The software firm’s head of cyber intelligence services says ’a greater understanding’ will help the insurance sector prepare 

Russian cyber-attacks targeting IT infrastructure in Ukraine are increasing and this could extend to traget the West, according to the latest report from CyberCube published today (6 June 2022).

The report, entitled Understanding Criminal Cyber Threat Actor and Motivations, stated: “As the war in Ukraine continues and Western sanctions punish the Russian state, we should expect Russian actors to use cyber-attacks to both damage Western infrastructure and to make up for some of the financial losses caused by sanctions.”

It pointed out that the top 1% of cyber threat actors are targeting IT services providers as a means of successfully exploiting victims downstream.

Some examples of Single Point of Failure (SPoF) attacks are the Russian SolarWinds attacks and the Chinese exploitation of a vulnerability in on-premises Microsoft Exchange servers.

Darren Thomson, CyberCube’s head of cyber intelligence services and a co-author of the report, said: “Our new report focuses on actors with whom the insurance industry should concern itself because they are most likely to inflict cyber attacks on Western democracies and businesses while creating systemic risk that leads to risk aggregation and large financial losses.

“A greater understanding of the key cyber actors will help the insurance sector predict how and where future attacks could arise and inform estimations of attack frequency and severity.”

Current estimates suggest that global damage related to cyber-crime will reach $10.5tn (£8.38tn) by 2025.

Motivations and allegiances

The report points out that there are three main types of threat actors – state-sponsored, criminal gangs and hacktivists, defined as groups or individuals who use hacking to effect social or political change.

It explained that state-sponsored actors are among the most significant and concerning to the reinsurance industry and potential victims of cyber-crime as they are affiliated with government entities and tend to represent well-funded, well-organised and sophisticated actors with mature procedures and protection from an associated government.

Meanwhile, organised criminal gangs are primarily focused on ransomware – locking up a victim’s data and demanding a ransom payment to decrypt the data – and are evolving their tactics, techniques and procedures at a rapid rate.

The more influential hacktivists present a very real threat to business and to the cyber insurance market.

These organisations play a very dangerous game when putting state secrets and intelligence operations in harm’s way and the potential repercussions of these activities are far reaching.

Thomson added: “While cyber-crime is the subject of considerable research, most of it is focused on specific types of attack. In our view, we need to know more about the threat actors behind these attacks.

“The more we understand their motivations and allegiances, the more we can predict their moves.”

The report concluded that there is no shortage of documentation discussing the tactics, techniques and procedures used in modern cyber-attacks and cyber professionals, as well as insurers, should keep abreast of trends in this area.

However, focusing entirely on these details and not on the threat actors at play is likely to lead to weaker cyber catastrophe modelling, underwriting practices and cyber defence strategies

Software firm CyberCube’s cyber risk analytics based platform aims to help the insurance industry with cyber issues.