As widely reported over the last few weeks, following Russia’s invasion of Ukraine, European leaders are applying a number of sanctions, including the disruption of Russia’s economic capabilities through the removal of some of the nation’s largest lenders from the SWIFT payment infrastructure.
There is little doubt that work is already under way to mitigate the impact of this particular sanction, which forms part of a package of other restrictions placed upon Russian financial institutions and high-profile individuals. However, the move has an extremely high risk of inciting cyber retaliation from Russia, and the Western world should be on high alert in expectation of an escalation of cyber attacks.
In attempts to inflict far-reaching reciprocal disruption, the targeting of large Western companies, and specific retaliation against financial systems, should be expected. Media and technology companies may also be susceptible to Russian propagation of fake news by troll farms, seeking to instigate doubt, division and anti-Western, anti-NATO sentiment across news and social media platforms.
Malware attacks in recent years, such as the WannaCry and NotPetya attacks in 2017, have demonstrated the indiscriminate way in which these technologies are often deployed, by targeting any computer running common applications and operating systems. Any attacks aimed directly at government organisations, or other strategically targeted commercial entities (such as payment networks or custody banks) can still spread further in this way, meaning that the collateral damage from a targeted attack can grow exponentially.
The 2020 attack on US software company SolarWinds’ Orion network monitoring platform, which could have potentially impacted more than 18,000 customers, including government agencies and Fortune 500 companies, has further demonstrated the potential pervasive impact of such attacks, regardless of their intended targets.
How can companies protect themselves in response to the escalating situation?
As political tensions have increased in recent weeks, organisations may have already been anticipating the greater likelihood of cyber attacks. Regardless, measures should be taken immediately to sharpen the focus on certain types of threat from known hacking organisations and other entities that support Russia.
The current environment is incredibly fluid, and scenarios can and will change quickly, so it is vital that cybersecurity “hygiene” is of the highest level. Workstation and server operating systems and application packages should be patched and kept up to date and endpoint protection technologies should also be updated, with local scanning for threats run frequently. Ensuring that multi-factor authentication and identity management tools and approaches are up to date and fully rolled out will be a critical line of defence, while elevated log analysis and monitoring activities should be fully effective and complete too.
This is also a critical time to ensure incident management playbooks are up-to-date and rehearsed. Vulnerability scanning/testing existing digital infrastructure for “dormant” or hidden threats should also be a priority – the SolarWinds case showed that threat actors had gained unauthorised access to the SolarWinds network several months before malicious code was eventually “injected”.
Communicating the need for cybersecurity to be seen as an organisation-wide responsibility is also crucial. Rapidly intensifying phishing awareness and wider cyber awareness training will act as another front-line defence for companies now in a post-pandemic “new normal” of hybrid working and decentralised employee bases.
This ramping up of protective measures in cyber security will bring the trade-off of potentially slowing down some elements of day-to-day business operations. This, unfortunately, is part and parcel of the intended consequences of any threat of attack. However, the benefits of being on the front foot in rebuffing malicious activity will outweigh the considerable downsides of any serious breach.
Russia undoubtedly has the cyber capabilities to disrupt government, financial, fintech systems – seen only last week as several Ukrainian banks’ and government websites became inaccessible in a wave of Distributed Denial of Service (DDoS) attacks. Preparedness is therefore imperative, as well as rapidly adding organisational capacity to mitigate and respond, supporting rolling execution of enhanced security measures.