The Russian invasion of Ukraine has shocked the world, driving millions from their homes as they seek safety. However, in the internet age, wars aren’t fought in the physical world alone, and cyber warfare has become an increasingly serious threat.
The Invasion of Ukraine is Already a Cyberwar
Though most of the news coverage of the situation focuses on developments in the physical world, early cyber skirmishing has already begun. Cyberattacks have recently targeted the Ukrainian defense ministry, and two banks in what the country’s deputy prime minister stated is the largest attack of this type ever seen in the country.
While the Kremlin has denied they are behind the denial of service attacks, the disruption has brought concerns about the threat of cyberconflict into the spotlight. Ilya Vitayuk, the cybersecurity chief of Ukraine’s SBU intelligence agency, has stated that it is still too early to definitively identify the perpetrators behind the attack. This is because, as with most cyberattacks, the perpetrators worked hard to cover their tracks. However, he also added, “The only country that is interested in such … attacks on our state, especially against the backdrop of massive panic about a possible military invasion, the only country that is interested is the Russian Federation.”
Ukraine has accused Russia of cyberattacks in the past and believes the Kremlin is behind a string of cyberattacks against Ukraine starting in 2014. In an age when war is fought on battlefields, both physical and digital, combat is no longer confined to combatants on the ground. While Ukraine’s SBU has made cybersecurity a major security focus in the current conflict, a cyberattack on Ukraine by Russia or its allies could have wide-reaching consequences for Ukraine’s allies as well. As such, countries and private organizations alike need to remain vigilant.
The American Government Prepares to Respond
Cyberattacks, even those specifically targeting Ukraine, could seriously impact the United States.
In response to the invasion of Ukraine, CISA (Cybersecurity and Infrastructure Security Agency) has issued a statement. Entitled Shields Up, it states (as of the writing of this article):
“While there are no specific or credible cyber threats to the US homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region. Every organization—large and small—must be prepared to respond to disruptive cyber activity. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyber-attacks. When cyber incidents are reported quickly, we can use this information to render assistance and as a warning to prevent other organizations and entities from falling victim to a similar attack.”
President Joe Biden has announced the American government is prepared to respond to cyberattacks from Russia if necessary, and “For months, we have been working closely with our private — with the private sector to harden their cyber defenses, sharpen our ability to respond to Russian cyberattacks, as well.” NBC News also reported that President Biden has a “menu of options for the US to carry out massive cyberattacks designed to disrupt Russia’s ability to sustain its military options in Ukraine.”
However, as the Shields Up announcement indicates, cyberwarfare concerns are not contained to the national and international stage. Organizations of all sizes and in all verticals need to be taking appropriate steps to proactively safeguard their digital assets.
What Sort of Cyberattacks Should We Anticipate?
While we have no way of knowing exactly what sort of attacks the cyber warfare front of the Ukraine-Russia conflict will bring, we can look to a history of previous international attacks for guidance. According to Forbes, organizations should be prepared to handle:
Advanced Persistent Threats (APTs)
APTs is a broad term used to describe any attack campaign where an attacker, or group of attackers, establishes an illicit, long-term presence on a network in order to covertly mine highly sensitive data. Most intrusions of this nature that target private companies tend to focus on the theft of intellectual property, compromising sensitive data (such as employee or private user data), sabotaging critical infrastructure (such as deleting database data), or taking over websites with a goal of illegal financial enrichment, the strategies deployed against private companies can be used against nations and companies alike.
With cyber warfare on our doorstep, now is the time to batten down the hatches and strengthen your cybersecurity posture. By improving your overall security posture, you can proactively guard against ATPs by making it difficult for intruders to infiltrate your network in the first place, preventing them from establishing a covert, long-term presence.
Malware refers to any form of malicious software, typically spread by infected email attachments and suspicious website links deployed as part of phishing scams. While most email providers automatically filter out suspicious messages, one of the best steps organizations can take to improve their cybersecurity posture is to invest in employee cybersecurity training.
