The Russian-Ukraine conflict has put global organizations on high alert. Until now, many countries have not seen any large-scale hacking attempts from Russia, however, given the increasing support of Ukraine, this may change soon. Many organizations are noticing a multiple-folds increase in scanning attempts; few others, specifically healthcare services, reported an uptick in phishing emails.
According to President Biden’s State of the Union address last week, the U.S. can and will launch cyberattacks on Russia – but only if Russia attacks the U.S. first.
“If Russia pursues cyberattacks against our companies and our critical infrastructure, we’re prepared to respond,” Biden said, adding that the government has been working with the private sector “for months” to prepare for Russian cyberattacks and responses to them.
Russian-affiliated cyber groups have always been suspected of significant hacking attempts. The Colonial Pipeline, SolarWinds, and Kaseya hacks are just a few examples.
As Ukraine’s government called out for help from volunteer cyber warriors, hacktivist groups like Anonymous and Cyber Partisans have declared a cyberwar against the Russian government. Anonymous later claimed to bring down several states’ websites.
Additionally, Ukrainian President Zelenskyy has appealed to Apple, Meta, and Google to restrict their services inside Russia. Apple responded by pausing sales of Apple products in Russia. Social media giants also responded by offering assistance to Ukrainians, deterring Russia’s disinformation campaigns and disabling the services Moscow’s military can use on the ground.
Russia-linked ransomware gang Conti announced full support of the Russian government and promised to retaliate against anyone that wages a cyberwar against Russia. Details of a new nation-state-sponsored phishing campaign against European governmental entities recently emerged. It is seen as an attempt to obtain details of Ukrainian refugees.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), created in 2018 to protect critical infrastructure from cyberthreats, has been warning of the possibility of Russian cyberattacks for months. The agency has been working closely with U.S. companies to harden their defenses against the possibility of Russian cyber aggression.
The heightened cyber state could last as long as the crisis in Ukraine does – or longer. Organizations must take appropriate actions to safeguard their users and assets from possible disruptions.
Below are some best practices and considerations for organizations to stay secure.
Safeguards and Best Practices
- Business Continuity/Disaster Recovery Planning: There is no better time than now to review and test your organization’s business continuity/disaster recovery and incident response plans, conduct ransomware impact exercises, etc.
- Network Traffic Analysis: Review any recent change in network traffic patterns. Consider implementing a Blacklist/Whitelist as appropriate.
- Phishing Protection: Review your spam/phishing filters. Enable strong spam filters to prevent phishing emails from reaching end users.
- Password/MFA/SSO: Require multi-factor authentication, review your password policy, and implement SSO where possible.
- User Awareness: Ensure that your users are aware of increased risk. Ask them to stay vigilant and take additional precautions to keep their cyber hygiene. Scheduling a refresher user awareness training will also be beneficial.
- Patch Your Devices: Now is the best time to update if you are running behind on any critical application patches. A vulnerable system is an open invitation to the bad actors.
- Supply Chain and Supplier Risk: Review your supplier risk. Identify weak spots, evaluate, and manage risks accordingly.
Additional Sources:
- NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems: https://www.cisa.gov/uscert/ncas/alerts/aa20-205a
- Technical Approaches to Uncovering and Remediating Malicious Activity: https://www.cisa.gov/uscert/ncas/alerts/aa20-245a
- Wiper Ransomware Decryptor Tool: https://www.avast.com/en-us/ransomware-decryption-tools