Russia Intensifies Cyberterrorism Activities

The horrible news is everywhere - Russia began invading Ukraine yesterday, and this almost certainly will affect US businesses and how they should respond to cybersecurity concerns.  The Cybersecurity & Infrastructure Security Agency (CISA) has called this a "Shields Up" situation, and given guidance to businesses in how to proceed.  And we here at London Security agree largely with this assessment.

These cyberterrorism efforts target businesses to destroy & damage, not to solely profit, and should be treated with utmost seriousness. 

What does this mean for your business?

Russia is a known bad actor for all kinds of cybersecurity attacks and hacker attempts.  There are state-sponsored terrorist actions which the Russian government targets critical infrastructure and businesses in order to "sew chaos" prior to an invasion.  There is no reason to believe that we may not see some of these types of attacks here in the US.

  • Distributed Denial of Service (DDoS) Attacks - We will see an escalation of these style attacks, as they are easy to pull off, and a component of a larger attempt to breach security of an organization.  Security engineers should monitor unusual network activity and be prepared to change network security policies in order to defend against these attacks, while at the same time looking for any indicators of compromise.
  • Ransomware Attacks - This is more likely going to be part of a payload within another exploit or attack, and while there are numerous security methods needing to be overcome in order to execute a Ransomware attack, you should make sure there are plans in place to protect your data during this critical period.  Additionally, you should be testing your security technologies against common attack vectors to be sure you will not be impacted should something get through your defenses.
  • 'HermeticWiper' Malware Attacks - Ukraine has been hit by a new data-wiping malware dubbed 'HermeticWiper'.  HermeticWiper misuses legitimate drivers of popular disk management software, in order to destroy saved data rather than ransom it back to affected users.  This style of attack is effective in destabilizing business and should be a primary concern to US businesses.
  • Spear Phishing / Phishing - There will be many emails that come from what "appear" to be trusted sources that may target your organization.  Tell your employees to avoid opening emails / downloading links from senders without knowing and trusting the originator first.  This is a common tactic that even security engineers will occasionally fall for, so keep on the lookout.


What should I be doing to protect my business?

Arguably this is the best time to consider looking at security processes that have been operating within your organization, and verifying they work successfully.  Work with trusted security advisors to find the best methodology to approach potential infections / attacks - and create a workflow to follow in case of a successful attack or breach.

Just 10 minutes of your time, by reaching out to London Security Solutions, we could help you with a basic discussion if you aren't sure if your security is up to the task.  London Security has effectively caught bad actors in the middle of attacks during our risk assessments, and this may be a good time to reach out and schedule a Ransomware Risk Assessment.  Our timeslots are quickly filling, but we may have time in March if people are interested in scheduling time to talk to us about their security.


Final thoughts

The situation in Ukraine is ongoing, and there are valid reasons to be concerned about Russian attacks in the coming weeks.  There are tons of resources available through your current security providers, as well as links to other suggestions from CISA I have linked here.

Be concerned, be aware, and most of all, be willing to ask for help if you need it. 

London Security Solutions is here to help.