Re/insurers urged to ‘urgently’ stress test threat of Russian cyber attacks

Cyber risk analytics specialist  CyberCube has urged insurers and reinsurers holding large books of East European business to stress test their portfolios and urgently re-evaluate their exposures against the threat of Russian and Ukrainian cyber attacks.

CyberCube’s latest report has identified a series of potential scenarios of cyber attacks on off-shore oil rigs, utility suppliers, mobile phone network operators, hospitals, airlines, the SWIFT banking system, plus the widespread use of wiper malware, amidst the ongoing war in Ukraine.

CyberCube confirmed that it had observed cyber attacks on Ukrainian critical infrastructure, government services, banks and telecoms.

Russian government institutions and enterprises are also being targeted by cyber attackers. Some of these attacks, the company said, have spilled over into neighbouring Belarus, Poland, Lithuania and Latvia.

The report stated that companies in the high-risk geographies of Ukraine, Russia and CIS countries are most at risk of experiencing losses due to cyber attacks.

Business interruption claims are likely to stem from cyber attacks on critical infrastructure and key IT Single Points of Failure (SPoF).

“This conflict will undoubtedly push the boundaries of acceptable behaviour in cyberspace. What’s worrying is that the cyber elements of this conflict could escalate quickly,” warned William Altman (pictured), CyberCube’s principal cyber security consultant.

“We have the potential for unprecedented cyber-physical impacts, including attacks on critical infrastructure,” Altman said.

“However, before a full-blown cyber disaster becomes likely, we believe there will be several levels of escalation needed to reach that stage.”

The report, “War in Ukraine creates fundamental shift in the cyber threat landscape”, recommends that insurance brokers and risk carriers encourage their clients to focus on threat modeling Russian advanced persistent threats (APTs), known criminal gangs’ tactics, techniques and procedures (TTPs), and cyber security best practices.

Darren Thomson, head of cyber security strategy, said: “The risk of a cyber disaster impacting (re)insurers’ portfolios is higher as a result of Russia’s intent, opportunity, and capability to compromise SPoF targets that give them widespread and unfettered access to critical computer networks and data. Hacktivist coalitions and cyber criminals are taking sides, with prolific groups pledging services to aid the Russian government’s war machine.”

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.