March 25 - Impact of Geopolitical Conflicts on Cybersecurity Risks

Introduction

Recent geopolitical conflicts – notably Russia’s war in Ukraine and the Israel–Hamas war – have led to a surge in cyber threats that extend far beyond the conflict zones. These wars have blurred the line between state-sponsored cyber operations and criminal attacks, putting businesses and IT teams in the UK, EU, and US on high alert. In fact, 97% of organizations have observed an increase in cyber threats since the Russia-Ukraine war began.

The cyber threat landscape has become more volatile, with hostile actors exploiting global tensions to launch attacks ranging from espionage and sabotage to ransomware and phishing scams.

Below, we explore the key threat categories and risks, supported by recent data (primarily from the past six months) to illustrate how these world events are influencing cybersecurity for Western organizations.

State-Sponsored Attacks and Espionage

Nation-state hacking groups are leveraging the chaos of war for espionage, disruption, and political impact. Russian state-affiliated hackers have dramatically intensified their activities amid the Ukraine conflict, targeting Western critical infrastructure, government networks, and supply chains​.

UK authorities report a sharp uptick in hostile cyber incidents linked to Russia: the National Cyber Security Centre (NCSC) handled over 430 significant incidents in 2024, a notable increase from the previous year​. This included attacks by elite groups like Sandworm and APT29, as well as criminal “privateers” operating with Kremlin’s tacit approval​. Many of these campaigns use spear-phishing for espionage and even deploy destructive malware (e.g. WhisperGate) to cause disruption, echoing past Russian operations like the notorious NotPetya attack​.

The UK’s NCSC head has warned that hostile cyber activity is at unprecedented levels and often underestimated​.

By late 2024, the frequency of major cyberattacks in the UK had tripled compared to the prior year, with nation-state actors (Russia, China, Iran, North Korea) cited as “real and enduring threats”​.

Other European countries have also felt the impact. In Italy, for example, government websites suffered a coordinated cyberattack in early 2025 by a pro-Russian group — apparently retaliation for Italy’s support of Ukraine (after its prime minister met with Ukraine’s president)​.

This underscores that organisations in EU/NATO countries can become targets of state-aligned hackers as a form of geopolitical pressure or retribution. Such attacks aim to steal sensitive data, deface websites, or disrupt public services, and they often succeed via tactics like malware intrusions and phishing for access​.

The Israel-Hamas war has likewise spurred Iranian and other Middle Eastern threat actors into action. Iran’s cyber units, which previously focused many operations on U.S. targets, abruptly shifted focus to Israel once the war began​.

​

According to Microsoft, nearly half of Iran’s observed cyber operations from October 2023 to mid-2024 targeted Israeli companies, up from just 10% before the war​.

This surge includes not only direct attacks on Israeli infrastructure and businesses, but also cyber-enabled influence campaigns aimed at destabilizing Israel and weakening international support for it​.

Western security agencies caution that Iran may lash out at countries supporting Israel as well. U.S. officials have warned that Iran and its proxies could retaliate in cyberspace against nations backing Israel, potentially by targeting critical infrastructure (such as water or energy systems) or spreading disruptive disinformation.

The FBI Director noted that cyber targeting of U.S. interests and critical infrastructure is likely to worsen as the Middle East conflict expands​.

In short, state-sponsored cyber threats tied to these conflicts pose a direct risk to Western organizations – whether through espionage (theft of data and intelligence) or sabotage (disrupting systems) – even if those organizations are not physically in the warzones.

Ransomware and Cybercrime in a Geopolitical Context

Global conflicts have indirectly emboldened cybercriminal gangs, especially those based in or protected by hostile states. Russia’s tacit tolerance of ransomware operators, for instance, means many gangs operate with impunity, and the breakdown in East-West cooperation during the war makes it harder to crack down on them. As a result, ransomware continues to plague businesses in the UK, EU, and US, sometimes in tandem with geopolitical events. Recent surveys show that over 59% of organizations were hit by ransomware in the past year, and 70% of those attacks led to the victims’ data being encrypted​.

