Cybersecurity Advisory Highlights Increased Risk of 'Malicious Cyber Activity'

Last week, cybersecurity agencies from the United States, Australia, Canada, New Zealand and the United Kingdom, released a joint Cybersecurity Advisory warning organizations in their respective countries that as a result of Russia’s invasion of Ukraine, the world may be at a heightened risk of “malicious cyber activity.”

It is believed that there may be a Russian offensive directed at the allies of Ukraine that have been responsible for levying the sanctions that have been catastrophic to Russia’s economy. Additionally, nations that have provided material support to Ukraine are also believed to be in Russia’s cyber crosshairs.

The danger currently posed is not limited to attacks from state-sponsored Advanced Persistent Threat Groups (APTs) however, as according to the advisory, a number of Russia-based and non-government affiliated hacking gangs have “recently publicly pledged support for the Russian government.” These groups have threatened to initiate retaliatory operations for cyber offensives that may have affected the Russian government or citizens.

Some of the gangs are also threatening to initiate offensive cyber-attacks against nations and private organizations that may be providing materiel support to Ukraine. Over the past couple of months, there have already been repeated disruptive attacks against Ukrainian websites, that are believed to be in support of the Russian military offensive.

These attacks have supplemented the Russian government’s efforts, as recent Russian state-sponsored hacks have included both distributed denial-of-service (DDoS) attacks in addition to malware and ransomware attacks against the Ukrainian government and critical infrastructure.

This threat of increased cyber activity is occurring just as lobbying groups for several financial sector entities that are governed by the Securities and Exchange Commission (SEC) are beginning to butt heads with members of corporate boards regarding the implementation of reporting requirements for any SEC regulated entity.

“The SEC’s actions in the past year, paired with recently released rules, draw a line under the critical role of management and boards in protecting not just investors and customers, but also the sound functioning of American business,” according to Friso van der Oord, Senior VP at the National Association of Corporate Directors. “Preparing effective disclosure of material cyber risks and incidents has long been a key principle of cyber risk oversight advocated by NACD.”

The lobbying groups are in favor of the newly proposed reporting rules that are part of the new Cyber Incident Reporting for Critical Infrastructure Act of 2022, which was created by the CISA. The bill, which was passed in the omnibus spending bill on March 15, requires critical infrastructure companies, which can include financial services entities, energy outfits and other businesses for “which a disruption would impact economic security or public health and safety” to report any cybersecurity incidents or ransoms paid to the government.

These changes are not immediate, however, as according to the text of the bill, CISA has 24 months after the bill’s passage to create a proposed rule on what may constitute a reportable offense, and another 18 months after the proposed rule to define the final rule. So, in practical terms, this means that the Cyber Incident Reporting for Critical Infrastructure Act of 2022’s final thresholds for reporting incidents may not be properly and completely defined for about as long as 3 years as currently written.

Despite the current text of the bill, as a result of ongoing global instability as a result of Russian President Vladimir Putin’s ongoing war and cyber fallout that accompanies it, CISA may modify the law in an effort to move it along more quickly during what it expected to be a period of increased cyber activity that is already well underway with attacks including the Russian-based Hermetic Wiper attacks that have had a devastating effect on hundreds of organizations in Ukraine by wiping out data on Windows PCs.

Coming off a 2021 where the ongoing global cyberwar truly hit home with the infamous Colonial Pipeline and JBS Foods cyberattacks, CISA is expecting 2022 to be an even more eventful year in the cybersphere. Should the Ukraine conflict spiral into a larger war involving NATO countries led by the U.S., we can easily see what was supposed to be a days-long “shock and awe” conquest morph into the Third World War.