Not a Russian or Ukrainian? Well, you still need to be more cyber alert now. While you may be nowhere near Russia or Ukraine and may think that you are not directly impacted by the ongoing conflict, there’s little chance that cyberattacks will be limited to Ukraine. In actual fact, corporations should pay attention to what is going on there because there will no doubt be spillover effects of cyberwarfare.
The ongoing conflict may increase the risk of cybersecurity attacks either as a spillover of cyberattacks targeting Ukraine, direct attacks against supporters of Ukraine/Russia or simply opportunistic attacks, i.e., typical hackers taking advantage of the ongoing conflict to perpetuate their own desires.
In this article, we discuss opportunistic attacks that companies may see during this period including:
- Bruteforce attacks
- Phishing attacks, including destructive malware
- Website defacement
- Ransomware
- Distributed Denial of Services (DDoS) attacks
We will also discuss safety measures you can take to protect your organization and its users from becoming victims.
The cyberattacks are likely to be destructive or disruptive rather than aiming to defraud or steal data.
5 Rising Cyberattacks to Watch Out For in the Global Cyber Conflict – Ukraine, Russia
i. Bruteforce attacks/ Account Takeover
There are likely to be widespread distributed anonymized bruteforce attacks against hundreds of institutions worldwide. Cyberattacks can be launched from an unwitting host. or example, an account takeover of your email account by a malicious actor. Your email account may then be used to initiate a chain of attacks in the form of malware, ransomware and so on. The attacker may also use it to send out mass emails to spread fake news regarding the ongoing conflict.
Hackers will be looking to gain access to networks using known vulnerabilities. If your email account is compromised and used to send out malicious messages, your domain may be blacklisted.
What you can do
- The best mitigation against phishing is to enable multi-factor authentication (MFA) on all platforms which support it.
- Patch all systems fully, especially externally facing ones.
- In the unfortunate event that your email account is compromised, check out our blog on how to recover from a compromised email account.
ii. Phishing attacks
Russian state-sponsored actors have been sighted for engaging in spear-phishing attacks, especially with compromised email accounts. Scammers will take advantage of human curiosity, anxiety or desire to help those in need. You may receive links to malicious websites masquerading as news updates of the Russian/Ukraine conflict or links to sites that claim to be humanitarian aid and asking for your contribution to save victims of the conflict.
What you can do
- Remain alert and avoid clicking on unknown links and open attachments from suspicious emails with caution. Here are more tips on how to recognize the signs of a phishing email.
- Then, secure your business from increased threat of phishing attacks with strong spam filtering that offers protection against phishing.
- Also, avoid virus or malware infection by:
- Installing a good endpoint antivirus such as Bitdefender antivirus on user PCs and devices.
- Updating all systems with the latest patches.
- Another important step is educating your end users on how to recognize phishing emails and avoid becoming victims. You can do this through cybersecurity awarenes training and also running some phishing campaigns to test your users.
- Additionally, have an incident response plan in place for the worst-case scenario as well as a business continuity plan — including failover infrastructure — for business-critical assets. Check out Kaluari Disaster Recovery as a Service (DRaaS).
iii. Website defacement
Website defacements provide cybercriminals with the opportunity to spread false news. Typically, hackers deface websites to take prove their point, humiliate a government or institution, prove a point or disrupt a website’s operations. However, Russian/Ukraine supporters may deface popular websites and use them to post their own views, spreading strategic communication themes to international audiences. Typically, website defacement happens because of weak passwords for administrator accounts, cross-site scripting, injection, file upload, or vulnerable plugins.
What you can do
- Restrict user rights on platforms and only give administrative rights to those who need them.
- Enforce strong passwords on your website administrator accounts.
- Actively manage patches and updates on your web servers and websites.
- Look for places where scripts or iframes could be injected or where SQL injection could occur and remediate.
iv. Ransomware
Opportunistic cyber attackers may still be on the prowl and may take advantage of the chaos. Ransomware can be used to disrupt foreign targets or supporters of either Russia or Ukraine, and it can have devastating effects on targets.
What you can do
- Evaluate all your system resources and application configurations for resilience.
- Have incident response procedures in place in the event of an incident.
- Set up reliable cloud backup or a disaster recovery solution. This way, you can resume operations in the unfortunate event of a ransomware hit.
v. DDoS attacks
While Distributed denial of service (DDoS) attacks may only make up a small percentage of cyber security threats, their consequences can be crippling. DDoS attacks can cripple an entire company network or even country.
There have already been reports of DDoS attacks on Ukrainian websites, and Russia has historically used DDoS in support of operations against other former Soviet republics in the past. While a Russian may be seeking a host to carry out an invasion against Ukraine, your weakly secured network could be an easy access route for initiating DDoS attacks.
While DDoS does not receive the same level of attention as some other forms of attack, it can still have significant impacts on business operations.
What you can do
i. Use access lists or firewall rules to drop traffic coming from attacker nodes – restrict the traffic using firewall rules to avoid overloading your server, e.g., a maximum of 5 connections at a time, or email, do not accept more than 200 emails from one single source within three minutes.
ii. Use load balancers.
iii. Consider using a DDoS protection service provider such as Cloudfare and Radware.
Let’s now take a look at some holistic tips you can take to stay cyber safe in this ongoing conflict.
More Tips to Stay Cyber-Safe with the Ongoing Russia Ukraine Conflict
- Continuously monitor your cyber resilience with awareness of the changing threat environment.
- Have a dry run of your existing incidence response plan with everyone involved, confirming clear understanding of the processes in case of an incident.
- If you don’t already have these, set up backup and disaster recovery procedures of all critical business systems. Backup and replicas of systems should be regular and frequent to guarantee quick recovery in the event of a disaster.
- Patch all your systems regularly and update to the latest versions to minimize vulnerabilities and misconfigurations that can expose your environment.
Get in touch with us for:
- Reliable cloud backup (backup as a service).
- Dependable disaster recovery as a service (DRaaS) for your organization.
- Endpoint security for your users such as Bitdefender or Kasperksy antivirus.
- Best-in-class firewall solution for your organization.
- Advanced email security service including email security for Microsoft Office 365.