As Russia’s invasion of Ukraine moves into its second week, the cyber threat to Western countries supporting Ukraine grows as Russian forces get bogged down. I have had several friends ask, “How did we get here?’ or “Why is the Russian affiliated cyber threat so big?” The answer begins with a story (like many conversations).
A History Lesson in Cyber-Security
Fifteen to eighteen years ago when the FBI formally established Cyber squads to counter aggressive nation-states, Russia and China were at the top of that list. The activities were somewhat confined to the defense sector or critical infrastructure and we in the FBI were not even allowed to say that we were engaged in cyber investigations against those countries. “We cannot confirm or deny” being a common catchphrase. Iranian cyberthreats began to grow approximately 10 years ago, and it remained a relatively high-level engagement between these cyber “Super-powers”.
Then it changed. I use the Target attack of 2013 as the beginning of this change. Criminals started realizing that they could use the Internet to connect to and exploit businesses all over the world. They started spending money, building data centers, and developing code. The bigger change came when three distinct forces emerged in 2014 and 2015 and began to dominate cyber-crime. One was the dark marketplaces which allowed software and personal information to be sold. These sorts of places had already existed, but they became even more prolific with the rise of the second force: cryptocurrency allowed for these dark marketplaces to grow. Lastly, we say the creation of what we today call ransomware gangs. These groups are highly organized, well-funded, and often work in countries where they are protected or at a minimum can operate with relative impunity. This is where the story of the suspected Russian cyber-threats comes in.
Russian Based Cyber-Threats Up 800%
Suspected Russian affiliated cyber threats have always been advanced, and their suspected state-sponsored hackers are some of the best in the world. But where does a suspected former state sponsored hacker go after they are done serving their country? To make money of course. But what if the best way to make money in a country like Russia was to work with cyber-crime organizations? This is what appears to have happened to many of these individuals because cyber-crime pays very well indeed. Many of these criminal organizations have long been suspected of having ties to Russian intelligence and, recently, these ties appear to be confirmed with the leakage of hundreds of pages of internal communications inside the Conti ransomware gang. Conti has made more than $30 million in ransomware payments in the last couple of years, and they are just one of the groups suspected to have these ties to miscellaneous Russian intelligence agencies. With the start of the Russian invasion, we started to see where the true allegiances of these criminal groups lay. The number of ransomware attacks rose more than 800% in just the first week of the war and most of this is attributable to Russian-homed criminal groups. In fact, Conti is purported to have issued a statement that they would defend their homeland against all aggressors and supposedly pledged their full support for President Putin.
Bad “Guys” Can’t Win
The threat is rising and not just for large companies. In 2021, 43% of ransomware victims were small businesses and when we roll in mid-size companies, that number rises over 60%. Statistically, any (note ANY) business in the United States has a 1-in-4 chance of being successfully hit with ransomware and/or a data breach. That ransomware attack will take down the infected corporate network for 20-25 days on average. And we are not even talking about E-Mail Account Compromise which affected more than 70% of businesses in 2021. So, let’s talk security before this happens to you. I hate seeing the “bad guys” win. During my time in the Bureau, I too often saw a company get victimized and all they were trying to do was run their business. The threats will continue to evolve, and the criminal actors are awake 24 hours a day looking for ways to make everyone a victim. This is why you need a comprehensive managed security partner in your corner to manage the “entirety” of your security perimeter, watch your environment 24/7, and take decisive actions to keep it secure. Let our security operation centers and our talented security engineers take care of security from beginning to end while you concentrate on what you do best.
