There is growing speculation across the cybersecurity community about how Russia’s military offensive against Ukraine could impact online crime.
Russia is becoming increasingly isolated, both by Russia itself and by outside companies suspending business with the federation. The isolation is not just economic, but digital. Two large internet backbone operators have stopped transiting traffic to and from the Russian Federation and Russia’s internal censorship apparatus is blocking access to many western services.
Cybercrime is global
There is no doubt that many cyber criminals operate from within the Russian Federation, but by no means are most groups entirely Russian. There have been arrests of participants in cybercrime from Canada, the United States, Latvia, Germany, Ukraine and about everywhere else you can think of. Cybercrime is a truly global operation.
Even for groups with Russian members, like the Conti ransomware gang that was recently hacked, their infrastructure is rarely located in Russia. These groups make heavy of proxies, Tor, and virtual private server infrastructure hosted in Europe, North America, and Asia. Even if Vladimir Putin decides to throw the “internet kill switch,” it is unlikely to deter too much of this activity. It is more likely to temporarily gum up the works.
The impact of skilled unemployment
If Russia remains on the internet, we might in fact see an increase in malicious cyberactivity as skilled workers within Russia’s borders find themselves unemployed in an increasingly weakening economy.
Most member nations of the Commonwealth of Independent States (CIS) have traditionally had strong computer science education programs, resulting in a highly skilled workforce with limited legitimate job opportunities.
In recent times many have sought well-compensated contract work for western companies, while others turned to cybercrime. If contract IT work dries up, we could see more technology professionals turn to the dark side to make ends meet. A Bitcoin ransom payment that is not impeded by sanctions goes a long way.
Prepare and protect
The reality we must face is that it is up to us to defend our users, networks, and data. Ransomware and other cybercrimes will not go away, even if we disrupt the ability of one of our strongest adversaries to communicate on the free and open internet.
Online crime is global, and cryptocurrencies cannot be easily controlled, by design, which will continue to fuel these thefts with or without Russia’s involvement.
The best time to update your security strategy is always the same. Now.