Aligned Technology Solution (ATS) has been following the rapidly evolving situation between Russia & Ukraine.
On Thursday, February 24, 2022 (GMT), Russian military forces invaded Ukraine. At the time it seemed that only kinetic operations were going to be the primary means of force. As the situation has evolved it has become clear that Cyber operations are on the table, and continued escalation of advanced cyber-attacks is likely to occur.
To date, the following publicly disclosed events are being investigated as part of Russian state-sponsored cyber operation activity:
- January 13, 2022 – “WhisperGate” wiper activity targets Ukrainian organizations, including Ukrainian government agencies
- February 23, 2022 – Distributed denial-of-service (DDoS) attack on Ukrainian organizations, including Ukrainian government agencies.
- February 25, 2022 – Conti ransomware actors threaten “retaliatory measures” targeting critical infrastructure in response to “a cyberattack or any war activities against Russia.”
Additionally, the “Hacktivist” group “Anonymous” has announced a campaign against Russian assets. These types of campaigns are unlikely to cease and the number of other groups supporting the state actors on each side is likely to increase. These escalations of non-state actor groups may cause misattribution and additional hostile cyber operations against the United States and its allies.
Organizations should be prepared for any or all the following:
- Attacks on your organization’s corporate networks
- Attacks on the networks of critical partners or suppliers that impact your business and your customers
- Attacks on the critical infrastructure sectors that have cascading impacts on your company and the geographic locations in which you, your customers, and employees live and work
- Attacks on individuals that are part of your company or interact with your company around the world
Attacks are likely to be disruptive and cause business interruption. Successful attacks may be effective in permanently disrupting business operations leading ultimately to organizational failure and cessation of business activities.
Although there is no replacement for a comprehensive Cyber Security program, please find below some baseline best practices that should be adhered to by all businesses regardless of size, maturity, or vertical:
- Enable multi-factor authentication for all accounts
- Ensure all systems have an anti-virus installed and appropriately configured. Ideally, an EDR or XDR solution should also be implemented.
- Make sure all important information and systems are backed up, appropriately secured, and verify that it can be successfully recovered in case of an incident
- Follow a backup strategy that is appropriate for your business and backups all critical systems and data
- Create Business Continuity and Disaster Recovery Plan (BCDR)
- Ensure employees are appropriately trained and receive periodic security awareness training
- Engage a partner to monitor security alerts and tools in your environment. If you do not engage a partner, make sure there are resources dedicated to monitoring your environment on days, nights, and weekends.
Although the information presented here may be troubling, it is imperative that organizations review their current cybersecurity programs, start a program if they do not have one, and think about how to respond to unexpected business interruptions.
For most organizations, especially SMBs with limited or non-existent IT capabilities, implementing these recommendations can be a daunting task. Fortunately, such organizations don’t have to implement them alone. We are here to help you secure your business. Call (703) 740-8797 or fill out our contact form today to book a consultation.