Russia - Ukraine Tensions Spark U.S. Cybersecurity Concerns

Leonard Popyack

Summary

Increasing tensions between Russia and Ukraine have led to concerns of cyber attacks that could threaten businesses and critical infrastructure in the United States.  In order to protect your business, clients and data, you should take proactive measures to increase cyber security within all systems, update incident response preparations and bolster business continuity plans.

Threat Details

Increasing tensions between Russia and Ukraine have led to concerns of cyber attacks that could threaten businesses and critical infrastructure in the U.S.  Credible reports in the past two weeks have detailed significant Russian based cyber attacks against Ukrainian targets.  Specific concerns of spillover from this conflict are based on a 2017 Russian cyber attack on a Ukrainian-based accounting software application that broke away from its intended target and became the world’s largest, most destructive and costliest ransomware attack ever, known as NotPetya.  

In response to potential emerging threats from this conflict, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) have issued an immediate advisory to the cybersecurity community to adopt a heightened state of awareness and to conduct proactive threat hunting.  

Historically, Russian state-sponsored advanced persistent threat (APT) actors have used common but effective tactics—including spearphishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target networks.

Russian state-sponsored Advanced Persistent Threat actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware. The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments—including cloud environments.

In some cases, Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware.
 

Mitigation Steps

  1. Recommended steps that can help mitigate the threats posed by this conflict include:
  2. Identifying and remediating known vulnerabilities in systems
  3. Hardening security on points of remote access such as those used for remote and home workers
  4. Creating / testing cyber incident response and disaster recovery plans
  5. Creating comprehensive business continuity plans that include provisions for outages of critical IT related systems.