morning of February 24, CISA/FBI/NSA/NCSC issued a joint alert highlighting the cyber operations of APT actor MuddyWater whose actions are in direct support of Iran’s Ministry of Intelligence and Security (MOIS) targeting global government and commercial networks. 

Global supply chain disruption

Global sanctions against Russia include prohibition on the shipment of certain technologies to Russia. That is the most obvious form of interruption, the customer is prohibited from receiving your company’s goods. Other forms of supply chain disruption will take place as oil and gas availability is squeezed, causing both an increase in cost to deliver.

Furthermore, transportation lanes, air, land, and sea are disrupted by the conflict. Insurance costs for those required to transit areas in proximity will increase as well, highlighting the risk of being in the wrong place at the wrong time – as evidenced by the multiple freighters which have been attacked in the Black Sea.

Any supply chain disruptions caused by the physical conflict will be exacerbated by cyberattacks aimed at businesses and critical infrastructure that cross borders, as numerous governments have been warning about.

Business continuity disruption

The imposition of sanctions will have an immediate effect on multinational companies who have offices and clients in the Russian Federation, requiring an adjustment in their presence and ability to conduct business. In addition, legal teams should review carefully how payments to employees and contractors are routed to avoid having their staff looking at frozen funds. Similarly, startups and their financiers will need to carefully review the terms and restrictions placed on doing business with sanctioned banks and financial entities whose monies were viewed as available may no longer be available.

While force majeure may apply to any contractual obligations with Russian customers purchasing goods and services from abroad and allowing a legal exit, it is prudent to have contracts reviewed. Suppliers of now prohibited technology to Russia may find their customers are eager to find a way around the sanctions. This may take the form of manipulation or flat-out bribes within a vendor’s fulfillment mechanism, to engaging in gray market purchases. Suppliers will be expected to redouble their efforts to ensure end-users are who they say they are and not a part of a daisy chain to circumvent the sanctions.