The Cybersecurity & Infrastructure Security Agency (CISA), the U.S. Intelligence Community, law enforcement, and other agencies recently issued a Shields Up alert regarding a potential increase in cyberattacks related to Russia’s military action against Ukraine and subsequent sanctions against the Russian government and related entities.
While no specific cyber threats against U.S. targets have been identified, U.S. agencies and security experts recommend that all public and private sector organizations adopt a heightened cyber security posture.
They are warning about increased data breaches and ransomware attacks, and other types of attacks, not unlike what was seen in 2017 with the NotPeyta malware. Recent weeks saw distributed denial-of-service attacks (DDoS) on government websites and the discovery of HermeticWiper malware in Ukraine. In the past, Homeland Security and the FBI have accused what they called “Russian government cyber actors” of targeting energy, healthcare, and other critical infrastructure sectors in the U.S.
“From this point forward, military conflicts will extend into cyberspace,” shares Gregory H. Winger, assistant professor of political science, School of Public and International Affairs, and faculty fellow at the Center for Cyber Strategy and Policy at the University of Cincinnati in a recent article in CSO. He goes on to say about Wiper malware, “I have not seen any indications yet that this current campaign or malware has spread much beyond Ukraine. However, there are elements that appear to be patterned on NotPetya, which did go global.”
Guidance for Organizations
CISA is recommending U.S. businesses take a variety of actions considering the current situation, including, but not limited to:
Reduce the likelihood of a damaging cyber intrusion
-
- Institute multi-factor authentication (MFA).
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities.
Take steps to quickly detect a potential intrusion
-
- Utilize antivirus/antimalware software to protect your entire network.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations.
Ensure that the organization is prepared to respond if an intrusion occurs
-
- Assure business continuity by designating a crisis-response team.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
Maximize the organization’s resilience to a destructive cyber incident
-
- Test backup procedures to ensure rapid restoration of critical data.
- Test manual controls industrial control systems and operational technology to ensure that essential functions remain operable.
Additional recommendations from Coretelligent’s security experts include:
Stay extra vigilant
-
- Think before you click a link or open an email attachment.
- Be wary of new social media requests.
Prepare for further equipment delays
-
- An already stressed global supply chain is vulnerable to the U.S. chip industry’s reliance on Ukrainian-sourced neon and other exports.
Ensure readiness to respond to a cyber incident
-
- Review policies and procedures around incident response.
How to Protect Your Organization?
If you are concerned that your organization’s current cybersecurity posture is not robust enough to sufficiently handle the intensified conditions, reach out to learn more about Coretelligent’s multi-layered cybersecurity solutions.
CoreArmor is a customizable cybersecurity platform that provides a solid foundation of cybersecurity protections and can resolve specific security concerns and issues based on your business needs. Powered by AlienVault’s enterprise-class Unified Security Management® (USM) platform, CoreArmor delivers the following:
- Managed Detection and Response (MDR) – End-to-end, round-the-clock expert monitoring and threat response.
- 24x7x365 US-based Security Operations Center (SOC) – Intrusion detection monitoring and response in real-time.
- Security Automation and Orchestration – Provides accelerated reaction time and extended protection.
- Cloud Protection – Real-time monitoring of cloud infrastructure.
- Geolocation – Identity suspicious login activity.
- Behavioral Monitoring and Endpoint Detection & Response (EDR) – Monitor, collect, respond, and analyze endpoint data to identify threats and threat patterns.
- SIEM and log management – Allows for expert human analysis and remediation.
