How Russia’s Ukraine Offensive Affects Your Cybersecurity

Earlier this week, U.S. President Joe Biden and his staff in the Departments of State and Defense announced the U.S. is considering deploying several thousand U.S. troops, as well as warships and aircraft, to NATO allies in the Baltics and Eastern Europe (but not Ukraine), had placed 8,500 U.S. personnel on high alert for deployment, had placed the USS Harry S. Truman under NATO command, and ordered all non-essential staff and families at its embassy in Kyiv to evacuate.

The story has been ongoing for several years, beginning in 2014, but started its newest chapter in early December, when Russian oligarchs intensified their soft warfare shaping operations as hostile narratives intensified, peace talks began to stall, and accusations of U.S.-led chemical attacks and genocide began to emerge. As cyber activity against Ukraine surged, and Russian allegations of a “high threat of an offensive by Ukraine” increased, Russian troops began brazenly documenting their movements in social media over Martin Luther King weekend, while NATO allies began supplying lethal aide to Ukraine and calling on the U.S. to deploy additional troops to NATO countries (n.b. Ukraine is not part of NATO, but seeks to join).

The Czech Republic Ministry of Defense was quoted as saying, “Let me be clear, Ukraine is our ally. If there is war, we are ready to offer a refuge to their women and children. No Ukrainian request for sending military yet, but if they do so, we will discuss it.” This statement of solidarity by a smaller neighbor comes along side over 80-tons of weapons arriving from the U.S., Dutch promises of F-35 support in spring, a €1.2 billion aid package from the European Union, as well as other aid. These rallies behind Ukraine have begun to intensify as UK Prime Minister Boris Johnson warns Russia intends to seize Kyiv in a “lightning war.”

Russia has repeatedly denied having plans to invade. But Moscow has massed 100,000 troops near the Ukrainian border and has been moving tanks, infantry fighting vehicles, rocket launchers and other military equipment westward from bases in Russia’s far east. In addition, Russia is moving troops and S-400 surface-to-air missile systems into Belarus, which borders Ukraine and NATO members Poland, Latvia and Lithuania. Russia also has moved several ships near Ukraine’s shores in the Black Sea and the Sea of Azov, and as recently as yesterday, prepositioned refrigerated blood to nearby staging areas (n.b. blood stored in this manner has a shelf life of 42 days). However, Putin remains adamant that he is open to negotiation and does not seek to start a war.

The Russian economy has dropped 27% and the ruble plunged to a 14-month low, forcing Moscow’s central banks to step in to prevent economic free fall. As domestic pressure from economic sanctions (or fear of them) wreak havoc on the Russian economy, oligarchs are likely to demand retribution against the U.S. and NATO for their perceived role in creating those hardships, likely through the only thing Russia has that can affect the U.S. without risking widespread war: Cyber attacks through one of it’s advanced persistent threats (APTs): Fancy Bear, or Cozy Bear. While these APTs are probably after larger organizations in the U.S. Government, some software developers may find themselves in the crosshairs as well (n.b. Cozy Bear was attributed to the prolific SolarWinds hack of 2021). Similarly, Russian cyber criminals, like the REvil Ransomware-as-a-Service (RaaS) Gang may be given freer reign to conduct their operations without interference from the Russian Government, which will affect smaller organizations and individuals more frequently.

The Russian economy is already feeling the effects of its Ukrainian gamble, but Western markets haven’t yet (though, the risk of the U.S. Fed raising interest rates to combat inflation has caused quite the stir in the U.S. Stock market in the last week). Unfortunately, a war in Ukraine will have massively global implications, even if the U.S. and NATO abide by their current assertions that they will not directly intervene. With some of the most fertile land on Earth, Ukraine has been known as Europe’s breadbasket for centuries and is critical to the global food supply chain, particularly for developing nations.

A short offensive (e.g., where Russia is quickly successful) will likely impact global food security for these developing nations, and a protracted offensive (e.g., where Ukrainian resistance is heavily armed by NATO allies) will probably impact food security for price-sensitive Americans in very rural areas or urban “food deserts.” Given current pandemic-induced stressors, the U.S. supply chain is already at risk of introducing hardships to these “food deserts” — fighting in the Ukraine will exacerbate these stressors. Many individuals may turn to financially-motivated cyber crimes, using commoditized tools from Malware/Ransomware/Initial Access-as-a-Service vendors on the dark web; we’ve already seen this sort of trend during the SARS-CoV-2 pandemic, as RaaS exploits surged during 2019–2021 with exploits costing as low as a $50 for smaller organizations. While these types of attacks are not likely to rapidly evolve, the techniques used by financially-motivated APTs (the “FIN” series, like FIN7 who is targeting U.S. businesses with COVID-19 themed USB drives) do evolve somewhat rapidly and may evade network defenses. Indications of Compromise from these APTs are listed at MITRE ATT&CK: FIN 4, FIN 5, FIN 6, FIN 7, FIN 8, FIN 10.

Cybersecurity professionals have had a hell of a year. Teleworking brings with it its own set of unique challenges to overcome, and the surging rate of global unemployment and lackluster government responses left a lot of bad actors plenty of time to probe network defenses. Global conflict usually brings with it plenty of ambiguity and “fog” for bad actors to hide in — many seeking some way to keep themselves afloat (and many more seeking to take advantage of distracted victims), and a renewed offensive into Ukraine is a perfect example of such a conflict. Domestic businesses may not think they’ll be caught in the crossfire, but they’d be foolish not to make sure they’re prepared for that possibility.