What the conflict in Ukraine means for cybersecurity and global business

Tensions between Russia and Ukraine are certainly nothing new, but politicians and security leaders alike have recently started warning businesses to brace themselves for a significant uptick in state-sponsored cyberattacks. The White House has sent their top security official to help NATO brace for Russian cyberattacks, while the UK government warned big businesses to bolster their defences.

Unfortunately, the rivalry between Russia and Ukraine does not stop at localized conflict. The digital domain is now indisputably the fifth theatre of war, with rival states routinely leveraging cyberattacks to disrupt critical infrastructure and even shut down regional electrical grids. Such attacks are a rapidly growing concern in the era of cyber warfare, and critical infrastructure and its broader supply chain are the favourite targets.

Critical infrastructure encompasses assets considered vital to the functioning of a society and its economy, such as electrical grids, public health services, agriculture, and transportation. It is also the biggest target of state-sponsored cyberattacks.

Ukraine has more experience than most when it comes to attacks on critical infrastructure. In 2015 and 2016, cyberattacks were responsible for widespread electrical outages across the country. Although it has never been clear that Russian state-sponsored hackers were behind these attacks, their involvement has been alleged numerous times. Moreover, due to its Soviet past, Ukraine’s electrical grid and other critical infrastructure were still deeply interconnected with that of Russia. 

Such attacks go far beyond Ukraine, or any other nations directly involved in the conflict. For example, 43% of the natural gas consumed in the EU comes from Russian state-owned energy corporation Gazprom, thus giving the company considerable control over much of the bloc’s energy supply. As such, there is considerable interconnectivity between the EU’s critical infrastructure and that of Russia, thus making it a potential battleground for cyberattacks.

Given that most EU member states are also members of NATO, an ally of Ukraine, it stands to reason that the rising tensions between Russia and Ukraine will most likely result in attacks against critical infrastructure.

The rise of state-sponsored supply chain attacks

Unfortunately, in today’s highly interconnected and globalized environment, cyberattacks do not stop at any one country, and neither do they stop at specific industries. Most organizations are not widely considered to be part of critical infrastructure, but that does not mean they are not part of broader supply chains.

Cyberattackers, including state-sponsored threat actors, almost invariably target the weakest link, which usually exists somewhere along the supply chain. Third-party and even fourth-party risks are thus the biggest threats to most organizations. For example, a state-sponsored actor may ultimately want to target a major utilities provider. However, rather than go directly for the utility provider, they may instead try to find a way in via one of their suppliers by exploiting an otherwise unnoticed vulnerability that gives them access to the broader supply chain.

Many supply chain weaknesses lie in professional services firms and technology providers, both of which critical infrastructure enterprises rely on for a range of products and services. In other words, state-sponsored threat actors may target a much smaller business with a view to compromising an organization directly involved in critical infrastructure.

If tensions between Russia and Ukraine continue to escalate, there will inevitably be collateral damage as well – just as there is in any conflict. For example, state-sponsored attackers often target vulnerabilities in supervisory control and data acquisition (SCADA) systems, which are not only widely used in critical infrastructure, but also across the entire manufacturing sector. As such, any attacks targeting specific SCADA software applications may reach much further than a single intended target.

Why all businesses need to prepare for the worst

State-sponsored threat actors tend to be among the most skilled and best-funded of all threat actors, and that makes them the most dangerous. International tensions are increasingly likely to result in a rise in cyberattacks across the board, as was the case in the 2008 war between Georgia and Russia, and the 2014 annexation of Crimea.

Businesses of all sizes and across all industries must prepare themselves for an ever-greater risk of cyberattacks in light of the tensions between Ukraine and Russia. After all, the Petya malware attack in 2017, which was orchestrated against stated-owned Ukrainian enterprises, ended up resulting in thousands of malware infections in businesses around the EU as well.

To mitigate the risk presented by such attacks, organizations must consider not only their own vulnerabilities, but also those across their extended supply chains. After all, state-sponsored cyberattacks most often target third- or even fourth-party vulnerabilities, to gain access to far broader technology environments.