Russian hacker groups rebranding is among the changes that have occurred in 2022

The ‘growing unease over cyber threats and risks’ – triggered by the Russia-Ukraine conflict – has catalysed changes in the targeting intent and activity of fraudsters, according to the 2022 Airmic Annual Survey, published 6 June 2022.

The changes – which have occurred since February 2022 – include:

  • State actors seeking intelligence on the conflict and the consequent sanctions regime
  • Activity by cyber activists targeting organisations to support either pro-Ukraine or pro-Russia sentiment
  • Cyber activists targeting Western companies that have remained in Russia with the aim of taking geopolitical matters into their own hands
  • Competing activist groups launching retaliatory attacks against Russian and Western companies alike

The survey further revealed that some cybercriminal threat actors have increasingly focused their attention on organisations in countries perceived as adversaries to Russia, as cybercriminals adapt their operations and targeting because of the conflict.

Hacker rebranding

Baker Tilly partner Ben Hobby, who was speaking as part of the Cyber risk and insurance panel at the Airmic conference yesterday (8 June 2022), said that ransomware was the ‘most common form of attack’ that he had seen over the last 12 months.

However, new strains of threat actors and groups were regularly emerging – including “Russian hacker groups rebranding, or alternatively new groups taking advantage of the fact that the Russian groups’ focus is probably elsewhere”, he added.

IT supply chains and third-party vendors are also being earmarked by threat actors as they look to improve their attack success – this, as a result, increases the risks of operational downtime and data breaches.

In a downtime or data breach scenario, the survey suggested that risk professionals need to consider the maturity and threat profile of their supply chains, in addition to the direct and immediate threats to their business.