Enhanced Sanctions Against Russia Could Lead to Greater Attacks on US Financial and Energy Companies

By gTIC ·

As the United States levies more sanctions against Russia over its involvement with the unrest in Ukraine, U.S. officials sound the alarm of potential retaliatory acts by Russian actors.

According to Bloomberg Businessweek, members of the Financial Services Roundtable are currently monitoring for increased activity originating from the area. While there has not been any publicly acknowledged attack by Russian military or government organizations in the past, it has always remained unclear what type of influence the Kremlin holds with private citizens and hacktivists groups that participate in “patriotically motivated” attacks against Russian adversaries.

In past conflicts - such as the Georgian conflict in 2008 and the month-long distributed denial-of-service attacks against Estonia - hackers partial to the Kremlin have waged a cyber-campaign against its opponents.

During the current conflict, there have been back and forth DDoS attacks waged between Ukrainian sympathizers and Russian hacktivists, and it is likely that this will now spill over to the U.S. and other countries also imposing sanctions against Russia.

U.S.-based organizations did see an increase in attacks by the Syrian Electronic Army, a group of hacktivists sympathetic to the Assad regime in Syria, when the United States began to weigh options against the Syrian government in response to chemical attacks on Syrian civilians. It is likely that Russian supporters could take a similar route in response to these sanctions.

Since the targets of the new round of sanctions are reported to target Russian leader Vladimir Putin, Russian financial organizations and other Russian officials with influence in the Russian economy, logical targets of retaliation will be U.S.-based financial institutions and possible media outlets. Companies in financial, energy and media industries should take extra measures to monitor and detect malicious traffic originating from Russia, especially as it relates to botnet or DDoS attacks.

According to Kaspersky’s SECURELIST, approximately 38% of online threats seen over the previous week have originated from the Russian Federation and 34% from Ukraine. While these statistics are not themselves evidence of increased attacks surrounding the ongoing conflict, they can be viewed as indicators of warning for organizations to better protect themselves from threats originating from the region.

For our previous analysis concerning the Russian-Ukranian conflict, please see our blog from March Behind the Curtains of New War: Bringing Cyber War to the Crimean Peninsula.