A Year In, Russia-Ukraine War Prompts New Battlefield for Cybersecurity

Friday marks one year since the start of the Russia-Ukraine war, a conflict fought on numerous fronts, including cybersecurity. The experts who spoke to Channel Futures said the war has moved decision makers to take cybersecurity even more seriously, as cyberattacks have increased tenfold since the conflict began.

Cybersixgill, a dark web threat intelligence company based in Israel, has published several reports on cybersecurity activity on the dark web and with heavy emphasis on Russian threat actors. The organization studied these actors right before the start of the war.

Cybersixgill’s Christopher Strand

Christopher Strand is Cybersixgill’s chief risk and compliance officer.

“A number of subsequent reports that we’ve put out since the beginning of the conflict have enabled us to study and understand the changing tactics of those threat groups and cybercrime in general,” Strand said. “The effect on us has been positive for helping the rest of the cybersecurity community understand the changing tactics and the changing of that threat state since the conflict began.”

Threat actors are now trying to acquire graphics cards or processors, phones, drones and other tools not only for cybercrime but for cyber espionage and war tactics. Cybercrime activities are now mirroring what’s happening on the physical battleground, Strand said. Cybercrime groups can shift gears from targeting financial institutions, for example, partly because the Russian cybercrime network is so well established.

New Mandates

When it comes to large companies that operate in the channel, Strand said they should have a strong cybersecurity posture.

“Companies like Microsoft have written the book on what cybersecurity is,” he said. “However, many large organizations responded in a frenzied way to the amount of [U.S.] cybersecurity mandates that were coincidently announced in the first year of the conflict.”

One such mandate was from the FDIC and other federal agencies. In 2022, they changed when a banking organization could report a cybersecurity attack to them, from 72 hours down to 36 hours. And for good reason, experts say.

The global banking industry has been under assault since the start of the war. For instance, distributed-denial-of-service (DDoS) attacks on European banks by Russian hacktivists have significantly increased. DDoS attacks are often the main method cybercriminals use for cyberwarfare.

Funding Cybercrime for War Efforts

Cybercriminals finance their operations in multiple ways, including through ransomware or through the sale of stolen information. However, the ways in which Russia-backed threat actors get money to support their cybercriminal activities have changed during the war.

“Rather than going just to cryptocurrency markets, they’re coordinating with money laundering organizations,” Strand said.

This is to basically get real funds, he added. There’s also a transition toward the trade of certain assets or even commodities in some situations.

See the slideshow above to learn more from experts about the role cybersecurity is playing in the Russia-Ukraine war.