The Ukraine war and protecting your business from Russian cyberattacks

To mitigate against the increased threat of cyberattacks during the Russian-Ukrainian tension, businesses should make sure that they keep systems up-to-date

Russia has invaded the Ukraine and it seems like a world away for British Columbia businesses.

But it’s not– it’s a mere mouse click away for bad actors inclined to attack our critical infrastructure networks or businesses in Canada in retaliation of our support of the Ukraine. The threats are real and omni present 24/7. The bad actors could be anyone anywhere – domestic or foreign – from Russian state-sponsored cyber operations, to local sympathizers.

Bad actors go after our critical infrastructure because they are the system and assets, physical and virtual, that are so vital that the incapacity or destruction of them would have a debilitating impact of our national security, national economic security, national heath or safety, or any combination thereof.

If we think of the recent blockades of international bridges in Canada that garnered worldwide attention – those are essential to our national economic security and so are ports, oil pipelines, power networks and airports, as are our health care databases and our research databases and other sectors vital to our economic well-being.

Critical infrastructure can be private enterprise and in fact, our banks, stock exchanges and credit card companies are examples of private critical infrastructure essential to the functioning of our economy. For example, American Express, because of its global elite and prominent customer base, has the most valuable personal, transactional and financial data in the world that is coveted by bad actors. The protection of its systems rises to the level of a national security interest.

Many businesses, big and small in Vancouver, provide technology support to critical infrastructure and present points of vulnerability to cyberattacks as third parties. In the past, law enforcement and intel agencies have warned that Russian state-sponsored cyber operations have targeted and compromised third-party software and third-party suppliers, as well as compromising cloud suppliers to access data illicitly. But the attacks are also direct and primarily, they attack using tactics that include spear phishing, brute force and exploiting known vulnerabilities against accounts and networks with weak security.

The Main Intelligence Directorate of the General Staff (“GRU”), the Russian military intelligence agency, is accused of having hacked political databases, implanted malicious computer code, stolen emails and other personal data and posted stolen documents from government agencies, private enterprise and individuals online to cause dissent and rupture the population’s confidence in institutions. In the Netherlands, they are accused of hacking WIFI networks to infiltrate charities and watchdog agencies, and this week, they were accused of hacking Ukrainian financial, energy and government sectors with self-replicating bugs that could affect systems anywhere in the world.

To mitigate against the increased threat of cyberattacks during the Russian-Ukrainian tension, businesses should make sure that they keep systems up-to-date and are regularly downloading patching software and new versions of operating systems as soon as they are released to protect against the latest threats, and monitor networks for evidence of anomalies.

Other strategies include testing backups, having a regular cadence of security awareness training for employees and having incident response plans in place. Security audits of weaknesses, particularly email management is a must, as well as prohibitions in respect of remote access to systems and administrative functions except by white label IP addresses. Robust logging of Internet-based services and authentication functions for employees also helps mitigate risks of cyberattacks.

One should realize, as well, that threats can be internal and not just external and employees can be a weak link in the real world as well as the virtual one. A number of years ago, a person from a listed terrorist organization went so far as to get a job at a financial services company in Canada, where he worked for almost a year, to obtain access to transactional information and the residential address of a judge presiding over a case involving the organization in which he was a secret member. Thankfully, our law enforcement agencies stepped in but the threats in Canada are very real, and we ought not to pay them no heed.

One aspect we do not talk about often enough in the context of cyber threats is Bitcoin – many cyberattackers are guns for hire and the only way they will agree to be paid is in Bitcoin. That’s because, despite what you may read in the news, Bitcoin can be completely anonymous in terms of transactors conducting transactions if they know what they are doing – and state-sponsored cybercriminals certainly know what they are doing and are often ten steps ahead of the rest of us.

Vancouver continues to be a safe haven for Bitcoin transactions for states in which Canada does not have friendly relations, and therefore the risks are somewhat heightened because we have businesses that tumble, anonymize and exit an enormous amount of Bitcoin off the radar for all sorts of people who remain anonymous, even in 2022.

If your business is the target of a serious cyberattack that you suspect is from the GRU, it’s important to contact law enforcement. If your business is being held ransom by a cyberattack where bad actors are demanding Bitcoin to release your systems, make sure that you work with professionals to resolve it who have the capability and expertise to help your business deal with legal carve-outs, including the prohibition of using a digital currency exchange where a fee is paid to transact and filing the requisite suspicious transaction report to protect your business (since paying a criminal for criminal activities is against the law).

Christine Duhaime is a financial crime expert with Fusion Intelligence.