Alarmingly, ransom demands have skyrocketed – the average ransom payment doubled between 2022 and 2023 – and the financial impact is growing​.

In the last 12 months alone, ransom amounts demanded increased roughly five-fold according to one report​, reflecting criminals’ perception that organizations are under pressure and may pay more during turbulent times.

Several high-profile ransomware incidents in 2023–2024 highlight the risk to critical sectors. For example, attacks on infrastructure and supply companies (energy, manufacturing, etc.) have caused widespread disruptions, and in some cases these attackers have links or allegiances that align with state interests. During the Ukraine war, some ransomware groups publicly declared support for Russia or Ukraine, blurring motives between pure profit and political intent.

Regardless of motive, the ransomware threat to Western businesses is severe and growing, with one analysis showing 75% of organizations globally suffered at least one ransomware attack in the last year.

This means IT teams must be prepared not only for the technical challenge of recovering systems, but also for potential data leaks and extortion that often accompany modern ransomware (as threat actors seek maximum leverage). Geopolitical tensions can further complicate this landscape – for instance, if a ransomware gang is based in a country under sanctions or involved in conflict, negotiation and law enforcement response become more difficult.

In summary, ransomware remains a top cyber risk in this era, feeding off the chaos and reduced international cooperation that world conflicts can bring.

Phishing and Social Engineering Exploiting Crises

Cyber adversaries frequently exploit public interest and anxiety around world events as lures for phishing, scams, and malware distribution. Both the Ukraine and Israel wars have been used as themes in fraudulent emails and social media messages to trick users. Phishing remains the most common email-based threat (accounting for roughly 40% of malicious emails)​, and attackers have been quick to tailor their bait to current crises.

For example, as soon as the Israel-Gaza conflict escalated in October 2023, spam and phishing campaigns emerged that impersonated war relief efforts and news updates. Researchers observed Israel-Hamas war-themed spam starting on Oct. 13, 2023, just days into the conflict​.

These emails, masquerading as donation appeals or urgent alerts, targeted inboxes worldwide – with large volumes detected not only in the Middle East but also in countries like Russia, Sweden, Romania, Iran, India, the US, Germany, and the UK​. This global targeting shows how criminals leverage empathy and confusion during crises to cast a wide net.

 War-related phishing scams target users globally. The chart above shows the distribution of Israel-Gaza war donation scam emails by target country (mid-October 2023). Russia saw the highest share of these scam emails (around 27%), but significant volumes also targeted Sweden (15%), Romania (10%), and various other countries including Iran, India, the US (6%), Germany (6%), and the UK (2%)​.

Attackers often pose as victims or charities from the conflict, soliciting cryptocurrency or wire transfer “donations” that actually go to the scammers​. Similar fraudulent donation schemes were observed during the Ukraine war, indicating a repeatable playbook where threat actors exploit humanitarian crises for financial gain​.

Besides stealing money, these phishing campaigns can harvest credentials or spread malware to those who click links or download fake “reports” about the war.

For IT teams, the surge in war-themed phishing means increased vigilance is required. Users may be more likely to open emails or links related to dramatic news events, so security awareness efforts must highlight these tactics. In addition to donation scams, state-aligned hackers also use social engineering tied to conflicts – for instance, Russian and Belarusian hackers have sent phishing emails with bomb-threat hoaxes or faux military documents to sow panic or steal information during the Ukraine conflict​.

Overall, leveraging current events is a classic social engineering tactic, and the ongoing wars provide ample content for cybercriminals. Robust phishing defenses and user education are critical during such times, as one click on a convincing war-related email can lead to network compromise.

Supply Chain Vulnerabilities and Third-Party Risks

Another major risk exacerbated by global conflicts is the vulnerability of supply chains – both the physical supply chain and the digital software supply chain. State-sponsored groups have a history of targeting third-party suppliers as a means to indirectly breach well-protected targets, and this threat has grown in the current geopolitical climate. For example, Russian operators have compromised software supply chains in the past (the SolarWinds attack is a prime example) to infiltrate multiple organizations in one sweep.

