A Year In, Russia-Ukraine War Prompts New Battlefield for Cybersecurity

Cybercrime activities are now mirroring what's happening on the physical battleground.

6 Slides
Europol said the ransomware attack was ldquocriminally mindedrdquo others have suggested that it may have originated in

Already have an account?

Europol said the ransomware attack was “criminally minded”; others have suggested that it may have originated in Russia. The largest number of attacks occurred in Russia and the Ukraine. As security expert Ian Trump told Penton Technology's T.C. Doyle: “Let’s be clear, the Russians have an absolute history of using their own people with a cavalier consideration to their own health and welfare,” he says. “So testing your own national infrastructure in this kind of heinous attack, to me, totally goes to the Russian mentality. They want to be ready for when the NSA launches something on them.”

Friday marks one year since the start of the Russia-Ukraine war, a conflict fought on numerous fronts, including cybersecurity. The experts who spoke to Channel Futures said the war has moved decision makers to take cybersecurity even more seriously, as cyberattacks have increased tenfold since the conflict began.

Cybersixgill, a dark web threat intelligence company based in Israel, has published several reports on cybersecurity activity on the dark web and with heavy emphasis on Russian threat actors. The organization studied these actors right before the start of the war.

Chris-Strand-135x150.jpg

Cybersixgill’s Christopher Strand

Christopher Strand is Cybersixgill’s chief risk and compliance officer.

“A number of subsequent reports that we’ve put out since the beginning of the conflict have enabled us to study and understand the changing tactics of those threat groups and cybercrime in general,” Strand said. “The effect on us has been positive for helping the rest of the cybersecurity community understand the changing tactics and the changing of that threat state since the conflict began.”

Threat actors are now trying to acquire graphics cards or processors, phones, drones and other tools not only for cybercrime but for cyber espionage and war tactics. Cybercrime activities are now mirroring what’s happening on the physical battleground, Strand said. Cybercrime groups can shift gears from targeting financial institutions, for example, partly because the Russian cybercrime network is so well established.

New Mandates

When it comes to large companies that operate in the channel, Strand said they should have a strong cybersecurity posture.

“Companies like Microsoft have written the book on what cybersecurity is,” he said. “However, many large organizations responded in a frenzied way to the amount of [U.S.] cybersecurity mandates that were coincidently announced in the first year of the conflict.”

One such mandate was from the FDIC and other federal agencies. In 2022, they changed when a banking organization could report a cybersecurity attack to them, from 72 hours down to 36 hours. And for good reason, experts say.

The global banking industry has been under assault since the start of the war. For instance, distributed-denial-of-service (DDoS) attacks on European banks by Russian hacktivists have significantly increased. DDoS attacks are often the main method cybercriminals use for cyberwarfare.

Funding Cybercrime for War Efforts

Cybercriminals finance their operations in multiple ways, including through ransomware or through the sale of stolen information. However, the ways in which Russia-backed threat actors get money to support their cybercriminal activities have changed during the war.

“Rather than going just to cryptocurrency markets, they’re coordinating with money laundering organizations,” Strand said.

This is to basically get real funds, he added. There’s also a transition toward the trade of certain assets or even commodities in some situations.

See the slideshow above to learn more from experts about the role cybersecurity is playing in the Russia-Ukraine war.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Claudia Adrien or connect with her on LinkedIn.

Read more about:

MSPsVARs/SIs

About the Authors

Claudia Adrien

Claudia Adrien is a reporter for Channel Futures where she covers breaking news. Prior to Informa, she wrote about biosecurity and infectious disease for a national publication. She holds a degree in journalism from the University of Florida and resides in Tampa.

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like