The escalation of sanctions against Russia in the wake of their invasion of Ukraine has experts sounding the alarm: Russian cyber attacks against public and private targets in the US could be next.
Though earlier this week Department of Homeland Security Secretary Alejandro Mayorkas assured US organizations that there was no “specific credible cyber threat” against the US, the situation is changing too rapidly for any business to consider themselves safe. DHS has warned companies and local governments to be prepared for a cyber attack, and officials in the UK have issued similar cautions across the pond. So what should you expect?
The digital war has already started, even if we aren’t aware of any skirmishes in the US yet. Russian attacks are believed to have targeted the Ukrainian government and banking sites and are expected to escalate as the conflict continues. With international banking-related sanctions against Russian entities going into effect, banks and other financial institutions in the US should be on high alert.
Who’s Behind Possible Cyber Attacks
Judging the threat represented by Russian hacking is complicated by the fact that there isn’t just one malicious actor to be worried about. For example, the FBI recently told local governments and companies to be on the lookout for an increase in ransomware attacks. The groups behind this kind of digital extortion are usually independent hackers trying to make money, though. While they typically operate from within Russia with the tacit blessing of Putin’s regime, they’re not government agents with direct orders to attack specific Western assets.
In addition to this danger, the Russian government itself is capable of launching cyber attacks, and experts think that the risk of them doing so in response to sanctions is growing. US banks are considered to be a prime target should Russia decide to strike back with “destructive attacks targeting critical infrastructure” in the US, as described in a DHS bulletin. While the agency thinks the threshold for such direct attacks is high, they’re far from being out of the realm of possibility. Businesses that haven’t already done so should be battening down the hatches NOW.
Collateral Damage
The other problem with a heightened level of cyber attacks in the US and abroad is the possibility that your business could get hit with ransomware or malware picked up from someone else’s infected system. Potentially targeted infrastructure is tied to all kinds of networked computers that can be affected by ransomware or malware, even if they weren’t deliberately targeted in the first place. In the past, ransomware has disrupted everything from shipping and fuel deliveries to hospitals and schools.
Think it can’t happen? It already has before. In 2017 a variant of the encrypting malware Petya dubbed “NotPetya” spread to companies in the US, UK, France, Germany, Italy, and Poland from attacks initially directed against companies in Ukraine. Experts at the time noted that it had been targeting “complete energy companies, the power grid, bus stations, gas stations, the airport, and banks.” [i]
What Do You Do?
When it comes to cybersecurity, an ounce of prevention is worth a pound of remediation. Having the procedures, practices, and technology in place BEFORE someone makes an attempt to hack your system is your best opportunity to avoid the financial and reputational fallout that follows a successful infiltration. Among the steps you should be taking are:
- Keeping your systems updated with the latest security patches. Hackers love to take advantage of known vulnerabilities in widely used software.
- Checking your password security. Stealing credentials is an easy way for malicious actors to gain access, and lax security practices are a depressingly common route in.
- Using two-factor authentication. You can block access even if someone obtains stolen login information with multifactor authentication.
- Maintaining a continuous monitoring program to find and fix holes in your security. Regular vulnerability scans and penetration tests can spot weaknesses before hackers find them, letting you keep your data and systems secure.
Your Cybersecurity Answer
When the threat is high, you don’t have time to waste. The experts at Petronella Technology Group (PTG) have the experience to rapidly assess your cybersecurity readiness and put the protection you need in place. We stay ahead of the constantly evolving nature of digital threats to keep your operations and confidential information secure.
Don’t let today’s delay be tomorrow’s regret. To sign up for a FREE consultation now, contact us here.
[i] https://www.wired.co.uk/article/petya-malware-ransomware-attack-outbreak-june-2017