24 Feb 2022
The growing crisis between Ukraine and Russia may seem a world away for most US businesses, but government agencies caution that cyber threats may be closer than you think.
On Tuesday, February 22, just moments after President Biden announced new sanctions on Russian banks and elites in response to Putin’s decision to send troops to two breakaway regions in Ukraine, senior FBI cyber official David Ring advised, in a phone briefing to private executives and state and local officials, to be on heightened alert for ransomware attacks.
This latest phone call was just one in a series of briefings over the past few months held by the FBI and the Department of Homeland Security for US companies and local governments as tension has mounted between the US and Russia over Ukraine. Russia is well known as a “permissive operating environment” for cybercriminals (in Ring’s words), and past experience has shown that Russian hackers are all too willing to go after critical US infrastructure.
In fact, it was just under a year ago that the Russian-based DarkSide Group hit the Colonial Pipeline with a major ransomware attack which subsequently shut down fuel deliveries on the East Coast.
This high-profile attack highlights the threat that ransomware poses to vital services, our economy and our national security. While Russian officials have teased at the possibility of cracking down on the groups that operate with relative impunity from their country, it’s unlikely they’ll be reining in their hackers, especially in this atmosphere of growing friction with the West.
And what does that mean to you?
It means that it’s up to US businesses to be vigilant and protect themselves.
A Cybercrime Offensive
While US officials have said there are no “specific, credible” threats to the US homeland related to the situation in the Ukraine at this time, they have tied cyberattacks to the Russian military strategy in the region. Ukrainian government and banking websites have come under cyberattacks believed to be sponsored— if not actually conducted—by Russia. Should the conflict grow, transportation networks and broadcast media are likely to be key targets for future cyber warfare.
Whether attacks might be intended as retaliation for escalating sanctions or to sow confusion among Ukraine’s allies, US organizations can’t afford to ignore the fact that they may unwittingly end up on the digital front lines of a new style of conflict. If you haven’t already taken steps to reinforce your cybersecurity, it’s past time to start.
On January 11, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency issued an advisory to raise awareness of common threats used by Russian hackers against business systems. According to the document, “Russian state-sponsored advanced persistent threat (APT) actors have used common but effective tactics—including spearphishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target networks.”
Tactics include (but are, of course, not limited to):
- Stealing credentials to gain access through existing accounts, guessing passwords
- Exploiting vulnerabilities
- Deploying malware
The agencies issuing the advisory caution that, in response to the increased risk of cyberattack, organizations should enhance their cybersecurity posture and conduct proactive threat hunting.
Among recommended actions are:
- Implementing robust log collection and retention
- Increasing your organization’s ability to investigate incidents and detect unusual behavior in the network
- Monitoring suspicious activity that can signal infiltration by hackers
- Having a robust incident response plan in place to mitigate damage
Forewarned Is Forearmed
If you’re not 100% sure that the protections you currently have in place meet the standards recommended by US intelligence and cybersecurity agencies recommend, then they probably don’t.
The worst way to find out that your policies and procedures aren’t getting the job done is when you’re on the wrong end of a ransomware or malware attack. Petronella Technology Group (PTG) can assess the current state of your cybersecurity posture and help you get the right safeguards in place to keep your operations and data secure.
In a world of evolving cybersecurity threats, PTG keeps you a step ahead of disaster. To find out how we can help protect you and your business, contact us here today.