Cybersecurity is everyone’s responsibility, from the CEO down to the summer intern. Teaching workers to identify and report suspicious activities can stop an attack before it even begins, so all team members should receive robust cybersecurity training as both part of their onboarding process and on an ongoing basis.
Ransomware is a subset of malware, which uses malicious code to encrypt files and prevent legitimate users from accessing data or systems on either their individual machine or the organization’s network.
DDoS (Distributed Denial of Service) attacks are attempts to crash a web server or other online service by flooding the supporting infrastructure with more traffic than the network can reasonably handle.
This type of attack can be instigated by either a large group of attackers working together or a single attacker with a sufficiently large botnet (connected computers performing repetitive tasks as directed by the user in charge). The goal of DDoS attacks is to overload the server, forcing it offline and preventing legitimate users from accessing the organizations’ products or services.
Network Security Attacks
Network security attacks is an umbrella term for attacks aimed at disrupting an organization’s network and system for a variety of reasons, including causing service disruptions, stealing data, or corrupting files. While this is often done for financial gain, in the case of the cyberwarfare front of Russia’s attack on Ukraine, it is likely to be for political or military gain.
To help safeguard themselves from these types of attacks, organizations should be taking proactive steps to safeguard their networks from network breaches.
What Steps Should Your Organization Be Taking to Best Safeguard Your Digital Assets
Follow All Current Advice From Your National Cybersecurity Authority
The situation, both on the ground in Ukraine and in the digital sphere, is continually evolving, with new threats always on the horizon. To best safeguard your organization, it is vital to stay up to date on the situation and follow the current advice of your national cybersecurity authority.
- In the United States, CISA has already launched their Shields Up initiative we previously discussed, and their website offers concrete advice on a variety of relevant topics, including insights on how to help critical infrastructure owners prepare for and mitigate foreign influence operations.
- In the United Kingdom, the National Cyber Security Centre (NCSC) has published specific steps organizations should be taking to best safeguard themselves in the current heightened threat landscape. They also offer general cybersecurity advice for a variety of organizations, including small and medium-sized organizations, large organizations, public sector organizations, and self-employed and sole traders, and general advice on a variety of cybersecurity topics.
- In the European Union, organizations should follow the advice of ENISA (the European Union Agency for Cybersecurity).
Establish A Relationship With Local Governments in Jurisdictions Where Your Company Operates
- In the United States, InfraGard is responsible for coordinating information sharing between critical infrastructure providers.
- Organizations operating in the United Kingdom should review information provided by NCSC’s Critical National Infrastructure hub.
- Organizations in the European Union should speak to their local CSIRT (Computer Security Incident Response Team) and CERT (Computer Emergency Response Teams) contacts. A full list of these can be found here.
- In Germany, the BSI (Federal Office for Information Security) has released several cybersecurity warnings related to the situation. Current security warnings can be found here.
- In Australia, the Australian Cyber Security Centre (ASCS) is providing guidance using ongoing alerts. You can also register to receive alerts from ACSC, and they provide general cybersecurity advice for small and medium businesses and organizations and critical infrastructure.
Success Depends on Interorganizational Trust
Even the most comprehensive, best-designed cybersecurity strategy can be easily undermined if your organization lacks interdepartmental trust. A solid relationship between stakeholders and your security team is critical if you want to keep your organization secure.
Building trust can be hard, but there are concrete steps your security team can take to build stakeholder trust. This includes:
Clear, concise, focused, and on-point communication is critical, and there is no such thing as too much information. Too many stakeholder-security team conflicts are rooted in a lack of communication, miscommunications, or misunderstandings. Opening the lines of communication, and keeping them open, is an excellent way to build trust.
Honesty & Transparency
When it comes to cybersecurity, honesty is the best policy. When it comes to admitting fault, acknowledging a mistake, or delivering bad news, stakeholders and security teams alike appreciate honesty. By being honest about your organization’s current security posture (including any deficiencies), security and stakeholders can work together to fortify your organization’s cybersecurity posture.
