Experiencing a cyber attack or security breach? Contact Incident Response Team!

Immediate Steps to Take During This Time of Increased Cyber Activity

immediate steps to take during increased cyber activity

We are deeply saddened by the recent invasion of Ukraine by Russian forces. As cyber defenders, we are on high alert.

2022 yields a cloud-reliant world: war is not only fought on land, air, and sea, but also digitally, in cyberspace. Cybercriminals and hackers are cunning, ruthless, and cruel. They will use this time of crisis to seek out and exploit tiny fissures and gaps in security to create business disruption and shutdown.

As a cybersecurity leader, myself and the team at Cyber Defense Group want to do our part to educate all organizations on the urgency of this moment and provide guidance and resources to ensure security threats are detected, contained, and eradicated.

Russia’s attack on Ukraine includes cyber attacks on the Ukraine government and critical infrastructure. The US government and CISA (Cybersecurity & Infrastructure Security Agency) released their call-to-arms, “Shields Up”, which includes their guidance for organizations and leaders including free resources, declaring, “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”

Every organization, no matter the size or industry, could be “collateral damage” considering how connected all organizations are.

This hacking threat is not the typical financially-motivated ransomware or fraud threat. The goal of these cyber attacks, on behalf of nation states, is organizational disruption and shutdown. The endgame is chaos. The cyber weapons that are being used in this conflict are likely to spread, and be reverse engineered by criminal hacking groups.

IT departments and all employees should be on high-alert and aware especially of the following threats:

Wiper Malware – destructive routines that are spread through multiple means, usually worm-able and able to evade detection and erase information with no possibility of recovery.

Distributed Denial of Service (DDoS or DoS) attacks – this could consist of large amounts of legitimate-looking traffic or it could be outages caused by critical vendors that are affected by malware or DDoS.

Third-party Risk – any environments which are connected to environments affected by these cyber attacks, or third parties (vendors) that your organization relies on to provide goods and services.

Ransomware – always a threat, but particularly now with increasing economic sanctions against Russia, a counter-attack could include an increase of ransomware attacks. Nearly 74% of ransomware revenue in 2021 has been traced back to Russian hackers.

For mature organizations:

  • Consider this a potential incident and activate your IR team.
  • Review your Disaster Recovery/Business Continuity Plan (DR/BCP).
  • Review your Vulnerability Management metrics.
  • Conduct a risk assessment.

For organizations without a security team:

  • Engage an outside cybersecurity firm for expert advice.
  • Create a rapid asset inventory and determine critical assets.
  • Create a rapid third party risk register for all critical vendors.
  • Review and test backups.
  • Review patch levels across all critical assets and patch ASAP, especially internet facing endpoints, especially firewalls and routers.
  • Conduct a risk assessment.
  • Put additional detection and monitoring resources in place, especially on internet-facing endpoints.
  • If you have resources in Russia or Ukraine (vendors, developers, clients, etc) immediately restrict access if possible, and/or implement additional monitoring.
  • Join the Information Sharing and Analysis Organization (ISAO) for your organization to get quick Indicators of Compromise (IOCs): https://www.cisa.gov/information-sharing-and-analysis-organizations-isaos
  • Use CISA’s (Cybersecurity Infrastructure Security Agency) “Shields Up” program has detailed guidance for corporate leaders and organizations as well as a list of resources.

Outside cybersecurity teams offer the following services that can help shield your company from cyber threats immediately:

  1. Risk and Compromise Assessments
  2. MDR (Managed Detection & Response) & Cloud Security Consulting Services
  3. Penetration Testing
  4. Virtual CISO (vCISO) Services
  5. Agile Security Team Augmentation

Now is not the time to cut corners on your cybersecurity budget. Now is the time for vigilance. The endgame of cyber attacks will be organizational disruption and shutdown. If you were seeking justification for additional investment in your security program you should now have it. The advantage of investing to protect your organization during this crisis is that you’ll be more resilient against future threats, such as ransomware, which are increasing in frequency and could be a side-effect of this conflict.