Whether your organization is U.S.-based or operating exclusively within the confines of U.S. borders, cyber threats can come from anywhere in the world and impact your operations. The harrowing conflict erupting with the Russian military and cyberattacks on Ukraine may spark a spillover of cyberattack activity against the world, including U.S. organizations and critical infrastructure.
A Harvard Business Review article updated today summarizes this situation well: “Conflict in Ukraine presents perhaps the most acute cyber risk U.S. and western corporations have ever faced. Invasion by Russia would lead to the most comprehensive and dramatic sanctions ever imposed on Russia, which views such measures as economic warfare. Russia will not stand by, but will instead respond asymmetrically using its considerable cyber capability.”
Pondurance threat intelligence team guidance
To address this heightened concern, the Pondurance threat intelligence team has proactively reached out to managed detection and response clients with the following guidance, but this is applicable to all organizations.
With the increase in military action by Russia within Ukrainian borders over the past 24 hours, Pondurance threat intelligence analysts continue to monitor developments in cyber activity across the internet. Though unlikely, it is possible that attacks to critical infrastructure, as well as other U.S., European Union, and NATO interests can occur in the event of conflict escalation.
At this time there are no specific threats to our clients, but we maintain a heightened monitoring posture for the foreseeable future. Pondurance threat hunters are aware of geopolitical concerns and are watching environments for malicious activity related to these events.
To protect your networks, we are monitoring any unusual activity, especially from world regions outside of normal operations, as well as hunting for indicators of compromise associated with previous Russian malware activity on Ukrainian networks.
RECOMMENDED ACTIONS
In accordance with the Department of Homeland Security Shield’s Up program this morning, we recommend that all organizations take the following actions on their systems and networks:
● Validate all remote access into your networks and establish multifactor authentication for any accounts with increased privileges.
● Make certain that software is up to date and patched.
● Ensure that any ports and protocols not needed for business services are disabled and unavailable.
● Cybersecurity and IT members should quickly respond to and assess activity that appears out of the norm.
● Ensure that antivirus software has the latest signature updates.
● Any traffic from Ukrainian organizations or organizations with Ukrainian interests should be monitored with extra scrutiny.
● Examine your backup plan and make certain backups are properly isolated and available in the event of ransomware.
● Review the Known Exploited Vulnerability Catalog from Cybersecurity and Infrastructure Security Agency and ensure that patches or workarounds are applied.
We are a global community
We are interconnected in more ways than we often even know, with supplies, resources and people coming from all around the world. The conflict taking place more than halfway around the globe could have far-reaching implications on your business, so this is a good time to ensure you have the cybersecurity resources in place to protect your precious assets and prevent disruption to your operations.
Taking all precautions and ensuring your incident response plan is updated and ready to put into action at a moment’s notice is not being alarmist; it’s just being smart. If you don’t have an IR plan in place yet, we have a helpful checklist that outlines the key steps for an IR plan. We also have an IR hotline that you can reach out to if you think you’re experiencing a breach: +1-888-385-1720.
