10 Steps to Take Now to Guard Against Russian Cyber Attacks

The number and severity of cyber attacks originating in Russia may increment in the coming weeks. Follow these steps to increase your cyber threat protection, response and resilience.

post 1 gpremacc 1088317948 hires rf rgb scaled 1
Protiviti

The world is watching closely equally Russia'south invasion of Ukraine evolves with each passing twenty-four hours. The conflict, combined with geopolitical tensions prompted by the disapproving responses from NATO, the US and many other countries, take fabricated organizations within those countries high targets of offensive Russian and associated nation land cybersecurity attacks.

The US, European Marriage, United Kingdom and other allies and partners take announced multiple waves of financial and other business organisation sanctions against Russia in response to the invasion of Ukraine. In a largely coordinated and complementary effort, despite somewhat differing approaches, these sanctions include both symbolic deportment unlikely to deter Russia too as more farthermost actions aimed at imposing immediate disruption on the Russian economy. Exacerbating the conflict, many major US-based companies, along with companies around the earth, have recently discontinued all business operations in Russia, expressing their disapproval of the Russian actions.

Russia has threatened a "painful" response and we fully expect the state and its associated nations to escalate offensive cybersecurity threat actions, which may increase the number and severity of cyber attacks intended to disrupt government, business and critical infrastructures of whatever country issuing sanctions or businesses discontinuing operations.

In this mail, we outline recommendations and materials for any enterprise to consider when increasing their cyber threat protection, cyber incident response and enterprise resilience.

Cybersecurity is a priority

As part of the invasion, Ukrainian computer networks have been hitting with a information-wiping malware program every bit Russian federation invades. Several Ukraine government and banking websites have been targeted with distributed-denial-of-service attacks, reportedly to distract the public and authorities cybersecurity workers and hamstring Ukrainian communications. As a countermeasure, Ukraine has called for "digital talents" to create "an It army" of hackers to hit Russian targets.

As Ukrainian systems are targeted, critical infrastructure and businesses around the earth are at risk. The malware affecting Ukraine'south systems could spread, adding hazard of increased ransomware attacks.

Historically, Russian land-sponsored advanced-persistent-threat (APT) actors have used sophisticated cyber capabilities to target a diversity of US and international critical infrastructure organizations, including those in the defense industrial base every bit well as the healthcare and public health, energy, telecommunications and authorities facilities sectors.

On the cyber front, it would be a error to focus exclusively on cyber activity coming out of Russia. Ukraine and the W must recognize that the proxy spider web is cardinal to the Kremlin's cyber strategy and operations, and and so is the Russian government's deployment of hackers based away. As deniability is of import to the Kremlin, the West should consider focusing its intelligence forces on identifying Russian proxies operating in internet when assessing and preparing for Russian state cyber threats.

It is unlikely that Putin will accept the hits from the SWIFT sanctions and the potential actions against Russia'southward Central Bank without responding with reprisals. These sanctions have increased the likelihood of cyberattacks, which could widen the Russian invasion of Ukraine into a much broader disharmonize.

NATO Secretarial assistant General Jens Stoltenberg has warned Russia that a serious cyberattack could trigger Article 5 of NATO's founding treaty, in which "an assail against ane ally is treated as an attack against all." Businesses and governmental agencies responsible for disquisitional infrastructure and high-profile targets should ensure they are adequately prepared with best do prevention, detection and incident response measures to deal with Russian advanced persistent threats.

The 10 steps to have now to avert a Russian cyber attack

Do Now:

  1. Address Assumptions: Assume sophisticated cyber attackers are already inside your environment and are positioned to disrupt businesses at any time. Additionally, leverage apparent cyber threat intelligence to determine if your organisation would typically be targeted past Russian adversaries and for what reasons.
  2. Rally Communications: Ensure all relevant cyber and resilience teams are on high alert. This includes providing discover to corporate communications, legal, senior leadership and cardinal 3rd parties that everyone should be prepared to act also as alerting employees to remain vigilant, specially for phishing and other social engineering attacks.
  3. Ostend Restoration: Accept whatever firsthand steps bachelor to confirm fundamental restoration and recovery activities, including a review of the abyss and integrity of cardinal backups and ensuring recovery processes are accurate, known to all necessary parties and ready for action.
  4. Review Third-Party Date: Review existing agreements with key tertiary parties, such every bit forensics and response partners, police firms and insurers.
  1. Stay Informed: Stay current on latest news. Leverage existing threat intelligence and information sharing sources as much equally possible (e.yard., CISA'due south "Shields Upward" site, manufacture ISACs, Microsoft, etc.). Additional resource links are shared at the end of this post.