On the other hand, lies, omissions, and misrepresentations cause cracks in your cybersecurity posture and foster inter-organizational distrust, with potentially disastrous consequences. All trusting relationships are built on a foundation of honesty.
Hard work, dedication, and commitment from both your security team and your stakeholders is critical for building organizational trust. Both sides of the table need to know that the other side is working hard to fulfill their obligations and is willing to own up to any mistakes or shortcomings. It’s a lot easier to build trust when you know the rest of the team has your back.
A Willingness to Listen & Accept Feedback
Communication is a two-way street, and both stakeholders and security teams need to be willing to listen and accept honest feedback and not dismiss the other side’s suggestions and concerns out of hand. When one side feels that the other isn’t taking their concerns, expertise, or advice seriously, it undermines the relationship and damages trust, weakening the organization and compromising its security posture.
Talk is great, but only when it is followed by concrete action. When either the security team or the stakeholders promise to do something, the other side needs to see that they will follow through. When we can’t trust our teammates to act on their promises, those promises become meaningless.
That being said, we are only human, and sometimes promises are broken. When this happens, it is critical to acknowledge that the promise was not honored, provide an explanation (budgetary concerns, staffing shortages, etc.), amend the promise so it can be reasonably accomplished, commit to action, and then act to fulfill the promise. A cycle of inaction and broken promises can impact more than your cybersecurity posture; it can poison your organization, driving away good workers and demoralizing those who remain.
Initiate a “Request for Intelligence” From Your Threat Intelligence Partner
You can’t adequately defend yourself if you don’t know what you are defending against. A request for intelligence is a comprehensive report compiled by your threat intelligence partner. When requesting your report, make sure you specify your intended audience (such as your board of directors or security team) and any specific concerns you may have so that your vendor can tailor the report accordingly and ensure all critical and relevant information is included.
A good request for an intelligence report should go beyond the normal overviews your partner is providing and should include specific concerns related to your vertical, industry, and operating locations. It should also provide information on threat actors you should be concerned about, as well as the TTPs (tactics, techniques, and procedures) those threat actors typically use.
Collaborate Closely With Your Security Vendors
Your security vendor needs to take a proactive role when it comes to preparing your organization for cyber conflict and defense.
- Vendor account representatives can help ensure your organization receives the correct level of care and attention and help you get the most out of your security products and services.
- You should also work closely with your product vendors to confirm turnaround times and automation options for ruleset and patch updates (to ensure your software automatically downloads and installs security patches as soon as they are made available).
A good vendor should be already communicating with you about the situation in Ukraine, but if you have not received any communications, you should reach out directly to your vendor, representative, or support team.
Keep an Eye Out for Disinformation & Misinformation
Disinformation and misinformation featured heavily in the lead-up to the conflict in Ukraine. On February 3rd, 2022, the United States even predicted that Russia might use fake graphic videos as a pretext for invasion, a prediction that came true two weeks later. Videos like these and other forms of misinformation and disinformation serve two purposes: to bolster internal sentiment for an invasion (or justify an ongoing invasion) and distort the narrative abroad.
As such, it is vital to get your news from trustworthy sources and rely on the advice of local and national leaders as well as your security team to ensure you are getting the facts. As the situation continues to evolve, it is also vital that you are keeping your incident response plans up to date and keeping the lines of communication open both across your organization and between your organization and relevant third parties, such as your managed security services provider (MSSP) and relevant government bodies.
Consider Adopting Secure Communications Tools
Organizations that are concerned about the security and privacy of their business communications (including eavesdropping, data loss, communications metadata exposure, or non-compliance) should consider increasing communications security or switching to more secure communications tools. Organizations with employees in and around Ukraine should also be aware that those individuals may face communications disruptions.
Encrypted messaging and calling solutions like Element and Wickr are ideal for low-bandwidth environments and can be used to enhance the security of your everyday communications as well as work as out-of-band communication channels during incident responses. They can also be used to provide traveling executives with improved communications security. If you are concerned about the security of your current in-house communication tools or are looking to replace them with a more secure option, your managed security services provider can help you make the right choice for your organization.
