Earlier this month, cybersecurity agencies from the US, Australia, Canada, New Zealand, and the United Kingdom, created a joint Cybersecurity Advisory that warned organizations globally of impending cyber danger as a result of Russia’s controversial invasion of Ukraine. It is thought that there will soon be an increase in Russian-based cyber-attacks targeting the allies of Ukraine that have levied sanctions catastrophic to Russia’s economy. Countries known to have provided military support to Ukraine are also thought to be at an increased risk of Russian cyberattacks.
This new warning is not limited to hacking attacks from state-sponsored Advanced Persistent Threat Groups (APTs), as the advisory states that several Russia-based, non-government affiliated cyber groups have “recently publicly pledged support for the Russian government.” These gangs intend to retaliate for hacks that may have targeted the Russian government or its citizens.
In addition, some cyber gangs have threatened to attack countries and private organizations that are providing materiel support to Ukraine. We have already seen repeated attacks against Ukrainian websites from groups that are believed to be in support of the Russian military offensive over the past several weeks.
Those attacks supplement the Russian government’s own efforts, as recently there has been a rise in Russia-based state-sponsored hacks including distributed denial-of-service (DDoS) attacks in addition to malware and ransomware attacks targeting the Ukrainian government as well as its critical infrastructure.
These new threats of increased hacking happen just as lobbyists for the financial sector butt heads with the Securities and Exchange Commission (SEC) regarding the implementation of new reporting requirements for SEC regulated entities that force publicly traded companies to disclose cybersecurity incidents.
“The SEC’s actions in the past year, paired with recently released rules, draw a line under the critical role of management and boards in protecting not just investors and customers, but also the sound functioning of American business,” according to Friso van der Oord of the National Association of Corporate Directors.
The lobbyists favor newly proposed reporting rules that come as part of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, created by CISA. The act requires critical infrastructure companies, which may include financial services entities, energy outfits, and other businesses, to report any cybersecurity incidents or ransoms paid to the government.
The changes are not to be immediately instituted, however, as according to the bill, CISA has 24 months after the bill’s passage in March of this year to create proposed rules on what constitutes a reportable offense, and then another 18 months after the proposed rule to define the final rule. So, in plain English, it means that the Cyber Incident Reporting for Critical Infrastructure Act of 2022’s final thresholds for incident reporting may not be completely defined for as long as over three years as currently written.
Despite the text of the act, as a result of global instability due to Russian President Vladimir Putin’s ongoing war, CISA can possibly modify the law to move it along more quickly during what it expected to be a period of increased cyber activity that is already well under way, with hacks that include the Russian-based Hermetic Wiper attacks having already had a devastating effect on hundreds of organizations in Ukraine with its ability to wipe out data on Windows PCs.
After 2021 saw hacking explode in the US with the devastating Colonial Pipeline and JBS Foods cyberattacks, CISA, as well as corresponding groups globally, expect 2022 to be an even more damaging year. If this current Ukraine conflict should spiral into a larger war involving the US and NATO, we can easily see this situation develop into a Third World War punctuated by cyber-attacks at an unprecedented level.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by numerous websites and he is regularly seen on National and International news programming.