Do Soon:

  1. Reinforce and Secure Environments: Reinforce primal controls and secure high-risk areas. This includes a review of electric current patching levels (and probable brusque-term increment in scanning frequency), validation of your Cyberspace-facing set on surface, and ensuring MFA and other dual-path access verification controls are active and appropriately configured.
  2. Evaluate Capabilities: Examination, simulate and confirm all crisis direction and incident response capabilities. Crisis management extends across incident response and includes confirming all key personnel understand their part.
  3. Review Current Recovery Playbooks: Perform a comprehensive review of existing continuity and recovery plans to confirm they are complete and up to engagement. Specific focus should be given to internal and external resources availability, dependencies on key 3rd parties that provide business organisation services, and communication protocols for external stakeholders (east.1000., employees, regulators, customers).
  4. Assess Technologies: Increment focus on and revisit all technologies supporting whatever hybrid workforce. Confirm all remote or external access points are hardened and covered with current versions of end-point detection technologies.
  5. Set Expectations: Set – or reset – expectations with senior leaders and board members on the potential for disruption of services due to a cyber assail, and the current steps taken to manage those risks.

While the actions outlined above help manage risks effectually the current situation with Russia, forward-looking companies should consider these actions a long-term investment against farthermost events occurring in an increasingly volatile world – ecology, pandemic, cyber or otherwise. Furthermore, diligent organizations need to ensure their electric current strategies position their cyber programs to better repel adversaries, increase detection and response agility and expand existing resilience capabilities. Proper funding, leadership and vision are all key to ensuring your cyber program is both business- and threat-aligned and ready to face the challenges that lay ahead.

Boosted Resources: Contempo CISA Recommendations

President Biden has designated the Department of Homeland Security (DHS) every bit the atomic number 82 federal agency to coordinate domestic preparedness and response efforts related to the current Russia-Ukraine crisis. DHS is taking appropriate steps to ensure federal efforts are coordinated should the demand arise for specific threats. The Cybersecurity and Infrastructure Security Agency is available to assist organizations prepare for, respond to and mitigate cyber attacks.

Below are links to several recent CISA resources:

  • The Cybersecurity and Infrastructure Security Agency'southward "Shields Up" webpage provides data on how to improve cybersecurity and protect critical assets, forth with immediate recommendations of cyber attack prevention actions for all U.S. businesses. Given the increased population working with hybrid arrangements, these recommendations and deportment should be extended to all U.S. and global entities.
  • This recent CISA insight titled, Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, offers a solid checklist of cybersecurity threat management and data protection actions.
  • CISA Insights Implement Cybersecurity Measures Now to Protect Confronting Potential Critical Threats from Jan 2022.
  • A recently published "Alert" Understanding and Mitigating Russian Land-Sponsored Cyber Threats to U.S. Critical Infrastructure | CISA provides details for which product vulnerabilities Russia is known to use. Their set on vectors, capabilities and approaches are included.

For more information on recent and historical Russian state-sponsored malicious cyber activeness, see the referenced products below or become to cisa.gov/Russia.

  • Joint FBI-DHS-CISA CSA Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
  • Joint NSA-FBI-CISA CSA Russian GRU Conducting Global Brute Force Entrada to Compromise Enterprise and Cloud Environments
  • Joint FBI-CISA CSA Russian State-Sponsored Advanced Persistent Threat Thespian Compromises U.S. Regime Targets
  • Articulation CISA-FBI CSA APT Actors Chaining Vulnerabilities against SLTT, Critical Infrastructure, and Elections Organizations
  • CISA'south webpage Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise
  • CISA Alert Russian Government Cyber Activity Targeting Energy Sector and Other Critical Infrastructure Sectors
  • CISA ICS Alarm: Cyber-Assault Confronting Ukrainian Disquisitional Infrastructure


Terry Jost is Manager, Global Security and Privacy Segment Leader at Protiviti.

Copyright © 2022 IDG Communications, Inc.