LONDON – March 4, 2022 – Insurers and reinsurers holding large books of East European business are being urged to stress test their portfolios against the threat of Russian and Ukrainian cyber attacks.
A new report published today by cyber risk analytics expert CyberCube identifies a series of potential cyber attack scenarios. The report “War in Ukraine creates fundamental shift in the cyber threat landscape” encourages insurers and reinsurers to urgently re-evaluate their exposures.
According to the research, the range of relevant scenarios include cyber attacks on off-shore oil rigs, utility suppliers, mobile phone network operators, hospitals, airlines, the SWIFT banking system, plus the widespread use of wiper malware.
CyberCube confirmed that it had observed cyber attacks on Ukrainian critical infrastructure, government services, banks and telecoms. Russian government institutions and enterprises are also being targeted by cyber attackers. Some of these attacks, the company said, have spilled over into neighbouring Belarus, Poland, Lithuania and Latvia.
William Altman, CyberCube’s Principal Cyber Security Consultant, said: “This conflict will undoubtedly push the boundaries of acceptable behaviour in cyberspace. What’s worrying is that the cyber elements of this conflict could escalate quickly. We have the potential for unprecedented cyber-physical impacts, including attacks on critical infrastructure. However, before a full-blown cyber disaster becomes likely, we believe there will be several levels of escalation needed to reach that stage.”
CyberCube’s report recommends that insurance brokers and risk carriers encourage their clients to focus on threat modeling Russian advanced persistent threats (APTs), known criminal gangs’ tactics, techniques and procedures (TTPs), and cyber security best practices.
Since the conflict began, both Ukraine and Russia have openly recruited a global volunteer cyber force to attack their enemies’ IT systems and networks. The infamous hacking collective Anonymous has joined the conflict alongside Ukraine, while prolific ransomware gang Conti has sided with Russia. As of 1 March, there were at least 33 different cyber threat actor groups actively assisting Ukraine (22) and Russia (9).
The report states that companies in the high-risk geographies of Ukraine, Russia and CIS countries are most at risk of experiencing losses due to cyber attacks. Business interruption claims are likely to stem from cyber attacks on critical infrastructure and key IT Single Points of Failure (SPoF).
Darren Thomson, Head of Cyber Security Strategy, said: “The risk of a cyber disaster impacting (re)insurers’ portfolios is higher as a result of Russia’s intent, opportunity, and capability to compromise SPoF targets that give them widespread and unfettered access to critical computer networks and data. Hacktivist coalitions and cyber criminals are taking sides, with prolific groups pledging services to aid the Russian government’s war machine.”
CyberCube’s Portfolio Manager is used by the global insurance industry and the Lloyd’s of London market to evaluate portfolios of cyber risk against a series of realistic cyber threat scenarios.
Here is CyberCube’s report: “War in Ukraine creates fundamental shift in the cyber threat landscape.”