While Russia’s invasion of Ukraine continues, the cyber security community was mobilized to respond to cyber-attacks which are a part of the hybrid warfare used by Russian state actors. Unlike direct armed conflict, the situation on the cyber front is not as obvious and, most of the time, invisible.
CYBERS in cooperation with Recorded Future will share insights on the ongoing cyber crisis which started several months before the military invasion. This article provides an overview of the current situation, as well as the recommended emergency actions that should be taken by organizations to withstand this cyber conflict.
Over several past months, Russia has been mobilizing its cyber task force to be used in attacks against Ukraine and its supporters. The active phase of that attack started in January 2022, however, there are indications of compromise attempts and preparatory activities going back as far as Autumn of 2021. It should also be noted that Russia has spent decades building up one of the most powerful offensive cyber forces in the world.
Read an executive overview of Russian aggression against Ukraine by Recorded Future®
Mission and goals
These cyberattacks were aimed to cause confusion, hinder communications, weaken the Ukrainian military response, and demoralize the Ukrainian population as part of a wider hybrid warfare operation. Secondary objectives included cyberattacks against Ukraine’s neighbours.
Targets
Russia’s offensive cyber actions are primarily targeting the Ukrainian government and media, internet infrastructure, and e-services used by Ukrainian citizens such as digital banking. Russia is attempting to influence assets and techniques, both covertly and overtly, to shape domestic, Ukrainian, and international audience perceptions of its military buildup along Ukraine’s northern, southern, and eastern borders.
Methods
The cyber campaign includes a large variety of techniques to achieve the set goals, such as spear phishing and phishing campaigns, mass scans, websites defacements, destructive wiper and ransomware, malware/RATs, DDoS attacks, Cobalt Strike implants, Crime as a Service, and the revival of major botnets.
Current situation
Despite the fact, that the cyber community reacted quickly against the Russian aggression by launching counter-attacks against Russia’s state agencies, media, critical infrastructure, and financial institutions there are no signs of this conflict ending in the foreseeable future. Russia’s offensive security forces are still highly capable and increasingly aggressive due to sanctions and other activities taken to minimize Russia’s ability to continue further actions against Ukraine.
Identify your weak spots
One of the first steps required to prepare your organization to withstand potentially massive cyber-attacks is to uncover the vulnerabilities and security gaps that can be exploited by the adversary. You need to understand your organization’s security profile before planning further actions. Suggested activities include:
Harden your infrastructure
You will not able to protect your organization if you don’t know your assets and their level of security. Security controls, security updates and assets security hardening are the key elements of your defence capabilities against cyber-attacks. Following steps should be taken:
Enable threat protection
Having an antivirus and a firewall is not sufficient to withstand a modern cyber-attack. APTs (advanced persistent threats) are using a large variety of tools and techniques to compromise the victim’s environment. Most of those remain invisible for traditional security tools. You need to ensure, that you have defence capabilities, that can detect malicious activities based on behaviour analysis and artificial intelligence. Consider deploying the following security capabilities in your organization:
Ensure continuous threat monitoring
Cyber security monitoring and incident response should be a core part of your cyber defence. Without it, you will not able to identify and react to cyber-attacks in time. Only timely reaction to suspicious behaviour or unusual events can prevent a threat from becoming a cyber breach. Here are the steps, that you need to prepare for handling security incidents:
Preparing for a cyber security incident
Do you know how to act in case you have been hacked? Are you able to restore your systems after a security incident? How long will the restoration take? If you haven’t thought about this before, now is the last chance to prepare for the worst-case scenario. Here is what you need to do:
CYBERS is the best-in-class and highly mature SOC provider, offering a wide variety of security services, such as security event monitoring and incident response, continuous threat hunting, threat intelligence and more. By using CYBERS’ managed security services, you will significantly improve your organization’s cybersecurity posture. You will gain visibility and control of cyberthreats targeting your organization and designed to hurt your company’s business. Fast on-boarding guaranteed!
This unique service will help you resolve the toughest cyber-attacks with optimal results and help you make sure that they don’t happen again. With CYBERS Emergency Computer Security Incident Response service, you get an experienced team of cybersecurity responders ready to jump in, when you need them the most! Our defenders react to requests within 2 hours during business days. Full discretion and confidentiality guaranteed!
Our highly experienced team of cyber security experts is ready to help improve your organization’s cyber threat resilience. CYBERS security specialists will help you select, implement and maintain cyber security solutions destined to protect your organization. We offer Endpoint, Network, Identity, Data, Web and Cloud security solutions that will be aligned with your business requirements and needs. Quality guaranteed!
Is your company safe and ready for a cyber-attack? CYBERS provides a cyber resilience testing service that reveals security gaps that can be exploited by adversaries to attack your organization. The service incorporates various techniques to identify vulnerabilities and flaws that may have an impact on the overall security posture of your organization. It combines analytical and technological capabilities to deliver the best results. Security efficiency guaranteed!
Explore the fusion of service design and cybersecurity in our latest blog post, inspired by KüberCAST’s enlightening episode with Andres Kostiv. Learn how this integration not only enhances digital service innovation but also fortifies user trust and safety in the evolving digital landscape.
Dive deep into the world of cybercrime with insights from Alexander Leslie of Recorded Future, exploring the LockBit ransomware’s rise and fall, the strategies behind its operation, and the collaborative efforts leading to its takedown.
Delve into the complexities of data security and AI, understanding how these pivotal technologies are transforming business strategies and operational efficiencies.
