There could be potential future ‘collaboration’ between Russian, North Korean and Chinese internets that could increase the likelihood of cyber attacks, says CyberCube consultant 

A sovereign Russian internet could lead to cybercriminal safe havens with implications for cyber insurance, according to CyberCube’s latest report published today (12 September 2022).

The software firm is therefore warning insurers and brokers to be proactive with measures that manage exposures.

In May 2019, Vladimir Putin signed legislation – the sovereign internet law – that would shut Russians off from information contradictory to the Kremlin’s narrative via an isolated and controlled internet network. The law came into force in November that same year.

Russian officials were given the power to block websites for the Russian public, thus disconnecting them from the rest of the world. As part of this, Putin blocked Facebook, Instagram and Twitter on March 2022.

CyberCube’s report – entitled Ukraine Cyber War Update: Spotlight on Activity Six Months Later – explored the cyber activity that has taken place since the war between Russia and Ukraine began on 24 February 2022.

It revealed that, as of 13 June 2022, there were at least 76 cyber groups participating in the war in Ukraine – a figure that has doubled since the beginning of March.

William Altman, CyberCube’s principal cyber security consultant, said: “A Russian sovereign internet has several potential implications for cyber activity.

”Rival nations will find it more difficult to acquire cyber threat intelligence on threat actors operating from inside Russia and might resort to more drastic measures to achieve this goal, potentially causing collateral damage.

“Furthermore, there is a potential for future ‘collaboration’ between Russian, North Korean and Chinese internets, which would increase threat actors’ ability to launch attacks.”

It follows Lloyd’s of London recently introducing a requirement that all standalone cyber polices must exclude liability for losses arising from state backed attacks.

The report summarised key cyber activity and notable trends since the war began. Highlights included:

  • The creation of a sovereign Russian internet could lead to greater confidence from cyber criminals that attacks could be executed without consequences.
  • Russian ransomware gangs are seemingly focusing on large targets that fall under the critical infrastructure threshold.
  • Russia is using criminal ransomware gangs to undermine the US economy while also avoiding direct war with the US. Meanwhile, European energy companies are also increasingly being targeted for strategic value.
  • Russia is targeting governments in Europe that are assisting in Ukraine’s defence.
  • There has been a dramatic rise in the normalisation of wiper malware being used as a weapon, which is designed to destroy data systems. The NotPetya attack in 2017 is an example of this.