secion's assessment of the security threats to companies following the outbreak of the war in Ukraine
by Tina Siering
How does the Ukraine war affect cybersecurity in Germany, Austria and Switzerland?
The Russian attack on Ukraine on Feb. 24, 2022, marks a turning point, according to German Chancellor Olaf Scholz. News of cyber attacks and a "war on the Net" are also causing uncertainty and concern in other parts of Europe. Due to the war in Ukraine, we are currently being asked in many customer conversations whether we are increasingly recognizing Russian attacks on companies in Germany, Austria as well as Switzerland and how we assess the situation.
In the following, we therefore share our current assessment and evaluation of the situation, also based on the results of our globally operating early attack detection with Active Cyber Defense (ACD).
Has the threat situation for companies become more acute since the outbreak of war?
No, the threat has not changed fundamentally since the start of the war. We currently have no knowledge of any acutely increased threat from Russian state actors in Western Europe. However, we have noticed a heightened public awareness of cyberattacks, particularly with regard to our own security.
This heightened risk awareness will not only lead to potential phishing campaigns being identified and reported much earlier than critical, but also to previously undetected compromises being uncovered that already existed before the outbreak of war.
Why a cyber defense strategy is now more important than ever
The majority of attacks detected on our part by potentially state or semi-state actors occur from an intelligence perspective and serve to gather information. This threat is not fundamentally new; it existed in the past, triggered by the political changes of the Euromaidan protests in 2014, but it intensified as a result of preparatory actions before the war began.
Involved "third-party actors" provide a new dynamic, e.g., through public calls for "hacktivism" or the positioning of criminal groups that previously had a primarily financial motivation. While these do not operate at the same level as intelligence actors, they may feel emboldened to engage in risky activities on a large scale.
From a cybersecurity perspective, this suggests that geopolitical considerations are becoming more important for these third-party actors in addition to ideological or financial motivations, which should be factored into future risk assessments for relevant industries and government institutions. For example, Cybergang Conti has officially taken a position in favor of the Russian side. A disgruntled member then published internal chats and data from previous years.
However, large-scale open sabotage scenarios require months or years of preparation. The threat level in this context therefore remains undiminished - as it was before the war began. Companies that are now compromised were probably already compromised before February 24, 2022, without knowing it.
This preparation aspect is particularly important because the often propagated image of simultaneity of attack and damaging effect in IT attacks is a fallacy: infiltration takes place with a long time lag before a visible damaging effect (such as STUXNET in 2010 or the Ukraine Grid blackout in 2015) - or, in the case of covert espionage, even remains completely undetected.
Conclusion on the threat situation for companies
Enterprises should remain vigilant and provide the necessary awareness and targeted monitoring of their environment. Test your detection strategies and response processes. Review and update your IT contingency plans, back-up regularly and keep your systems current. Raise your employees' awareness of phishing emails and disinformation, social engineering and fake news - not just Ukraine-related. It is not only in this dynamic situation that it is advisable to opt for a successful cyber defense strategy. If you have not yet dealt with the topic, now is a good time to start!