In the day-to-day operations of any business, we constantly weigh the risks associated with state actors using cyberspace to project power and the structural forces affecting our businesses, including the risks related to how we construct our IT systems and deal with quick technological advancements. We generally keep an eye on structural and geopolitical variables to position ourselves to handle the impact. As we adopt new working practices that the pandemic has expedited, we try to regulate and respond to the rapid technological changes within our organisations.
Coordinated cyberattacks have arisen as a component of the offensive since Russia’s invasion of Ukraine started in early 2022, affecting businesses in these nations and around the world. In the wake of the invasion, it has become clear that hybrid warfare is the new regular and that geopolitics and cybersecurity are intertwined.
Organisations in Ukraine have experienced threats during the past six months, including significant distributed denial-of-service (DDoS) assaults, a spike in malware activity, persistent and targeted phishing attempts, disinformation efforts, and assaults on cyber-physical systems.
All companies that rely on the Internet were unintentionally drawn into the conflict. Western businesses have entered the fray, including Microsoft and Fortinet. Microsoft to share intelligence to disrupt a large-scale malware attack targeting Ukraine. Fortinet to stop a large-scale distributed denial of service attack.
Russian State-Sponsored APT Behavior
According to CISA, Russian state-sponsored advanced persistent threat (APT) actors have traditionally gained early access to target networks through spearphishing, brute-forcing, and exploiting known vulnerabilities against accounts and networks with poor security.
Russian state-sponsored APT attackers have also displayed advanced tradecraft and cyber capabilities by compromising third-party infrastructure and software or by creating and distributing unique malware. The attackers have also demonstrated their capacity to use valid credentials to sustain long-term, persistent, undetected access in compromised networks, including cloud environments.
No Geographical Boundaries
It’s crucial to remember that, unlike physical conflict, cyber warfare has no geographical boundaries. For instance, since the invasion started, at least three German energy businesses have been the target of cyberattacks. As well as activity from non-state players, such as the Anonymous hacker organization waging war against the pro-Russian Conti ransomware gang, we’ve seen cyber actors in other regions, like China, exploit the situation to spread threats.
Cyberthreats are expected to last at least as long as the physical battle. The “fog of war may hamper situational awareness,” and panic may raise the possibility of errors, which will favor evil actors. Worldwide organizations will be affected by a heightened danger environment, even though the specific implications of personal attacks will vary.
Targeting energy infrastructure
According to the ENISA Threat Landscape report’s assessment, state-backed entities will continue to engage in disruptive or harmful operations as long as the Russia-Ukraine conflict persists. Prime targets in Ukraine include government and military networks and the energy and communications sectors (about crucial infrastructure).
The report claims that cybercriminals are still upsetting the industrial sector. It is accurate to say that cybercrime assaults on operational technology (OT) systems will become more disruptive, as predicted in last year’s research.
Ransomware was the main reason for compromises in the industrial sector between July 2021 and July 2022, with the manufacturing industry being the most attacked. Attacks that cause disruption significantly impact other industries, energy being one of them.
And the increasing digital transformation of the industrial sector and the greater interconnectedness between IT and OT networks are two critical factors for ransomware organisations targeting OT operations.
Impacts and Actors
Five categories of impact were identified by an impact evaluation of the threats: reputational, digital, economic, physical, and social harms. Due to victims’ failure to provide information or their inability to provide complete information, the impact of the majority of occurrences is still unknown.
Prime threats’ motivations were examined. The analysis showed that the only reason for ransomware is monetary gain. Geopolitics, with its threats including espionage and disruptions, can motivate state-sponsored organisations. Ideology may also be the driving force for hacktivists’ online activities.
During the reporting period, state-sponsored, cybercrime-related, hacker-for-hire actors and hacktivists remain the primary threat actors.
The number of events in the NEAR category has remained high over the reporting period, according to an examination of the closeness of cyber threats to the EU. Affected networks, systems, and controlled and ensured systems within EU borders fall under this category. The impacted population living inside EU borders is likewise included.
Emerging trends
Significant trends were found, according to the report. Among the most notable of these are:
Threat actors’ new tool for achieving their objectives is a zero-day exploit, a software flaw found by attackers before the manufacturer is aware of it. Since the Russia-Ukraine war, a new wave of hacktivism has been noticed.
As mobile networks and the Internet of Things (IoT) is already being exploited in cyberwarfare, DDoS attacks are becoming more complicated.
By saturating government agencies with phoney content and comments, the development of bots that mimic personas can easily disrupt the “notice-and-comment” regulation process and community participation.
Sophisticated Scams
Attacks using business email compromise (BEC) are rising due to increased data availability and digitisation, remote working, and increasingly sophisticated “deep fake” technology and virtual conferencing. According to the FBI, BEC fraud totalled $43 billion worldwide from 2016 to 2021, with a 65% increase in fraud between July 2019 and December 2021.