With heightened tensions, such tactics remain a concern: by inserting malicious code or backdoors into an IT service provider or widely used software, attackers can impact hundreds of downstream clients, including businesses in the UK, EU, and US that use those products. Supply chain attacks exploit the implicit trust organizations have in their vendors and updates – a trust that advanced threat actors are keen to undermine​.

Statistics indicate that supply chain cyber attacks are surging. Between 2021 and 2023, known attacks on the software supply chain increased by an astonishing 431%​. This spike is expected to continue rising into 2025 as interdependencies grow and attackers seek high-impact avenues​.

Roughly 15% of data breaches now involve a third-party or supplier as an entry point or contributing factor​, underlining how common this vector has become. Geopolitical conflict can amplify this risk in a few ways:

• Targeting of Critical Suppliers: Adversaries may target contractors or tech providers that serve government agencies or critical industries. (For instance, in late 2024 Chinese hackers breached a third-party vendor to the U.S. Treasury, accessing thousands of sensitive files​

  , illustrating how compromising a supplier can bypass strong primary defenses. Similarly, Russian threat actors have been probing energy and telecom supply chains in Europe around the Ukraine war.)

• Collateral Impact: If a key supplier is based in an affected region (e.g., an IT outsourcing firm in Eastern Europe or an Israeli software company), it may suffer disruptions or attacks that then propagate to client networks. Western companies relying on Ukrainian or Israeli partners had to contingency-plan for outages or increased cyber risk to those partners during the conflicts.

• Weakened Oversight: In turbulent times, organizations might onboard new suppliers quickly to replace sanctioned or disrupted ones, potentially skipping thorough security vetting. Attackers could take advantage of this haste to insert malicious insiders or compromised hardware/software into the supply chain.

For IT teams, managing third-party risk is therefore a top priority in the current environment. Best practices include conducting rigorous security assessments of suppliers, demanding robust cybersecurity standards in contracts, and monitoring for any signs of compromise in vendor connections. The recent surge in supply chain attacks shows that adversaries are “quick to capitalize” on gaps in third-party security​.

With so many businesses now interconnected across borders, a breach at one vendor can quickly cascade into a crisis for many – something both state-backed hackers and financially motivated groups are leveraging in these times of conflict.

Implications for IT Teams and Businesses

The confluence of state-sponsored attacks, prolific ransomware, phishing onslaughts, and supply chain vulnerabilities has created a challenging threat landscape for organizations in the UK, EU, and US. These risks are not abstract – they have materialized in a higher volume of cyber incidents and a need for enhanced defenses. In the UK alone, cybersecurity authorities dealt with three times more high-impact cyber attacks in 2024 than the year before, a trend echoed across other Western nations. This means IT security teams are under strain to detect and respond to threats that are not only more frequent but often more sophisticated (e.g. advanced malware or novel social engineering tied to geopolitical events).

Key impacts and considerations include:

• Incident Overload and Response: With the uptick in attacks, security operations centers (SOCs) are handling more alerts and incidents. For example, by early December 2024 the NCSC had managed 430 incidents in the UK – a sharp rise in workload​. Each incident can demand significant resources to investigate and remediate, especially if it involves state-sponsored actors employing stealthy techniques. IT teams must ensure their incident response plans account for worst-case scenarios like destructive attacks (which Russian actors have used in Ukraine​) or multi-faceted extortion (as seen in some ransomware cases).

  
  

• Protecting Critical Infrastructure: Companies operating in sectors like energy, transportation, finance, and healthcare must be particularly vigilant, as these are often singled out during international conflicts. There is an elevated risk of disruptive attacks on infrastructure – for instance, Western Europe saw suspicious damage to undersea cables and pipelines during heightened tensions​, and officials worry about potential cyber attempts to knock out utilities as a form of retaliation​. Even private sector firms could be caught in the crossfire if attackers aim to cause economic disruption or panic.

