In the buildup to open hostilities between Russia and Ukraine, we have seen a rise in the amount of alerts warning companies to increase their cyber preparedness in response to increasing cyberattacks from sources such as CISA.
Since active fighting began on February 24th, we have seen a number of threat actors both inside and outside of Russia and Ukraine attempting to take advantage of the confusion to cloak criminal activity under the guise of warring states.
The nature of war in the 21st century means fewer troops on the ground and more cybersecurity attacks between nation-states. Cybersecurity assaults have become a very serious concern throughout the world as the Russia-Ukraine conflict continues to grow.
While it is unlikely (but possible) that Russia will commit state-sponsored attacks against key U.S. infrastructure, there is nothing stopping rogue hackers from assaulting organizations and countries in opposition to the war. According to Check Point Research, cyberattacks on Ukrainian military and government sectors spiked by 196% in the first three days after the invasion.
As our customer we are helping you put your shields up by taking the following actions to protect your networks, users, and applications:
- We have decreased the alerting threshold on our tools. While this may result in additional “false positives” that we will examine, it does give us an increased chance to catch malicious attackers trying to harm your networks.
- We have accessed “indicators of compromise” (IOC’s) for the malicious software attributed to Russia.
- We are performing manual hunts for malicious software multiple times a day using our tools.
- We have increased the testing of backups to include:
- Ensuring backups are occurring as scheduled
- That the backups are free of malicious software
- That drives are being backed up with the correct data
- We have increased our use of threat intelligence tools and capabilities on our customer’s networks to locate vulnerabilities and remediate them before they become problems for your organization.
- We are participating with external formal and informal groups to access threat information as quickly as possible and put it into action to protect your networks.
There will not be any additional charges for any of these services or capabilities on behalf of our customers.
As we all know end users are both the greatest weakness and the first line of defense for any cybersecurity program. We are asking all of our customers to please take the following actions:
- If you are not using a formal cybersecurity training program for your end users please have them sign up and use our free cybersecurity training at no cost to your organization. It will help them become more cyber aware and manage the risk of user error causing a problem on your network.
- Please share basic information with your users that if they see something, say something. If they experience an issue with their device please have them contact support as soon as possible. Please remember that the faster we find problems and fix them the better outcome there is for your organization.
As always we appreciate your business and your willingness to partner with us to manage your cybersecurity programs. Please feel free to reach out to me directly with any questions, comments, or concerns.