Criminals are now exploiting virtual meeting platforms to mislead employees into transferring money or sharing sensitive information, signalling increased sophistication and target redness of attacks. A bank employee from the UAE(United Arab Emirates) moved $35 million last year after being tricked by a company’s cloned voice. Artificial intelligence increasingly enables “deep fake” audio or video that impersonates senior executives, making these attacks possible.
The threat of cyber war
As the likelihood of espionage, sabotage, and harmful cyberattacks against businesses with ties to Ukraine and Russia, as well as friends and those in neighbouring nations, rises, the war in Ukraine and broader geopolitical tensions are significant factors redefining the cyber threat picture.
The supply chains, corporations, and critical infrastructure might all be the targets of state-sponsored cyberattacks. The risk of a hybrid cyber conflict has increased efforts in the insurance market to address the subject of war and state-sponsored cyber attacks in wording and give consumers clarity of coverage, even though acts of war are generally prohibited from traditional insurance policies.
Experts identify several other trends
Hackers target weak supply chains: Supply chain attacks have become a significant concern, whether they target critical infrastructures like the Colonial Pipeline or cloud services. Manufacturing industries are especially vulnerable as ransomware gangs increasingly utilise the threat of interruption to push businesses into paying the ransom.
Cloud outsourcing: Despite growing worries about security and risk aggregation, businesses keep moving their services and data storage to the cloud. Society is forming massive concentrations around a couple of single points of failure by relying on a small number of providers for cloud services or cyber security. It’s a frequent fallacy that the outsourcing or cloud vendor will take complete responsibility in the event of a disaster.
The importance of third-party liability, including fines and penalties, is increasing due to technological advancements, improved data collection by companies, and strictly enforced data privacy laws. Any cyber incident, including double-extortion ransomware, can result in legal action and requests for financial compensation from the parties harmed.
The improvement of cyber security needs to be improved by professional scarcity. Although boards are becoming more aware of the issue, estimates indicate that there are currently 3.5 million empty cyber security roles globally. This means that many businesses need help to fill positions, which hinders their capacity to strengthen their cyber security posture.
Many more stakeholder groups are scrutinising a company’s cyber security resilience today than there were in the past. Cybersecurity issues are increasingly being incorporated into data providers’ risk-analysis frameworks as they examine business processes to assess how prepared their clients are for cybercrime. It has never been more crucial to ensure that a company’s board of directors understands its cyber policies and procedures and that risk monitoring procedures are in place.
The insurance sector is more attentively evaluating organisations’ cyber risk profiles to encourage businesses to strengthen their security and risk management procedures in response to a more complicated risk environment and increased cyber claims activity.
How to overcome and handle things within these situations
The Russian invasion of Ukraine is the latest catastrophe to show that enterprise security and risk cannot be managed by the CISO and their team. Risk-based decision-making is much more important during crises, and company leadership must be involved at every stage. Executives are more likely to lead their firms with resilience from response to recovery if they make defendable, risk-informed decisions.
Cybersecurity and geopolitics are now inexorably interwoven. Consequently, as security leaders, you must view the global threat picture via a business lens. In this setting, every business action has security repercussions and vice versa.
Think about how current affairs are affecting corporate risk levels. What is the business’s willingness to take on that risk, and has it changed in light of these circumstances? Enterprise security directors today must concentrate on more than security flaws or technologies. Instead, they must guide the organisation in making decisions about its exposure to cyber-related risk. This new position is crucial to comprehending world events’ security implications.
Measures to mitigate the increased risk
Governments must stop state-sponsored cyberattacks, and they are doing so by fighting the ransomware epidemic. However, organisations need to be ready as hackers become more skilled and advancements like the Internet of Things (IoT) broaden the attack surface. Important actions include:
- making sure incident response plans are current
- making routine backups
- Developing savvy, industry-specific threat insights
- ensuring that your monitoring is scaled, ongoing, and affordable
- ensuring that systems and hardware run the most recent software and that timely patches
There are specific steps to battle ransomware, which is a significant aspect of this new reality. However, it’s equally important to consider your overall cybersecurity posture. Your board may need the impetus of global news to review
Continuing the research journey
Boards and their risk managers should continue to monitor their risk profiles and appetites and identify the pertinent tipping points as firms continue to embrace digital capabilities. Successful businesses will be those that can identify, evaluate, and quantify the risks that come with opportunities while also mitigating or managing the risks related to geopolitical developments.
Businesses should continue to challenge themselves intellectually and, when practical, adopt intelligence-led capabilities that lessen the surprise and shock of local, national, and international events. Organisations can improve the clarity of complex risk landscapes and gain a competitive edge by using various tools and scenario planning to understand their risks and drivers comprehensively.