  
  

• Supplier and Partner Security: Businesses have to scrutinize their supply chain security postures. A single weak link (an IT service provider, a software library, or even a hardware supplier) could be the route an attacker uses to infiltrate dozens of organizations. The massive growth in supply chain attacks (400%+ in two years) means that due diligence, continuous vendor monitoring, and incident response that extends to third-parties are now essential parts of cybersecurity strategy.

  
  

• Strategic Cybersecurity Planning: The global nature of these threats requires a shift in mindset. Risks from state-backed hackers or globally active ransomware crews must be treated as a serious business risk, not just an IT issue. Many organizations are increasing their cybersecurity investments and aligning them with geopolitical risk assessments. For instance, an international company supporting Ukraine or Israel might proactively harden its defenses and work with government cyber agencies, anticipating it could be targeted by adversaries. Likewise, industry-wide information sharing has become crucial; if one company detects a new phishing ploy referencing the latest news, it can warn others to prevent broader compromise.

Finally, it’s worth noting some statistics that capture the current landscape. The World Economic Forum estimated cyberattacks cost the global economy $11.5 trillion in 2023, and this is forecast to exceed $14 trillion in 2024​ – a stark reminder of the financial stakes for businesses. Meanwhile, Accenture’s analysis found virtually all organizations surveyed felt the rise in cyber threats since the Ukraine war’s start​, highlighting that these world events are a catalyst for cyber risk everywhere, not just in the immediate conflict zones.

Conclusion

In summary, the Russia-Ukraine war and the Israel-Hamas conflict have significantly heightened cybersecurity risks for organizations across the UK, Europe, and the United States. State-sponsored hackers from adversary nations are launching espionage and sabotage campaigns that can spill over into Western networks. Cybercriminals are piggybacking on global crises to deploy ransomware and phishing attacks, preying on distraction and concern. And the complex web of suppliers that businesses rely on presents additional avenues for compromise, especially as threat actors look to maximize impact by hitting multiple victims at once. The past six months alone have provided ample evidence of these trends – from spikes in hacking incidents and politically motivated breaches to statistical jumps in attack frequency.

For IT teams and security leaders, these developments reinforce the need for robust, adaptable defenses and situational awareness. Organizations must stay alert to geopolitical events and understand how those events might manifest as cyberattacks on their own infrastructure. Strengthening incident response, conducting regular cyber drills, patching systems promptly, verifying the security of partners, and educating users about social engineering are all critical actions in this environment. While the challenges are formidable, being informed about the latest threat patterns – and learning from the data and case studies emerging from these conflicts – can help businesses bolster their resilience.

Cyber warfare is now an entrenched component of modern conflict, and its reach is truly global. By recognizing that reality and preparing accordingly, companies in the UK, EU, and US can better navigate the turbulent threat landscape shaped by these recent world events.

Sources:

• Accenture (via Varonis) – Cyber threat surge since Russia-Ukraine war​- varonis.com

• Industrial Cyber / Cyfirma – Russian state-backed hackers targeting UK critical sectors​- industrialcyber.co

• CSIS / NCSC – UK handled 430 incidents in 2024; 3× increase in major attacks (Russia, China, Iran, NK cited)​ - csis.org

• CSIS – Pro-Russian hackers attack Italian government sites after Ukraine support​ - csis.org

• VOA / Microsoft – Iranian cyber operations refocus on Israel after Oct 2023 (half of attacks)​- voanews.com

• POLITICO – FBI warns of increased Iranian cyber threat to U.S. infrastructure amid Israel conflict​ - politico.com

• Sophos – State of Ransomware 2024 (59% orgs hit by ransomware; 70% of attacks encrypt data)​ - sophos.com

• Bitdefender – War-themed phishing scams exploiting Israel-Gaza war (global spam targeting)​- bitdefender.com

• Insurance Business (Cowbell) – Supply chain attacks up 431% (2021–2023) - insurancebusinessmag.com

• Dark Reading – Role of third-parties in breaches (15% involve a supplier)​ - darkreading.com

• Additional data from NCSC, Cloudflare, Microsoft Digital Defense Report, and others for context​ - industrialcyber.co

  ​