Cybersecurity Update: Guarding Against Cyber Attacks Following Russia’s Invasion of Ukraine

With rising international tensions following Russia’s invasion of Ukraine, organizations of all sizes and in every industry need to be vigilant to protect themselves from cyberattacks. Attackers may not be limited to nation-state affiliates. Bad actors could include independent organized cybercrime groups, such as ransomware gangs, vigilante groups with political motives, or other nefarious actors simply seeking to take advantage of the crisis. Some organizations may be targeted for their public associations (real or assumed), while others may inadvertently be affected due to the indiscriminate nature of an attack (cyber collateral damage), as was the case in 2017 with NotPetya. These “Quick Checks” can help any organization protect itself by detecting, responding to, and recovering from cyber incidents.

You’ve Got This

• Review attack surface & 3^rd party connections
• Incident response plan
  • Put your hands on it & update
  • Make sure contact info is updated – employees; critical vendors/service providers; insurance/outside counsel
  • Print it out and put it in multiple locations (OoB cloud storage as well)
• Double-check backups
  • Immutable
  • Offline/out-of-band

Think Through

• What communication can you prepare in advance?
• How do you quickly isolate suspect devices and networks?
• How do you communicate with team members out-of-band; do you have everyone’s mobile number?
• What should your baseline look like?
  • Ingress AND Egress
  • EDR
• Do you have all the logs you need?
  • For the right length of time?

Carry On

• Forensics/incident response
  • Your primary vendor may not be available
  • Multiple contacts are not bad
  • Know where you are ‘in line’ with your provider
• All the basics
  • MFA & PoLP
  • Hardened baseline
  • Patch/update
  • Network segmentation
  • Logging & Monitoring (SIEM)
  • Vulnerability scan
  • Security training

These publications and websites also provide information about protecting against cybersecurity threats in today’s environment:

• Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats
• Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services
• Russia Cyber Threat Overview and Advisories
• Russia-Ukraine Crisis: How to Protect Against the Cyber Impact
• Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
• EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
• Stop Ransomware

For more information about protecting your organization from cybersecurity threats, contact us. We are here to help.

©2022