The Russian invasion of the Ukraine raises a few cybersecurity questions

Cybersecurity Impacts of the Recent Invasion

Primarily the story about the Russian invasion of the Ukraine is one of great human tragedy. Nothing I write here is supposed to take away from the fact that the main story is about the suffering of the Ukrainian people.

Even at the other end of the world here in Aotearoa New Zealand, however, there will be impacts. Though they may just be echoes of the fury in Europe. It’s no secret that cyber attacks are part of Russian military strategy, nor that New Zealand organisations have been the victims of Russian cybercriminals. So what effects – if any – will the war in the Ukraine have on cyber security here?

More Questions than Answers

I don’t have any special access – so I have more questions than answers. But I think IT and cyber professionals everywhere should be thinking about these questions and assessing their plans based on their answers.

Here are the questions that I’m asking.

Will we see the end of Russian cooperation in battling cybercrime?

Recently we have seen several occasions where Russian authorities have cooperated with Western law enforcement in arresting Russian members of cybercriminal gangs. This appears to be making a difference, but will this cooperation now stop?

Will the restraints be less on Russian cybercriminals? Or could they actively participate in the conflict?

With authorities attention elsewhere could Russian cybercriminals lose their restraints? Or would Russian cybercriminals join in the conflict (as they probably did in the case of the 2007 cyber attacks on Estonia).

Will Russian state-directed cyber attacks cause collateral damage? Or will they reveal techniques that can be taken up by criminals?

The 2017 NotPetya attack directed against the Ukraine caused significant damage in other countries – apparently as an unintended side-effect. With the Russian state actor Sandworm already releasing destructive wiper attacks in the Ukraine will we see history repeat? Another possibility is that vulnerabilities or techniques used by state actors get taken up by criminal gangs – leading to widespread exploitation. 

 

What, if any impact here in NZ?

Will a directed attack against our neighbours or allies impact us?

It seems likely that Russian state actors will attack the EU, the UK and the USA because of their response to the invasion. But could these attacks affect us here? A possible scenario is that Australia could be targeted (due to its more aggressive approach to Russia), and NZ organisations with links to Australia (for example Australian companies with branches here or New Zealand companies with a presence in Australia) could be caught up in this.

 

Will we see criminal gangs or other countries use Russian action as a cover or a distraction?

We’ve seen criminal gangs masquerading as the GRU or FSB before. So, with increased cyber activity centered on the Ukraine other organisations (criminal or other state actors) may use the confusion to their advantage. 

I’m not sure what the answers are to these questions. I’m not even sure what my answers to these questions are. There may be other, good questions I’ve overlooked. But I’m going to go away, have a think about them, and then make a considered decision as to what I’ll do differently. This will be one of the most significant events of my lifetime, and there may even be some small effects even this far away.

If you have any questions regarding this article or would just like to have a chat with the Axenic team about cyber security, feel free to drop us a line here

Cybersecurity questions with Russian invasion of Ukraine