Build Out Your Incident Response Ranks
Small and medium-sized organizations often don’t have the resources to support a full, in-house cybersecurity team, which is why many choose to partner with an MSSP. A good MSSP can help you augment your in-house security team, provide employee cybersecurity training, and help you evaluate your current cybersecurity position and incident response plans.
Should an incident occur, your MSSP can help you respond effectively (mitigating, or even eliminating, damage), conduct a thorough investigation into the root cause of the incident, and help you prepare any reports required for relevant legislative bodies (such as GDPR, HIPAA, or CCPA).
Safeguard Your Endpoints & Practice Good Software Hygiene
Safeguarding your endpoints (smartphones, laptops, and tablets that have access to your network) and hosts (such as networks) is vital. Endpoint detection and response (EDR) involves using tools and solutions to detect, investigate, and mitigate suspicious endpoint and host activities. Unlike traditional anti-virus software, EDR isn’t reliant on known behavioral patterns or malware signatures, allowing it to quickly and easily detect new threats. Depending on the nature of the threat it has detected, EDR is also designed to trigger an adaptive response (much like your immune system springing into action).
One of the easiest yet most critical steps any organization can take to improve their security posture is to keep all their software up to date. When software developers discover vulnerabilities in their products, they release patches to address them. Cybercriminals often target recently patched software in the hopes that not all organizations have been as diligent as yours about installing new security patches. Installing patches takes a few minutes, and the process can often be automated and scheduled so that patches are installed during non-business hours to completely eliminate downtime.
Take Proactive, Preventative Steps Before an Incident Occurs
As the old saying goes, the best defense is a good offense. By being proactive and shoring up your cybersecurity defenses before an incident occurs, you stand a better chance of mitigating or even eliminating damage. Regular pen (penetration) testing, which involves hiring an ethical hacker to stress-test your defenses and search for vulnerabilities, can help highlight security deficiencies so they can be addressed before a cyber attacker is able to exploit them.
Investing in ongoing cybersecurity training is also critical: Employees who can’t identify potential threats are more likely to fall for things like phishing scams, and employees who don’t know how to respond to an incident won’t be able to respond effectively. As such, it is critical that you review your incident response plans regularly and make sure all relevant stakeholders are kept up to date.
You may also want to consider running tabletop scenarios. Tabletop scenarios work like cyber incident fire drills: Your team is presented with a hypothetical scenario and asked to respond, allowing them to put their cybersecurity training to use in a no-stakes environment. Tabletop scenarios not only familiarize your employees with potential threats and help them hone their response skills, but they are also a great way to identify and address security gaps before they can be exploited.
Concerned About Your Cybersecurity Stance? VirtualArmour is Here to Help!
The situation in Ukraine has put many organizations on edge, and trying to figure out how to shore up your organization’s cybersecurity defenses against cyber conflict may be overwhelming. Fortunately, the VirtualArmour team is always here to help.
We offer a variety of security solutions, including:
We also offer tailored services à la carte, allowing you to pick and choose the services your organization requires to create your own premium services package or essential services package. We also offer personalized, one-time expert consults.
We have extensive experience working with organizations in a variety of highly-specialized industries, including energy, finance, healthcare, and retail, and are well-versed in the unique security and IT challenges faced by service providers. With offices in both Denver, Colorado, and Middlesbrough, England, we are able to offer live, 24/7/365 monitoring and industry-leading response times.
Our team of experts can help you assess your current cybersecurity posture and create or update your incident response plans. We also provide cybersecurity training through our VirtualArmour Academy. For more information or to get your free, no-obligation quote or free cyber risk report, please contact our team today.
Suggested Reading & Useful Links
The Cybersecurity Situation in Ukraine
The situation in Ukraine is constantly shifting, and it can be hard to stay up to date and get the facts your team depends on to best inform your cybersecurity posture. To help you get the information you need, we have compiled a list of links to relevant organizations below.
The United States
- Cybersecurity and Infrastructure Security Agency (CISA) offers general cybersecurity advice and cybersecurity warnings and updates regarding the situation in Ukraine.
