October 12, 2022
Over the last year, the scope and source of cyber attacks has broadened significantly. October is Cyber Security Awareness Month, and we are looking at new tools available to hackers around the world and the steps that organizations need to take to defend themselves from online attacks.
In the past, malware that originated in warfare has found its way into the hands of cyber criminals, who then use it to target organizations and businesses. For example, the 2017 NotPetya malware attack led to global supply chain disruptions, with total losses estimated at $10 billion. As a result, the Maersk shipping line suffered estimated losses of about $300 million. The U.S. Intelligence Community determined that the attack had originated from malware used by Russian military hackers to disrupt Ukraine’s financial system. Criminals then adapted this malware to cause major business damage.
As the Russia-Ukraine conflict extends into its ninth month, the conflict is being fought on both the physical battlefields and in cyber space. The malware used in the conflict is finding its way on to the dark web, where any hacker can use it.
An April 2022 report from Microsoft counted at least 237 cyber-attacks against Ukraine from at least six different Russia-aligned nation-state actors in the previous four months.
“For the first time in history, a nation state, Russia, used offensive cyber action in combination with traditional military action,” says Erin Whitmore, director of the Proactive Security in Aon’s Cyber Solutions.
“Malware deployed by countries in conflict start in structured environments for nation-state purposes, but once released into the wild, they can be leveraged by criminal groups and financially motivated threat actors. When they get commercialized by other types of threat actors outside of Russia or Ukraine, organizations who may have no ties or presence to the region may be impacted by these new malware variants,” says Catarina Kim, managing director of the Intelligence Group in Aon’s Cyber Solutions.
Who Has Access to the Malware?
There are two major groups of cyber criminals that now have access to this new malware.
One group of hackers is looking for monetary gain. They are not necessarily prioritizing specific industries or types of businesses. Instead, they are typically looking for low-hanging fruit, which are the least-secure organizations.
On the other side, “hacktivists” have other motivations. They are targeting businesses whose operations, policies or decisions they find objectionable.
“The ideological hacker is a very worrisome one,” Whitmore says. “Some of this malware we are seeing used against Ukraine or Russia might be repurposed so that a hacktivist can use it against a particular company, country or industry.” Both groups of cyber criminals use malware as their main means of attack.
Understanding the Malware Risk to Operations
As businesses look to protect themselves against future malware threats, they also need to consider their broader networks — and even the cyber vulnerabilities of their supply chain partners. On top of that, in a worst-case malware attack, organizations will need to factor in how long it would take to replace their equipment. This issue has become increasingly important thanks to the current COVID-19-related disruptions affecting supplies of microchips and computers.
“After a destructive malware attack, companies may not be able to source enough devices to get back online quickly,” Whitmore says. “And if it takes four weeks, six weeks or eight weeks, can they survive that time without revenue?”
Preparing for the Worst
As organizations look to protect themselves against cyber threats, there are several steps they can take.
First, ensure they have an organization-wide understanding of their cyber risk profile, and the potential impacts of any attack. When possible, they should also pursue effective risk financing and insurance solutions for cyber risks. Finally, they should emphasize appropriate cyber hygiene across the organization.
When it comes to the specific new malware variants, research has shown indicators of potential cyber compromise. Organizations can familiarize themselves with this data, and better protect themselves.
Organizations that take this approach will be better prepared to face new cyber threats, including those emerging from the Russia-Ukraine conflict.
This material has been prepared for informational purposes only and should not be relied on for any other purpose. You should consult with your own professional advisors or Technology Department before implementing any recommendation or following the guidance provided herein. Further, the information provided and the statements expressed are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources that we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.