The Cybersecurity Impact of Russia-Ukraine Conflict
As the world was slowly moving on from the unprecedented Covid-19 pandemic, several organizations had adopted cloud computing to enable…
As the world was slowly moving on from the unprecedented Covid-19 pandemic, several organizations had adopted cloud computing to enable work from home for their employees. These organizations braced themselves to the idea of smart working where if a worker cannot come to work, work will come to worker. And this has been increasingly made possible by organizations moving most of their workload on cloud which not only includes line of business systems but also end user computing devices, and their administration & management.
These organizations have also increasingly adopted hiring people via leading freelancing sites to eliminate the geographical barriers while still embedding transparent and fluid governance model to track productivity and risks.
And as these organizations put Cloud Computing and Work from Home on their priority charter, the world saw another catastrophic event in the form of Russia Ukraine conflict when on February 24th, 2022, Russia Launched an offensive attack on Ukraine. The situation eventually escalated towards people leaving Ukraine and Russia facing severe sanctions from developed nations across the world.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently warned through its Shields Up initiative that “every organization — large and small — must be prepared to respond to disruptive cyber activity” in the wake of Russia’s invasion of Ukraine.
These unprecedent events have introduced risks, that were not pertinent before and thus needs a holistic mitigation approach with sense of urgency and priority. While it is unpredictable on the forms of attacks and the acceleration on the surge, we certainly anticipate the following risks that may emerge and would need a mitigation plan.
1. Phishing — Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email.
2. Malware & Ransomware — Ransomware is a type of malware that helps malware authors to encrypt or lock the computer files while demanding a ransom to unlock the encrypted files. The user is denied access to the files — this is done by encrypting files on the hard drive or displaying messages by locking the system which forces the user to pay the malware author to unencrypt and get back access to their computer.
3. DDoS Attack — Distributed denial of service (DDoS) attacks led to flooding of network /servers with traffic, making it offline for actual utilization.
4. Crypto jacking — Crypto jacking is a type of cybercrime that involves the unauthorized use of people’s devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency. Like many forms of cybercrime, the motive is profit, but unlike other threats, it is designed to stay completely hidden from the victim.
5. Password Spray Attack — In a password spray attack, adversaries “spray” passwords at a large volume of usernames. The hacker goes after specific users and cycles through as many passwords as possible using either a full dictionary or one that’s edited to common passwords.
While the above risks existed for quite some time, the threat levels have increased profoundly and may impact organizations both within and beyond the region. Every organization — large and small — must be prepared to respond to disruptive cyber activity.
The security and intelligence at several multinationals have indicated that they are anticipating cyberattacks and assessing the potential for second and third-order effects on their operations. Some companies noted that they are anticipating an increase in attacks and scams in conjunction with the Ukraine crisis, with risk assessments typically contingent on whether the company has direct links to Ukrainian and Russia Talent Pools and Employee Base directly or via several top Freelancing & Talent Management Sites.
Triskelion recommends all organization irrespective of their digital estate size and geographical footprint, adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. We do recognize the need to highlight few immediate best practices to be implemented in your organization if you have not already done so.
1. Implement Zero Trust Security Model to ensure data and resources are inaccessible by default. Users can only access them on a limited basis under the right circumstances, known as least-privilege access.
2. Adopt strong password policy and Multi Factor Authentication and include hardware-based keys like FIDO into your authentication methods.
3. Update / Patch Software & Vulnerabilities — Ensure that your software and firmware are updated and patched to address any known vulnerabilities.
4. Attackers often exploit fear during uncertain times. Learn about various types of scams and know that they are constantly being adapted according to current events. Educate your employees and other users around these scams.
5. Prepare for Ransomware and/or Data Destruction by Auditing your Disaster Recovery Plan and ensure your back ups are in place. Run a drill to validate your recovery times and recovery points.
6. Revisit your password management for key applications and infrastructure and move to Key and Secret Management Services with your cloud provider.
7. Implement and audit your end point security for end user computing devices especially with work from anywhere team using company provided as well as BYOD devices.
8. Establish Conditional Access policies as they allow to verify user access based on different conditions such as location, device type, risks, applications etc.
9. Engage in proactive threat hunting and deploy an effective endpoint detection and response solution (EDR).
In the face of these threats, cybersecurity is no longer some afterthought. Cybersecurity is basic survival, and it has never been more important, especially considering the escalating Russia-Ukraine conflict.