Aligned Technology Solution (ATS) has followed the rapidly evolving situation between Russia & Ukraine.
On Thursday, February 24, 2022 (GMT), Russian military forces invaded Ukraine. At the time, only kinetic operations seemed to be the primary means of force. As the situation has evolved, it has become clear that Cyber operations are on the table, and continued escalation of advanced cyber attacks is likely to occur.
The following publicly disclosed events are being investigated as part of Russian state-sponsored cyber operation activity:
- January 13, 2022 – “WhisperGate” wiper activity targets Ukrainian organizations, including Ukrainian government agencies
- February 23, 2022 – Distributed denial-of-service (DDoS) attack on Ukrainian organizations, including government agencies.
- February 25, 2022 – Conti ransomware actors threaten “retaliatory measures” targeting critical infrastructure in response to “a cyberattack or any war activities against Russia.”
How to Prepare Your Organization
The “Hacktivist” group “Anonymous” also announced a campaign against Russian assets. These types of campaigns are unlikely to cease, and the number of other groups supporting the state actors on each side is likely to increase. These escalations of non-state actor groups may cause misattribution and additional hostile cyber operations against the United States and its allies.
Organizations should be prepared for any or all of the following:
- Attacks on your organization’s corporate networks
- Attacks on the networks of critical partners or suppliers that impact your business and your customers
- Attacks on the critical infrastructure sectors that have cascading impacts on your company and the geographic locations in which you, your customers, and your employees live and work
- Attacks on individuals that are part of your company or interact with your company around the world
Attacks are likely to be disruptive and cause business interruption. Successful attacks may be effective in permanently disrupting business operations leading ultimately to organizational failure and cessation of business activities.
Although there is no replacement for a comprehensive Cyber Security program, please use the baseline best practices below that should be adhered to by all businesses regardless of size, maturity, or vertical.
- Enable multi-factor authentication for all accounts.
- Ensure all systems have an anti-virus installed and appropriately configured. Ideally, an EDR or XDR solution should also be implemented.
- Ensure all critical information and systems are backed up, appropriately secured, and verify that they can be successfully recovered in case of an incident.
- Follow a backup strategy appropriate for your business and backups all critical systems and data.
- Create a Business Continuity and Disaster Recovery Plan (BCDR)
- Ensure employees are appropriately trained and receive periodic security awareness training.
- Engage a partner to monitor security alerts and tools in your environment. If you do not engage a partner, ensure resources are dedicated to monitoring your environment on days, nights, and weekends.
Although the information presented here may be troubling, organizations must review their current cybersecurity programs, start a program if they do not have one, and consider how to respond to unexpected business interruptions.
Implementing these recommendations can be daunting for most organizations, especially SMBs with limited or non-existent IT capabilities. Fortunately, such organizations don’t have to implement them alone. We are here to help you secure your business. Call (703) 740-8797 or fill out our contact form today to book a consultation.
- Shields Up!: CISA’s campaign helps increase organizational vigilance and keep stakeholders informed about cybersecurity threats by providing recommendations, products, and resources to mitigate the impact of cyber attacks.
- How to Protect Your Networks from Ransomware: A collaborative guidance document created by multiple U.S. government agencies.
- Project Spectrum: Resources small/medium-sized businesses and federal manufacturing supply chains can use to improve their cybersecurity readiness, resiliency, and compliance.
- NSA Guidance and Advisories: Includes cybersecurity advisories, info sheets, tech reports, and operational risk notices.