The UK government’s announcement that the Russian military intelligence service GRU is behind a string of cyberattacks has rocked the world of politics. But with Russian cyberattacks unlikely to slow in pace and seriousness, businesses need to take note.
The announcement, which has been described as “unprecedented” by cybersecurity experts, saw the UK government point the finger of blame firmly at GRU, with the UK’s National Cyber Security Centre (NCSC) identifying with “high confidence” a string of attacks that the intelligence service was “almost certainly” responsible for.
These included the 2016 hack on the US Democratic National committee, and the 2017 release of confidential medial files of high-profile athletes.
The NCSC accused GRU of “indiscriminate and reckless cyberattacks targeting political institutions, businesses, media and sport”.
Hours later, the US appeared to back the UK government’s position by changing seven Russian intelligence officers over a string of cybersecurity attacks.
Russian cyberattacks announcement: unprecedented confidence or just another tactic?
In making the announcement this morning, the UK government positioned itself as a moral superior to Russia, with Foreign Secretary Jeremy Hunt calling the country our for “reckless and indiscriminate” behavior.
“These cyberattacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport,” he said.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
For some cybersecurity experts, this overt calling out of something that has long been known to happen was a sign of certainty from the UK.
“It is unprecedented that the government should so overtly point the finger directly at the GRU. They must be very confident of their facts, either due to some sort of technical ‘fingerprint’ in the attack vectors themselves, or perhaps through corroboration from various other intelligence sources,” commented Malcolm Taylor, former senior British intelligence officer and director of Cyber Advisory at ITC Secure.
However, others were more skeptical of the announcement.
“This coordinated rehashing of hacks that have previously been attributed to Russia is nothing more than a political stunt to make it appear to certain domestic constituencies that governments are taking the Russian cyber threat seriously,” said Ross Rustici, senior director, intelligence services, Cybereason.
“The NCSC report is akin to a sports team’s game tape: here are all the plays Russia has run in the last two years that they have been successful with.
Far more to come from Russia – and the West needs to step up its game
While the announcements are playing out in the press as an apparent line in the sand, cybersecurity experts do not believe it will do anything to mute Russian cyberattacks.
“This latest round of public announcements is going to do little to influence how Russia operates,” said Rustici.
“The fact that almost everything that is being discussed today is a demonstration of Russia’s effectiveness in this space only shores up their confidence in using these techniques as a way to influence and undermine European and American preferred outcomes.”
Concerningly, many feel that Russia remains superior to the West when it comes to cybersecurity capabilities. Rustici argues that it is this that the US and UK should be focusing on improving, rather than making a show of standing up to Russia.
“There is no indication that the collective US/UK governments have evolved their defenses faster than the Russians have changed their hacking methodology,” he said.
“It is unlikely that Russia will change its operations because, fundamentally, they have been resoundingly successful.”
The West’s failure to act
Furthermore, he argued that the failure of Western nations to agree upon acceptable rules of engagement has actively contributed to the current situation, in part because the UK, US and their allies also wanted to keep their ability to engage in cyberattacks. The result is an unchecked situation where businesses find themselves in the firing line.
“The UK’s attempt to cast Russia as a malign international actor falls into the category of too little too late,” he said.
“There are no norms when it comes to acceptable use of cyber capabilities. Each country has its own definition of what it will tolerate and what it won’t.
“The United States and its allies failed to create a consensus around the acceptable use of cyber capabilities by countries, in part because they wanted to preserve their own freedom of action in this space. Now, it is too late to put the genie back in the bottle and we all must suffer the consequences of an unrestrained cyber capability.”
Businesses in the firing line
For both Russian and Western businesses, there are reasons to be concerned over the bubbling cyber warfare, with Jeremy Hunt warning that Russian businesses were also being harmed.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens,” he said.
This can be seen in Russian cybersecurity provider Kaspersky, which has lost considerable western business over the past year.
For Western businesses, this is a wake-up call about the fact that cybercriminals are not the only threats waiting in the digital world.
“The mention of western businesses as targets should also be a reminder that foreign intelligence services do engage in commercial cyber espionage and we all need to take appropriate steps to manage that risk,” said Taylor.
It also indicates the need for businesses to work with other groups, including the government, to ensure their safety.
“Today’s announcement by the UK government highlights a growing need for public and private sectors around the world to work together to detect, defend and dissipate the rising volume and ferocity of cyberattacks,” said Bill Conner, CEO of SonicWall.
“Countries and organisations alike must prioritise the protection of their critical infrastructure, elections, energy supply chains, intellectual property and financial systems from those seeking to exploit them in this cyber arms race.”