Staying ahead of Russian cyberattacks

The United Kingdom, together with the United States and other NATO members, are prime targets for cyberattacks by nation-state and state-linked proxy actors.

Drivers of cyber risks

This is due to several reasons.

Widening geopolitical rifts

Cyberspace is a critical theatre for geopolitical rivalries between different countries. Adversarial governments will orchestrate, sponsor or tacitly approve cyberattacks and network breaches. The key goals of such campaigns are to steal state information and industrial intellectual property, to gain a strategic military advantage that could be leveraged in the event of a kinetic conflict, and in the case of North Korea to extort funds through ransoms.

Rising cyber vulnerability

Complex supply chains, rising technological dependence and the ease of misusing AI tools have also expanded the risk surface, creating multiple points of vulnerability for organizations. Cyber criminals extort substantial ransoms from Western organizations since they are financially better resourced than their developing-country counterparts. 

Inadequate cyber preparedness

Cyber risks are company-size and sector agnostic: every organization is vulnerable, albeit to varying degrees. While highly regulated sectors such as finance have tighter (if uneven) cybersecurity, sectors such as manufacturing, education, charities and construction still do not invest in cybersecurity sufficiently even though they deliver essential/critical services, hold sensitive personal or commercial data, and risk heavy financial losses in the event of a cyber incident.

Top threat actors

UK organizations face threats from three key types of Russian state-linked actors:

Hackers for hire

Financially motivated hacking groups such as Evil Corp or Conti that operate in a sophisticated marketplace of cybercrime and illicit cryptocurrency exchanges, and have a transactional and conditional relationship with their host government. 

These group’s advance the Kremlin’s goals of eroding public trust and disrupting Western economic activity by attacking public and private organizations. In exchange, the Kremlin offers these hackers protection. 

If the Kremlin’s policy or goals change, the Russian state will act against these hackers-for-hire. (In 2021, Moscow cracked down on the notorious Russia-based Ransomware Evil (REvil) cybergang due to a temporary shift in its approach to the US government.)

Advanced Persistent Threats

Hackers directly linked to military, intelligence or law enforcement agencies in Russia, but also in other countries such as China, North Korea and Iran attack sensitive political targets such as government agencies, political parties and prominent politicians to extract sensitive strategic information and disrupt democratic functioning.

Increasingly, these actors are penetrating the digital networks of critical infrastructure entities (eg, water, energy, communication companies) to access strategic data and IT vulnerabilities that can be exploited for more destructive purposes in a potential military conflict in the future.

Hacktivists

Since the Russian invasion of Ukraine in 2022, skilled self-described ‘hacktivist’ groups have become especially prominent on both sides of the war. Russia-aligned hacktivist groups such as Killnet have publicly proclaimed their allegiance to the state, and actively target Ukrainian installations and Western targets, and defend Russian organizations from counter cyber campaigns.

Cyber readiness must be a business priority

Faced with this complex and evolving threat landscape, organizations across sectors must invest in holistic resilience. The key aspects of such as an approach entail:

• Regularly monitoring and mitigating cyber, geopolitical, supply chain and technological risks to an organization’s operations.
• Instituting and testing a robust incident response strategy, that brings together not only digital forensics, threat actor engagement and technical remediation but also legal counsel, PR and crisis management.
• Combined legal and regulatory expertise that safeguards executives against personal liability, and protects against action by regulators.