Russia-Ukraine: Potential Cybersecurity Ramifications for Retail and Hospitality –

As the Russia/Ukraine crisis develops, the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is working to provide guidance to the retail and hospitality community concerned with the situation’s impact on their operations.

Current Situation

As it currently stands, the US and EU response to Russia’s actions has been mild, imposing limited sanctions that are unlikely to trigger an aggressive cyber response. Additionally, the Russians are aware that US and EU public opinion is heavily against an all-out war, and it is unlikely the Russian government will risk that favorable opinion by launching cyber-attacks that can paralyze western commerce or harm critical infrastructure.

This information, in conjunction with RH-ISAC observations of intel related to Russian cyber capabilities, indicate that at this time, it is unlikely that there will be direct attacks against the retail, hospitality, and travel sector. However, the community should be aware of potential collateral impact.

Potential Cybersecurity Ramifications

  • In the event of massive disruptions, the retail, hospitality, and travel sectors will likely be impacted in many ways as collateral damage and secondary targets, but not as direct targets
  • Russia-affiliated cyber actors will likely continue to target the Ukrainian government and critical infrastructure organizations in a coordinated effort to keep the government and the resolve of the Ukrainian people under pressure and in disarray
  • Russian actors outside of Moscow control will likely continue to target Ukraine and possibly other Western targets but are unlikely to cause significant disruptions beyond Ukraine’s borders
  • A significant concern is a spillover of cyber-attacks against Ukraine that could impact global supply chains and commerce, like the 2017 NotPetya cyber attack
  • Cyber-attacks, if any materialize, will likely focus on the digital and communications assets of government agencies, militaries, critical infrastructure, and supply chains

Historically, Russian cyber activities during times of regional conflict start with massive DDoS attacks against the target states’ communications and civil infrastructure organizations. Other opportunistic attacks such as ransomware and data breaches follow, primarily by financially motivated threat actors who operate with impunity from Russia and allied states.


 In the face of a largely ambiguous threat against such a massive potential attack surface, the RH-ISAC offers the following general recommendations:

  • Ensure that all vulnerable systems and assets are patched with the most current security updates
  • Implement access control security measures
  • Update incident response playbooks
  • Conduct response exercises with a focus on potential threats related to the current crisis
  • Educate workforces to be vigilant and not fall prey to phishing or other threats that attempt to capitalize on topics of current interest

The RH-ISAC will continue to monitor the situation and update the retail and hospitality community with any developments relevant to our sector. RH-ISAC members can find updates on the developing conflict, further analysis of sector exposure, and specific known Russian APTs and TTPs on the RH-ISAC Member Exchange.

This report can also be found on our website here:

Luke Vander Linden
Vice President, Membership & Marketing
Retail & Hospitality ISAC | | New York (ET)