Security Alert | Security Impacts Ukrainian & Russian Conflict
Modern warfare moves beyond solely physical conflicts to include economic, cyber and trade tactics. World events such as the current conflict between Ukraine and Russia can and often do impact security worldwide, even for organizations that don’t have a global footprint or user base.
Hours after Russian troops invaded Ukraine, it was announced that Russian hackers used denial-of-service attacks to disable Ukrainian government and financial sites. Following this, U.S. President Joe Biden announced options to execute possible cyberwarfare as a response to Russia’s invasion. Countries worldwide are likely to feel some effects via physical disruptions of agricultural and energy supplies and digital disruptions caused by Russian cyberattacks. The latter, in particular, could end up reaching the United States.
Who Is at Risk?
The United States has released statements urging organizations to prepare for cyberattacks against U.S. businesses and critical infrastructure.
There are also potential risks to IT security companies who outsource software development to Ukraine.
- WhisperGate – Data-wiping malware utilizing WhisperGate, an MBRLocking malware, has been attributed to Russia. Although specifically targeting Ukrainian firms, any organization that partners or associates with the affected Ukrainian businesses are at risk.
- HermeticWiper – There are indications that data-wiper malware HermeticWiper has been used to exploit EaseUS Partition Master software drivers to corrupt data at rest. This malware has targeted large organizations, government contractors from multiple countries, and financial entities in Lithuania, Latvia and Ukraine.
- APT Sandworm – Believed to be one of the strongest threat actors, APT Sandworm has developed a new malware tool known as Cyclops Blink. This malware has been increasingly uncovered in the month leading up to the current conflict.
- Phishing Attacks – Threat actors are leveraging current events to increase their targeted attacks. In recent days, there have been over 250 new domains registered with names related to Ukraine. This will likely lead to increased phishing attacks under the guise of supporting Ukrainian efforts, charities, etc.
What You Can Do
- Continuously assess your current security posture and analyze gaps and deficiencies. World events shouldn’t dictate your current stance on security, but this is an excellent opportunity to perform a thorough review of your existing processes and controls to identify gaps and improvement opportunities. For organizations looking for guidance or a place to start, review the CIS Critical Security Controls (CIS Controls) and apply them to your environment.
- Ensure that you monitor email traffic for increased phishing campaigns and ensure visibility of your network across your environment’s ingress and egress routes.
- If you have contractors or employees in Ukraine, stand up a crisis management team to establish data backup and communication plans, ensure hard copies of documents are gathered and monitor all activities originating from Ukrainian locations.
- The CISA Shields Up program offers additional guidance, recommendations, and resources as the direct result of this conflict.
Developing a crisis management plan is recommended so that you are prepared for worldwide conflicts and can effectively manage the impact on your organization.
- How a Russian cyberwar in Ukraine could ripple out globally | MIT Technology Review
- How One U.S. Company Is Safeguarding Their Employees And Operations In Ukraine (forbes.com)
- Ukraine tech firms stay calm but ready for Russia conflict (techtarget.com)
For additional information, contact:
CBI Threat Intel Group | firstname.lastname@example.org