As you are no doubt aware, geopolitical tensions are high as Russian military forces continue to invade Ukraine in what is the largest ground war in Europe since World War II. While our hearts go out to those impacted by these events, our heads – and yours – should also be focused on the ramifications of cyber warfare perpetrated by Russian, Belarusian, and other state-sponsored threat actors. The multi-faceted Russian cyber attacks include, but are not limited to:
- Distributed Denial-of-Service (D0S) Attacks against Ukraine’s Ministry of Defense and Armed Forces, as well as two of the country’s state-owned banks, Privatbank (Ukraine’s largest bank) and Oschadbank (the State Savings Bank). rendered these public-facing websites and online portals intermittently or completely unavailable.
- “Spear-phishing” campaigns carried out by threat actors associated with the Belarusian government that targets members and associates of the Ukrainian military. A link is included in a carefully crafted email to allow attackers to compromise the email account of the victim who unknowingly clicks it.
- Targeted distribution of data-wiping malware against Ukrainian critical infrastructure, financial, and governmental organizations that have rendered thousands of computing devices unusable. The malware corrupts the contents of their disk systems. Variants have also been reported in nearby Latvia and Lithuania as well.
- Social engineering “information attacks” including SMS messages sent to Ukrainian banking customers falsely alleging the bank ATMs are unavailable.
- Other developing cyber attacks across Russia, Ukraine, the EU, and the UK are thought to be connected to this conflict.
While the situation overseas unfolds, cybersecurity experts are carefully monitoring its pace, severity, and geographic scope. In parallel, they are also preparing for potential threats against your business as is being recommended by US Federal and State cybersecurity authorities.
It is believed that, due to the past and potential future international response to the war invasion underway, US government entities, critical infrastructure, and related private organizations could become the target of attacks by state-sponsored hackers. The scope of these attacks could also potentially expand to include other victims, including small- to medium-size businesses, especially if email and malware threats are unintentionally spread by other compromised organizations.
As with many other cyber threats, the Russian cyber attacks that are taking place have the ability to disrupt business in a number of ways. Business email compromise, such as the “spear-phishing” campaign mentioned earlier, is a very common attack vector used to obtain credentials for internet-facing systems such as email, corporate messaging, and banking/finance portals.
The distribution of malware also frequently occurs through email, whereby an attacker pretending to be a trusted contact sends a message containing an infected file that, when opened, downloads and installs malware on the recipient’s computer.
In the right conditions, such as when you or your employees have administrative privileges or full access to the entire company’s files, the malware can not only damage files but also potentially provide access for a remote attacker to gain control over your network. In the coming weeks and months, technology users should be especially mindful of the following:
11 Actions to Protect Your Business Against Russian Cyber Attacks
- Always double-check the sender of an email before taking any action, such as fulfilling a request or opening an attachment. If you are unsure, contact your cybersecurity expert.
- Be mindful of spelling and grammatical errors in emails that prompt you to urgently perform an action; these are telltale signs of illegitimate and malicious sources.
- Use multi-factor authentication on every account where it is supported, and contact Machado if you have questions or would like to implement this on your business systems.
- Use passwords of greater than 8 characters on all of your accounts, ensure they do not contain names or common words and change them at least annually.
- Never give your password to anyone, never write it down, and never say it out loud when others are around.
- Never allow anyone other than your cybersecurity technicians to remotely access your computer, and do not hesitate to ask for identity verification.
- Never send or provide sensitive financial information to anyone you cannot verify, and when sending via email, always use message encryption.
- Never reset or provide your password(s) when prompted by an email unless you intentionally initiated the process, or are asked to by one of your technicians.
- Keep your home network safe by using a strong WiFi password, updating all operating systems and software, and replacing any equipment that is outdated.
- Use a password manager to securely save your credentials for websites and other services
- If in doubt, call your cybersecurity expert. It is always better to be cautious.
With continued confidence in the toolset that’s used to protect your data and technology assets, your cybersecurity partner ensures your network is protected in the face of diverse threats at home and abroad. Your technicians and engineers should always be working on the following tasks for you:
- Performing an audit of the externally-facing services present in your network, such as email servers, VPN, and camera systems to ensure those devices are secure.
- Reviewing your firewall rules to ensure that inbound traffic is limited only to what is absolutely necessary.
- Enabling geographic restrictions on your firewall to ensure that all traffic to and from regions known to conduct cyber attacks is completely blocked (where supported).
- Verifying that all devices on your network are updated with the most recent, stable patches that are available from trusted sources.
- Assessing technology assets and services used by your business to identify areas of potential improvement.
- Checking your data backups to ensure they are completed regularly and successfully.
If you’re concerned about the risk of Russian cyber attacks to your business, now is a good time to plan a personalized security assessment of your IT environment to improve your business’ security posture.
You can request a free network security audit here. These improvements can include changes to your network design, upgrades to email threat protection services, additional protections against ransomware, implementation of multi-factor authentication, and more advanced monitoring of your critical infrastructure and assets.