LONDON – September 12, 2022 –
A sovereign Russian internet could lead to cyber criminal safe havens, greater confidence that large-scale attacks can be carried out without consequences, and intelligence blindspots, according to a new report published today by cyber risk analytics expert CyberCube.
The research “Ukraine Cyber War Update: Spotlight on activity six months later” examines the dramatic rise in the use of wiper malware by Russian threat actors. Unlike ransomware, it has no financial element but is designed to destroy data and systems. At the same time, Russia is focusing on deploying a completely independent, isolated, totalitarian internet network.
William Altman, CyberCube’s Principal Cyber Security Consultant, said: “A Russian sovereign internet has several potential implications for cyber activity. Rival nations will find it more difficult to acquire cyber threat intelligence on threat actors operating from inside Russia, and might resort to more drastic measures to achieve this goal, potentially causing collateral damage. Furthermore, there is a potential for future "collaboration" between Russian, North Korean and Chinese internets, which would increase threat actors’ ability to launch attacks.”
The report looks at how in the six months following Russia’s invasion of Ukraine on February 24, 2022, cyber warfare has been an important tool for assisting physical activity on the ground. It notes:
- Russia is using ransomware gangs to undermine the US economy while avoiding direct war with the US. European energy companies that are being targeted for strategic value.
- Russian actors are targeting governments outside of Ukraine. This is intended to gather intelligence on Western allies assisting Ukraine's war effort.
- Ransomware threat actors are today focussing their efforts more on Russia than on other parts of the world.
- Forward-looking (re)insurers are starting to adopt a threat-modeling approach to portfolio risk management. Reinsurers should look across their portfolios for indications that certain companies may be susceptible to different threat actors.
The report also looks at Lloyd’s recent requirement that all standalone cyber attack policies must exclude liability for losses arising from state-backed attacks.
Yvette Essen, CyberCube’s Head of Content, said: “CyberCube believes this mandate will help reduce uncertainty and enable more insurers to participate with confidence, based on a clearer understanding of what is covered, and what is excluded.”
Download CyberCube’s report here: “Ukraine Cyber War Update: Spotlight on activity six months later”.