Western companies, especially energy, in firing line from Russian cyber attacks, report says

Large US and European companies, especially in the European energy sector, have emerged as key targets of Russian cyber attacks this year, according to a report published on Monday by CyberCube, a cyber threat modelling firm. Ukraine has also been under a constant barrage of attacks - but so has Russia itself.

Just over six months on from Russia's invasion of Ukraine in February, Russian attackers have targeted large US corporations which fall just below the threshold of 'critical infrastructure', the report says, aiming to cause disruption without triggering a massive escalatory response.

They have also gone after European energy companies, undermining those countries' efforts to wean themselves off Russian oil and gas. Germany has borne the brunt of this assault, says CyberCube, with high-profile attacks on wind turbine manufacturers Enercon and Nordex and wind farm maintenance company Deutsche Windtechnik.

"CyberCube expects ransomware gangs loyal to Russia will continue hitting enterprise targets while state actors focus on government entities," the report says.

Nevertheless, the overall volume of ransomware detections declined 4% between July 2021 and March 2022, according to cybersecurity firm ESET, perhaps reflecting the difficulty of making ransom payments now that Russia is under sanctions.

Insurers will be keeping a keen eye on the danger from Russia, which accounts for a high proprtion of cyber claims. The threat is so serious that Lloyd's of London sought to clarify last month that many state-backed cyber attacks would be excluded from insurance, similar to traditional acts of war, but attacks by Russian criminal gangs remain a major concern.

There has been a dramatic escalation in the use of so-called 'wiperware', CyberCube found. Unlike ransomware, aimed at financial profit, wiper malware is designed purely to destroy data and systems. An infamous early example was the NotPetya attack unleashed by Russia against Ukraine in 2017, which also hit large corporations like shipping giant Maersk, pharmaceutical major Merck and logistics company DHL.

CyberCube identifies a number of widely used 'single point of failure' technologies, including Microsoft Exchange, Oracle WebLogic, VMware and Citrix, which form the preferred entry vectors of sophisticated Russian attackers. The firm recommends insurers look carefully at whether their clients are reliant on any of these. Other perennial issues include the need for Multi-Factor Authentication and preventing unauthorized remote access through systems like Microsoft's Remote Desktop Protocol.

Russia has taken steps to isolate its internet from the rest of the world with measures like the creation of its own Domain Name System (DNS), which could disrupt Western intelligence gathering and embolden Russian hackers. CyberCube also flags up the potential for collaboration with China and North Korea, two other nations which have partially isolated themselves from the global internet.

At the same time Russia has also become a top victim of ransomware attacks, CyberCube says, a striking turnaround from previous years, when it was chiefly known as a source of attacks. Off-the-shelf malware is sometimes configured to ignore machines that have their language set to Russian.

But the country has now become a major target, partly thanks to anti-war 'hacktivists,' including some Russians, and partly because of a lack of appetite among other countries for stopping attacks on Russia.

One ransom note from the group NB65, which attacked Russian state media and the space agency Roscosmos, concludes:

"If you're searching for someone to blame for your current situation look no further than Vladimir Putin."