The war that seemingly nobody thought would actually happened has begun. Nobody thought Putin would actually full-on attack Ukraine, and now it’s reasonable to wonder what else he’s capable of. And what can we, the western countries a little under Ukraine on Putin’s naughty list expect?
Russia’s seemingly endless cyber-mischief towards enemies real or perceived is nothing new to speak of. Just part of the icy chess-match that has straddled two centuries between East and West. But things have gotten really weird, really fast within the last week or so. Putin has swept the chess pieces aside in a fit, and dared anyone to have a problem with it.
Naturally, he can’t invade all of us, but he seems to have enough spite to go around. The Russians have rumbled threats at a disapproving world, but what could we realistically expect if Putin finds the time in his busy schedule to lash out at the rest of us that aren’t Ukraine?
First of all, it’s no time to panic. It’s not that Russia is readying some new, James Bond-type of never-before-seen-attacks on the hapless Western world.
More likely, hackers allied with Russia will be looking more aggressively for openings or getting ready to exploit systems that they may already have infiltrated. In other words, the same old tricks, just maybe more of them.
What would those be?
Immediately after the Russian invasion broke out, suspected Russian-sourced cyber-attacks were observed over a 48-hour period at an increase of over 800%.
With Russia’s history of previous international attacks, we must have our eyes open for:
Advanced Persistent Threats (APTs) – An advanced persistent threat (APT) uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences. (ESET Protect Advanced On-Prem)
Malware – Any software intentionally designed to cause disruption to a computer or computer network. Leaks private information, gains unauthorized access to information or systems, deprives users access to information and lots of other nasty stuff. (Avast Business Security, Emsisoft AntiMalware Home)
Ransomware – Malware that denies a user access to files on their computer. Encrypting these files and demanding a ransom for the decryption key places organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files. (Emsisoft AntiMalware Home, Emsisoft Business Security, FortiEDR, Check Point Harmony, Sophos Intercept X Advanced)
DDoS – A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic. (Barracuda BVS180 SSL VPN, FortiGate 60F)
Network attacks – An attempt to gain unauthorized access to an organization’s network, with the objective of stealing data or perform other malicious activity. There are two main types of network attacks, active and passive. (FortiEDR, Check Point Harmony, Sophos Intercept X Advanced, Palo Alto Cortex XDR)
What do we do?
Some of it is plain-old common sense. Patch for all software and all vulnerabilities. Even the old ones. Take no shortcuts because if you only patch against known attacks in the wild, you may get caught. If it’s on the internet anywhere, or handles your traffic, communications, or remote business operations – patch it.
Of course, basic cyber-hygiene such as using strong passwords is important. So is minimizing the reuse of passwords. (A password manager can help with both.) Install software updates and patches ASAP. And turning on two-factor authentication for logins and backing up computers will go far.
Prepare for Ransomware or Data Destruction. Ransomware is bad enough, but those same methodologies can also destroy data with the disposal of the decryption key or a simple rewrite. Recovering from attacks is much more than nullifying the threat. It means coming back from a disaster. Test your backups and recovery plans.
Beyond the basics?
This isn’t an attempt to get “salesy.” But these are fairly unprecedented times. Those are the basics above, but the basics are not enough. Every organization, without exception, must act with urgency to secure its information technology infrastructures.
There is a real, and new level of danger facing Western governments and organizations, anyone not on Putin’s “Nice List.” He has made that clear. What is needed is a comprehensive security mission, whatever that looks like for your organization. It must keep watch 24x7x365. If your organization can’t reach this level of security itself, then the best way to get through this is to collaborate. If you don’t have a your own security team to help (most don’t), you must find a reputable security solution. Corporate Armor is ready and happy to advise you, and we understand that not every organization is equally at risk, so not everyone needs the same level of protection.
We are long-time partners with leading names like Sophos, Fortinet, Palo Alto, Check Point, Avast, and many more. Solutions like Check Point Harmony, Emsisoft AntiMalware for Home and Business Security and Avast Endpoint Protection for Small Business. And up in the high-end there’s the large Sophos Intercept X Advanced family, FortiEDR, FortiEDR with MDR, and FortiXDR which are tailor-made for the threats mentioned above.