How to Prepare for Cyber War Crossfire
As the world watches the military events unfolding in Ukraine, the world prepares for cyber repercussions. The United Nations, individual countries, and economic organizations are imposing sanctions against Russia. The Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Homeland Security have published advisories regarding the potential cyber-attacks coming from Russia.
Many experts believe these efforts will increase cyber-attacks coming from Russia and criminal organizations siding with the Russian cause, and preliminary intelligence information is backing up these suspicions.
Many industries have begun additional preparations to protect and defend their systems, enhance detection capabilities, and refine their response and remediation program. The likelihood of these attacks occurring against critical infrastructure, key global economic sectors, the defense industrial base, civilian media and communications, global supply chain and manufacturing, and organizations that support these institutions is at an all-time high. The goal of the nation-states and criminal organizations is to provide wide-scale disruption, fear, intelligence gathering, and political leverage.
What could these attacks look like?
- Phishing Attacks – These attacks come in the form of emails sent to your employees or the employees of companies you do business with, enabling attackers to collect personal information to steal access to individual accounts and other information.
- Malware and Crypto ware Attacks – These attacks can create backdoors into the organization or be used to steal or destroy valuable information.
- Denial of Service Attacks – These attacks focus on taking down resources that are important to an organization. These kinds of attacks can affect your business in multiple ways, including losing access to hosted services or losing access to internal systems.
- Attacks against employee's personal accounts and devices seeking access to corporate assets.
- Additional attempts to steal or wipe information using multiple techniques.
Coretek's Recommendations
Train Employees On Cyber Security
Ensure users are trained in spotting and reporting cyber security events and the proper response to phishing emails. Conduct regular tests and training to reinforce cyber security training.
Ensure Your Security Tools are Updated & Layered
Ensure that your security tools are up to date and are functioning and when feasible, layer your security tools. Examples of a layered approach against malware:
- Ensure Defender for Endpoint is functioning with updated tools.
- Ensure users do not operate their machines with local administrator rights.
- Ensure the Windows Firewall is enabled.
- Ensure Defender for Office 365 blocks messages from known bad sources and scans URLs and Attachments for malware.
- Block web traffic from going to known bad sources.
- Limit connections to Azure and your network from only Geolocation, where you will do business.
- Train your workforce on how to recognize and report phishing emails.
- Monitor security tools and system activity.
- Ensure that data that is important to the organization is backed up where it will not be encrypted if you have a ransomware attack.
Know Your Data
Ensure that you know what systems and data are essential to your organization and how long you can operate without access to those systems and their data. Ensure you have downtime procedures and an alternative way to access that data and systems in the case of an outage. If your critical system is cloud-hosted, you should ensure you can access it even if you cannot access the hosted system.
Know Your Boundaries
Conduct regular external vulnerability scans. These kinds of scans are performed without access to your internal system and allow you to see what your systems look like from an external perspective. You can also look at services that gather public information, like Shodan, to see what data is being gathered about your systems.
Patch to Protect Against Malware the Exploitation of Known Vulnerabilities
Review your existing patching cadence based upon your interpretation of risk for your organization. Consider adjusting patch windows for vulnerabilities or flaws that are sensitive or high-risk systems, depending on your organization's existing security systems. Patch all of your equipment, not just workstations—hackers can even exploit badge scanners and firewalls to access an organization. If you can't patch a system, ensure it is isolated from the request of the devices on the network using network segmentation.
Address Detection & Response
Detection and response is not optional it is a requirement. Ensure that your security detection and response tools are up to date, functioning, and monitored 24/7/365. The difference between a security event and a breach is often determined by quick detection and a swift and well-executed response.
A Recovery Plan is Critical
At some point, all systems fail. The key is to ensure that the backup and recovery systems are functioning and tested and have the capacity to restore entire IT environments quickly. Your team should understand the recovery process and dependencies. Often these systems are the least protected, making them the first target for criminals. The other critical aspect often overlooked is the data and systems to be backed up. Often, user data or cloud systems are not backed up at all or even to the same degree as other critical systems. Data and system availability is the key target of criminals. Having the ability to recover the data systems in their entirety and quickly is business-critical. Depending on services delivered by your organization, this could have a national or global impact.
References & Additional Resources
Coretek will continue to monitor developments related to Russian and other known threats. If you have concerns about the security of your system or would like a security evaluation, don't hesitate to get in touch with your Customer Success Manager or use the button below to get in touch.
- U.S. banks prepare for cyber attacks after latest Russia sanctions | Reuters
- Russia Cyber Threat Overview and Advisories | CISA
- US officials prep big banks for potential Russian hacking as sanctions threat looms | CNN Politics
- How to Prep for Increased Russia-Based Cyber Attacks
- Conti gang says it's ready to hit critical infrastructure in support of Russian government