How will the cyber threat landscape react as the Ukraine situation progresses?
Ideas...
I have a theory: the longer the war in Ukraine rages and the more sanctions Russia faces, the more likely it is that state-sponsored cyberattacks will become more common beyond the battle zone.
From the perspective of cyber threat intelligence, the amount of research required today to identify actors, TTP, and anticipate potential targets is enormous.
From the standpoint of cyber counterintelligence (CCI), the evolution of the war in Ukraine, as well as the regional and international economic ramifications that are unfolding, will increase organizational risks and accelerate the need for new mitigation strategies, which will most likely include more security controls and more surveillance.
¿How can we forecast this? Unfortunately, the increase in incidents was already noticeable prior to the start of the invasion. According to Splunk: Data breaches have affected 49 percent of firms in the United States and Canada in the last two years, up from 39 percent a year ago[1].
Let me now add this: 73 percent of those same 1200+ organizations that participated in the poll revealed that a percentage of their cyber security professionals have resigned in the last year due to 'burnout.'
We know there is a cybersecurity staffing shortage, and surveys like VMware's, which found that 'almost two-thirds of security operations center (SOC) staffers are considering leaving their jobs due to stress,' only serve to reinforce our belief of a widespread problem exacerbated by the Great Resignation[2].
So, ¿what happens next? If the frequency of cyberattacks continues to rise, corporations will need to rethink their security postures depending on available staff, strategic risk assessment, and cybersecurity funding.
This is not new, but the difference in the coming months is that Russia, which is subject to numerous economic sanctions, may begin to maximize its hacker capabilities, via APT (Advanced Persistent Threats) such as the infamous APT28 (Fancy Bear), APT29 (Cozy Bear), Actinium, and others, to obtain not so much state secrets or strategic intelligence on the west, but good old fashioned financial gains.
Obviously, this does not mean that the GRU, FSB, or SVR will stop gathering intelligence, but being exposed to numerous economic sanctions will very probably act as a motivator for repurposing the aforementioned APTs and forming new ones.
You probably want to know the rationale behind this last statement, well the answer is simple training and equipping a hacker squad is less expensive than training and equipping an Army division.
By the end of the conflict, I am convinced that Russia's military capabilities will be severely degraded, and its options for rearming, optimizing, and modernizing its military arsenal will be dependent on the assistance of other countries such as China or India.
So, in my opinion, the only option for Russia to reclaim some sort of geopolitical/military dominance in postwar Europe is to completely restructure its military organization by reassessing both internal (which I believe will arise) and external threats.
They will most likely consider dramatically improving their cyber offensive and defensive capabilities, as well as increasing espionage for industrial and commercial objectives. In short, it should shift its military doctrine to one that prioritizes nuclear – cyberwarfare capabilities over conventional ones.
Is such a thing even feasible? To accomplish this, Ukraine must first defeat Russia militarily while allowing them to save face without pushing them to believe that a nuclear option is the only choice, because if that happens, well, my friends, we're in for a whole new ballgame.
But assuming that the nuclear option is avoided, the rest of the world should brace itself, in my opinion, because a wave of new cyber security incidents against western interests in Europe and Asia is quite likely, with better organized - even collaborative multinational- cyber-attacks.
Because of the re-composition of geopolitical forces, economic depression, forced migrations, and uncertainty about the future, cyberterrorism and insider threats based on ideological issues will gradually rise.
Outside of Europe, North and South America will bear the consequences of this realignment of tensions and growing uncertainty (economic, energy, political, and military) by becoming targets for economic gains on the one hand and increased ideological and geopolitical attacks on the other, this based on the need to degrade/compromise/exhaust the cyber capabilities of the United States and Canada.
Again, Ukraine with the assistance of the rest of the Western world must defeat the Russians convincingly without driving Comrade Vladimir into an epic nuclear escape. However, as with COVID 19 and its ongoing international impact, after Ukraine is liberated, a new world order will emerge which does not necessarily signal the end of the nuclear threat, but rather the emergence of new security challenges.
[1] https://www.helpnetsecurity.com/2022/04/13/modern-enterprise-security-issues/
[2] http://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmwcb-report-global-incident-response-threat-report-manipulating-reality.pdf