Russian Aggression and Its Potential Impact on the West
History and current intelligence indicate Russia’s strategic objective is to install a puppet regime in Kyiv favoring Moscow. These actions echo previous Russian activity in Belarus and Kazakhstan and will help to limit the perceived threat of NATO expansion.
Current Russian aggression in Ukraine follows a common Russian playbook consisting of ongoing cyber attacks and influence operations followed by military intervention. While current assessments indicate a focused military action that is not expected to expand beyond Ukraine, the Western response and escalating sanctions could alter the threat landscape.
The Kremlin recently declared the Western actions to be an “economic war against Moscow” and said, “Russia is going to do what is necessary to defend its interests.” Those retaliatory actions are likely to include an increase in Russian cyber and influence campaigns against Western enterprises and governments.
Western calls for Putin’s assassination, no-fly zones, removal of businesses operating in Russia, seizing oligarchs’ properties, and expanding sanctions will embolden the Russian population and promote the perception that the West is against them, potentially fueling a nationalist movement, and leading to increased cybercrime, computer network exploitation (CNE) operations, influence operations, and intellectual property theft.
Nisos believes cybersecurity, trust and safety, global investigations, physical security, and legal communities will be tested during the next six months. During this period of uncertainty, Western businesses must be cognizant of increased threats and take proactive actions to defend their business operations and Intellectual Property (IP).
We believe there are three primary objectives that will drive Russian cyber actors, both criminal and government:
- Influence – Preparing a target for military or economic combat and creating a social media environment where non-Russian companies and entities look weak so that the Russian economic environment and Russian companies can look comparatively strong.
- Retribution – In response to the support of the Ukrainian resistance, ransomware could increase, and in some cases, it is possible that ransom will no longer be a means of resolution. Businesses that have withdrawn operations from Russia may be threatened with an attack unless they agree to resume Russian operations.
- Gain – As sanctions increase and expand, Russian corporations may choose to ignore global intellectual property laws and pay cyber threat actors to target non-Russian corporate IP, in a style similar to that seen with Chinese threat actors.
Nisos recommends the following 3-step best practice approach to proactively defend their organizations, facilities, and people:
Step 1 – Influence: Conduct Open Source Monitoring to Identify and Combat Influence Campaigns and Ensure Sensitive IP Is Not Leaked or Compromised
- Conduct robust open-source and dark web monitoring, which may or may not include actor engagement, to determine the following:
- Is the reputation of your company being targeted with misinformation or disinformation?
- Has your intellectual property been stolen and posted for sale on the dark web or in private forums?
- Are Russian competitors stealing or attempting to steal and copy your sensitive IP?
Step 2 – Retribution: Monitor the External Attack Surface to Prevent and Detect Cyber Crime, Ransomware, and More Aggressive Computer Network Exploitation
- Conduct robust attack surface monitoring that includes, but goes beyond vulnerability management and penetration testing.
- Extrapolate IOCs to new attacker infrastructure that’s relevant for your organization conducting external threat hunting.
- Conduct deep-dive Requests for Information (RFIs) so you can investigate more thoroughly potential threats hitting or escaping your firewalls.
- Task intelligence and threat hunt teams to review malware, credential, and exploit samples in order to identify coverage gaps in the existing security technology stack.
Step 3 – Gain: Increase Protective Focus on Key Personnel and Facilities by Conducting More Thorough and Aggressive Online Investigations and Attribution
- Maintain a hardened online presence for all executives and reduce their public footprint and exposure.
- Implement alerts when inauthentic social media accounts are created for executives and employees.
- Fund or staff the ability to quickly attribute people threatening your executives or attempting to steal Intellectual Property through online solicitation or insider recruitment.
- Conduct robust background checks on potential suppliers and employees originating from targeted companies and industries in Russia or with ties to Russia.
- Implement a robust training and awareness program so employees can report suspicious behavior.
Nisos is The Managed Intelligence Company®. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.