The potential for cyberattacks has placed many organizations beyond Ukraine on high alert for any threats, and has left them wondering what they can do to bolster their security posture.
“Unlike traditional warfare, which generally only has impacts in and around a specific conflict zone, cyberattacks can have far-reaching impacts beyond the initial target that are oftentimes completely unforeseen,” said Lisa Plaggemier, Interim Executive Director of the National Cybersecurity Alliance (NCA).
She said that the NotPetya attack that was designed to infiltrate computer systems via a popular piece of Ukrainian accounting software is a good example of this. Despite initially targeting Ukraine, NotPetya soon spiraled out of control and cost the United States alone an estimated $10 billion dollars in damage.
“The Russians have already executed several DDoS attacks against government websites and financial institutions and are rumored to now be targeting Ukrainian allies with cyber attacks as well. And as the crisis continues to rumble on, expect Russians to continue this “kitchen sink” approach to cyber attacks as they look to disrupt any part of Ukrainian life possible in hopes of undermining the country’s resistance,” Plaggemier said.
To protect against these types of attacks such as the as well as the recently discovered wiper malware HermeticWipe, which corrupts data after a required reboot of the target machine, there are some best practices that organizations can implement now as a preventative measure.
“First is to implement two-factor authentication wherever possible is a low-hanging and very easy way to stifle movement even when compromised and kind of raise the bar from what’s required of the attacker,” said Peter Silberman, the CTO at Expel, a managed detection and response (MDR) provider.
Silberman added that the next step to take is to make sure that the company has an IR plan and that the tabletop has been done recently and in the heightened situation especially as you factor in the Great Reshuffle or Resignation.
Also, companies should make sure that they have backups and that they know how to restore them. They must ensure that the backups are one-way and that they can’t be overwritten.
They can also review protection policies, especially for public-facing assets, as well as review load-balancing infrastructure and/or DDoS mitigation services if available, and review agent deployment status for all network assets to maximize detection and response capabilities as attack vectors continue to emerge.
“Cybersecurity and high-profile breaches have definitely emerged as some of the biggest headline grabbers in recent times. And while it is positive to see more money pouring into cybersecurity initiatives like never before, it is equally concerning to see that breaches continue to occur at such alarming rates. Which means that investment is likely not being used as wisely as it should be,” Plaggemier said.
“Moreover, as cyber threats have become more prevalent over the last few decades, there has been a lack of coherence in terms of how cybersecurity should be handled among both the public and private sectors. And thus, the cybersecurity landscape in the US has been plagued by under investment, fractured strategies and finger pointing. Fortunately, though, there is a growing recognition among both communities that working together and rethinking our approach to cybersecurity is the only way we are ever going to build the more secure digital world we are looking for,” she added.
The conflict is the first major test to President Biden’s executive order signed in May of last year that aimed to improve the government’s efforts to prevent and act against a growing number of malicious cyber campaigns against both the public and private sector.
A core part of the executive order is that the federal government will partner with the private sector to create a more secure cyberspace amid a continuously changing threat environment.
“Perhaps the only positive that will come out of this conflict is that it has expedited the cybersecurity collaboration process between nations. For years, world leaders have been harping on the need for deeper working relationships on the cyber front. However, until recently this has largely been lip service,” Plaggemier said. “But now, because of how rapidly this crisis has unfolded, it has forced the international community to put its nose to the grindstone and quickly forge cyber relationships that are unlike anything we have seen before.
Security teams can find guidance to prepare for an attack by Russian or other malicious actors here: https://www.cisa.gov/shields-up. These recommendations will help organizations prepare to contain, withstand and recover from a destructive attack.