Russia-Ukraine and the Cyber Threat Landscape

Introduction

The situation between Russia and Ukraine has been escalating since the start of January, when Russia stationed more than 100,000 troops along the Ukrainian Border. Although cyber security is not the primary concern in the current situation, there is a cyber security component that absolutely should not be overlooked. 

We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen. 

Bitsight analyzed the potential impact of war in Ukraine by observing both Ukraine-based organizations and international organizations with assets inside the Ukraine territory. Our research shows that a war would have a significant impact on a large number of organizations outside Ukraine—financially and via disruption of services. 

Ukraine and Impacted Sectors

Our main analysis focuses on how a potential disruption in service for Ukraine-based assets could impact organizations and industry sectors in the rest of the world, either directly or indirectly. We study this impact by identifying worldwide organizations that have Ukraine-based assets, as well as their associated customers.

There are multiple methods to identify the approximate geolocation of an individual set of assets; either by using commercial location aggregation services such as Maxmind, or complemented by understanding Autonomous Service announcements or registration information associated with individual IP addresses. 

With this information we can identify the set of organizations that have at least one asset within Ukraine. In the following industry-sector analysis, organizations with Ukraine-based assets in the Technology, Business Services, Manufacturing and Finance Sectors stand out.

A component of Bitsight's TPRM product is the insight we provide to help customers identify vendor connections with other organizations. In other words, allowing our customers to identify the third-party relationships of their third parties in order to have better awareness of impact to their supply chain. We can use this dataset to identify the set of customers that have plausible relationships with the previously identified organizations who have Ukraine-based assets. The industry sectors most impacted in this context are Finance, Technology, Business Services and Manufacturing.

High-Sensitivity Industry Sectors

Certain organizations are more dependent on Ukraine compared to others, meaning some organizations conduct business or have relationships with multiple organizations with Ukraine-based assets. Of the organizations Bitsight observes to be customers of organizations with Ukraine-based assets, nearly 7% have 5 or more relationships, and nearly 12% have at least 4 relationships to Ukraine-based assets.

Industry sectors prominent in conducting multiple businesses with Ukraine-based assets are Healthcare, Technology and Finance.
 

Interconnected World, Sensitive Regions

To understand how different geographies around the world are affected, we aggregated the headquarters location of organizations who have assets in Ukraine. In order to normalize on country size, we divided the number of organizations who have assets in Ukraine per country by all organizations headquartered in each country, which is represented in the chart below using a logarithmic scale.

European countries, as expected, seem to have a higher number of Ukrainian assets, so it is only logical that countries in Europe would be the most impacted should further disruption occur and evolve.

Conclusion

As expected, in a highly interconnected world, a war in any part of the globe has the potential to affect us all, either directly or indirectly. If you have Ukraine-based assets or conduct business with organizations that do, you should prepare a contingency and redundancy plan as soon as possible, as they might soon face disruptions as the conflict further escalates.

In addition, you should increase protection around your own critical assets, as larger scale cyber attacks can be considered by the Russian government as a means to conduct destabilizing actions in ways that may impact others outside of Ukraine.