Russia has invaded Ukraine, and while it may feel like a selfish time to think about it, business leaders are probably wondering if this conflict means that cyberattacks from Russia will also begin to flare up.
That fear isn’t just paranoia, either: The U.S. Department of Justice said as much last week, warning business leaders that they would be foolish not to harden their security postures as tensions mounted. With that tension turned into all-out war it’s an even better time to think about how to stay safe against potential attacks.
“Whenever there is a conflict related to Russia, you should expect to see force applied on the cyber domain as well because it creates disorientation, lack of trust, and fear,” said Ariel Parnes, COO and cofounder of cybersecurity company Mitiga. Parnes also warned that cyberattacks can be used to dissuade Ukraine’s allies from supporting them, so keep that in mind if the conflict grows and begins to involve U.S. forces.
What sort of attacks should U.S. businesses expect?
There have been a lot of recommendations for how companies should react to the Ukraine conflict, and all of them have one thing in common: Cyberattacks against U.S. companies aren’t a question of if, they’re a very inevitable “when.”
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
Scott Kanry, CEO at cyber risk management company Axio, said there’s absolutely no question that U.S.-based organizations will see an increase in cyberattacks due to the conflict. Kanry said we don’t need to look back very far to see an example of the potential havoc state-sponsored cyberattacks can inflict: The Colonial Pipeline attack.
Kanry said that we’re likely to see attacks like DDoS, phishing, activation of persistent malware and more across the 16 critical infrastructure sectors; potentially all the way down to small but vital local organizations. “We should also be paying attention to the other organizations that are critical to a functioning society, like hospitals, schools, health clinics and local banks. Often the smallest organizations lack even basic cyber defenses which make them vulnerable to an attack,” Kanry said.
While individual companies may be at an increased risk of attack, Parnes warned that many companies will become collateral damage in attacks against infrastructure. That doesn’t mean organizations should only plan for infrastructure outages: It’s possible that some critical companies may have been compromised in the past, and now Russia or another bad actor is simply waiting for the right time to make use of their back door.
If that turns out to be you, “Expect attacks to include deletion and encryption of data, DDoS attacks, and extortionware, when attackers take data and threaten to sell it (or do sell it) as a form of information warfare,” Parnes said.
How your organization can prepare for increased cyber threats
“There is only so much you can do now to prevent a cyberattack in the immediate future, particularly if you are targeted by Russia or a state-sponsored attacker,” Parnes said. That may be a grim outlook, but don’t let it dissuade you from doing everything you can to minimize your risks, and Parnes and Kanry each have tips that can help concerned IT and security leaders.
Kanry said that the best way to figure out how to improve your cybersecurity posture is to establish a baseline using an industry-standard framework like the NIST Cybersecurity Framework. Once you have your baseline you can use your framework to determine what you need to do to meet a higher security standard.
Additionally, Kanry said that businesses should be following standard best practices: “Implement strong password hygiene policies, ensure systems are patched and updated, make sure networks are properly segmented and implement robust MFA across every user and business application,” Kanry said.
Parnes’ advice goes hand-in-hand with what Blue Hexagon CTO and Founder Saumitra Das said is a hallmark of nation-state level cyberattacks: They’re good at evading detection. “Nation-state attackers usually can craft mutated attacks to render threat intelligence unhelpful, use living off the land techniques to bypass endpoint security and focus on disruption rather than ransoming data which can in many cases be easier to achieve,” Das said.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
To that end, Parnes said that the focus for businesses looking to shore up quickly should be on detection. “There are always new indicators of compromise (IOCs) coming out, and it’s important to proactively look for them,” Parnes said. Additionally, be sure that you’re keeping up on the latest threat intelligence, which often contains the latest IOCs.
What about attacks that are mutated in order to avoid threat intelligence? Das said that organizations need to use AI-based detection tools that can pick up on suspicious activity as well as typical IOCs.
Lastly, and this is another common point made by several experts: Test, test and then test again. “It’s not enough to have a plan if you don’t exercise it. When you exercise these disaster and incident recovery plans, you will realize what can happen and understand the impacts of it. Adjust your plans based on what you learn from the exercises,” Parnes said.