- InfraGard is a partnership between the FBI and members of the private sector designed to protect critical American infrastructure. Registration is required to join, and there are application requirements that must be met for membership.
- ENISA (the European Union Agency for Cybersecurity) offers advice on a variety of cybersecurity-related topics.
- In Germany, the BSI (Federal Office for Information Security) has released several cybersecurity warnings related to the situation in Ukraine. Current security warnings (in German) can be found here.
The United Kingdom
- The National Cyber Security Centre offers advice and guidance on a variety of cybersecurity topics, as well as specific advice targeting organizations with an interest in UK Critical National Infrastructure.
- Organizations operating in the United Kingdom should review information provided by NCSC’s Critical National Infrastructure hub.
- The Australian Cyber Security Centre (ASCS) has issued a cybersecurity alert related to the ongoing Russian invasion of Ukraine. Concerned organizations can also register to receive security alerts from ASCS here. ASCS also offers general cybersecurity advice for small and medium businesses and critical infrastructure organizations.
Educational Articles from VirtualArmour
Cybersecurity is a complex and continually evolving field. To best safeguard your organization and its digital assets, it’s important to stay up to date.
To learn about the latest news and developments in the cybersecurity sphere, please consider visiting our Articles and Resources page and reviewing the educational articles listed below.
Cybersecurity Basics For All Organizations
- Hacked? Here’s What to Know (and What to Do Next)
- Building a Cybersecurity Incident Response Program
- Terms and Phrases Used in the Managed IT and Cybersecurity Industries
- The SMBs Guide to Getting Started with Cybersecurity
- Cyber Hygiene 101: Basic Steps to Keep Your Company Secure
- Identifying a Breach: Finding Indicators of Compromise (IOC)
- Making Sense of TTPs, Cybersecurity, and What That Means for Your Business
- The Shift From Cybersecurity Being a Want to a Need Just Happened
- What is a Managed Services Security Provider (MSSP)?
- What Your Vulnerability Scan Report is Telling You (and What It’s Not)
- What is the Difference?: MDR vs EDR
Cybersecurity Basics By Industry
- Cybersecurity Basics Every College and University Needs to Have in Place
- Case Studies & Services: Health Care
- The Ultimate Guide to Cybersecurity in the Healthcare Industry
- The Rising Cost of Healthcare Industry Data Breaches
- Case Studies & Services: Finance
- How the Financial Industry Can Strengthen Their Cybersecurity
- Case Studies & Services: Retail
- Case Studies & Services: The Energy Sector
- Case Studies & Services: Service Providers
- Cybersecurity for the Manufacturing Industry, What You Need to Know
Minimizing Your Risks
- What Are the Risks of Using Unsupported Hardware?
- The Ultimate Guide to Managed Threat Intelligence (2020 Edition)
- Airports are a Hacker’s Best Friend (and Other Ways Users Expose Themselves to Risk)
- Keeping Your Network Secure in a “Bring Your Own Device” World
- Basic Website Precautions: Keep Intruders Out with these Fundamental Security Best Practices
- What is Cybersecurity Insurance and Does Your Business Need It?
- What Your Business Can Learn From Netflix About Credential Sharing
Common Threats (and How to Avoid Them)
- The Modern Hacker: Who They Are, Where They Live, and What They’re After
- The Growing Trend of “Hacktivism”, and What it Means for Businesses
- In a Remote World, Social Engineering is Even More Dangerous
- Hackers Are Increasingly Targeting People Through Their Phones
- How Fear Motivates People to Click on Spam
- Ransomware is Only Getting Worse: Is Your Organization Prepared to Confront it?
- Everything You Need to Know About Ransomware (2019 Edition)
- 5 Old-School Hack Techniques That Still Work (and How to Protect Your Data)
- DNS Spoofing: What It Is and How to Protect Yourself
- Don’t Let Phishing Scams Catch You Unaware
- Cryptojacking: Because Every Currency Needs to Be Protected
- Why Your Company Could Be the Next Equifax or CapitalOne