The Ukrainian crisis has erupted into a serious conflict affecting not just Ukraine, but the world. As soon as the conflict erupted, suspected Russian cyber-attacks were noted over a 48-hour period at an increased rate of 700%. The leadup to the invasion of Ukraine included a cyber assault utilizing ‘wiper’ malware. A distributed denial of service attack which paralyzed websites by bombarding them with information requests. They also hit government sites.
Historically Russia has deployed sophisticated cyber capabilities to conduct disinformation, espionage, propaganda and destructive cyberattacks globally. As written in the recent US Government Congressional Research Service Analysis, Russia maintains numerous units who are overseen by various agencies that are responsible for these types of attacks.
As the conflict continues and in fact increases, we have seen many new warnings from various government organizations across North America recommending a heightened posture when it comes to cybersecurity and protecting their most critical assets. We can also expect these attacks to increase in retaliation of the western nation’s stringent sanctions on Russia. Tensions between Russia and the west escalated as the United States and other countries moved to block Russian banks from swift payment system. Government agencies, critical infrastructure, healthcare and financial institutions can expect ransomware attacks, data wiping and theft, malware as well as ongoing denial of service. Financial institutions deal with these types of threats on a regular basis and are well prepared. The vulnerabilities usually lie with third party providers with smaller budgets.
Throughout covid we have seen several Russian based cyber-criminal groups utilizing ransomware to target hospitals and healthcare groups in North America. In a recent report by a cybersecurity organization, they labeled the group FIN12 as being an active threat to healthcare and targeting organizations with annual revenues of more than $300 million with ransomware attacks. One in five victims were healthcare groups, many of which operate hospitals, while other victims included education, finance, and government organizations as well as manufacturing and retail. Most ransom demands were between $5 and $50 million.
This group continues to be dangerous, and expectations are that with the increase in sanctions against Russia and the ongoing conflict with the Ukraine, NATO countries, the EU and the West, these attacks will be on the rise. They are focused on ransomware and are hitting big targets. Several federal US agencies issued reports and warnings in 2020 that hospitals and healthcare providers were being increasingly targeted. FIN12 utilizes the Ryuk virus which was previously linked to the attack on universal health services which operates 250 health facilities within the United States.
Reduce the likelihood of a damaging intrusion by taking steps to quickly detect suspicious activity and ensure that your organization is prepared to respond if an intrusion occurs and maximize your resilience to a destructive cyber incident. We’ll continue to watch this develop as the Ukraine conflict with Russia evolves with currently no end in sight.