While Russia’s invasion of Ukraine continues, the cyber security community was mobilized to respond to cyber-attacks which are a part of the hybrid warfare used by Russian state actors. Unlike direct armed conflict, the situation on the cyber front is not as obvious and, most of the time, invisible.
CYBERS in cooperation with Recorded Future will share insights on the ongoing cyber crisis which started several months before the military invasion. This article provides an overview of the current situation, as well as the recommended emergency actions that should be taken by organizations to withstand this cyber conflict.
Cyber conflict overview
Over several past months, Russia has been mobilizing its cyber task force to be used in attacks against Ukraine and its supporters. The active phase of that attack started in January 2022, however, there are indications of compromise attempts and preparatory activities going back as far as Autumn of 2021. It should also be noted that Russia has spent decades building up one of the most powerful offensive cyber forces in the world.
Read an executive overview of Russian aggression against Ukraine by Recorded Future®
Mission and goals
These cyberattacks were aimed to cause confusion, hinder communications, weaken the Ukrainian military response, and demoralize the Ukrainian population as part of a wider hybrid warfare operation. Secondary objectives included cyberattacks against Ukraine’s neighbours.
Russia’s offensive cyber actions are primarily targeting the Ukrainian government and media, internet infrastructure, and e-services used by Ukrainian citizens such as digital banking. Russia is attempting to influence assets and techniques, both covertly and overtly, to shape domestic, Ukrainian, and international audience perceptions of its military buildup along Ukraine’s northern, southern, and eastern borders.
The cyber campaign includes a large variety of techniques to achieve the set goals, such as spear phishing and phishing campaigns, mass scans, websites defacements, destructive wiper and ransomware, malware/RATs, DDoS attacks, Cobalt Strike implants, Crime as a Service, and the revival of major botnets.
Despite the fact, that the cyber community reacted quickly against the Russian aggression by launching counter-attacks against Russia’s state agencies, media, critical infrastructure, and financial institutions there are no signs of this conflict ending in the foreseeable future. Russia’s offensive security forces are still highly capable and increasingly aggressive due to sanctions and other activities taken to minimize Russia’s ability to continue further actions against Ukraine.
Recommended emergency action
Identify your weak spots
One of the first steps required to prepare your organization to withstand potentially massive cyber-attacks is to uncover the vulnerabilities and security gaps that can be exploited by the adversary. You need to understand your organization’s security profile before planning further actions. Suggested activities include:
- External and internal perimeter vulnerability scanning
- Organization public profile reconnaissance
- Penetration testing
- Phishing simulation
Harden your infrastructure
You will not able to protect your organization if you don’t know your assets and their level of security. Security controls, security updates and assets security hardening are the key elements of your defence capabilities against cyber-attacks. Following steps should be taken:
- Asset inventory
- Asset security coverage
- Security patching
- Configuration hardening
Enable threat protection
Having an antivirus and a firewall is not sufficient to withstand a modern cyber-attack. APTs (advanced persistent threats) are using a large variety of tools and techniques to compromise the victim’s environment. Most of those remain invisible for traditional security tools. You need to ensure, that you have defence capabilities, that can detect malicious activities based on behaviour analysis and artificial intelligence. Consider deploying the following security capabilities in your organization:
- Endpoint detection and response (EDR)
- Network detection and response (NDR)
- Identity and access security
- Cloud security
Ensure continuous threat monitoring
Cyber security monitoring and incident response should be a core part of your cyber defence. Without it, you will not able to identify and react to cyber-attacks in time. Only timely reaction to suspicious behaviour or unusual events can prevent a threat from becoming a cyber breach. Here are the steps, that you need to prepare for handling security incidents:
- 24/7 cyber security monitoring
- Analysis and triage of ongoing security events
- Incident response readiness
- Threat intelligence monitoring
Preparing for a cyber security incident
Do you know how to act in case you have been hacked? Are you able to restore your systems after a security incident? How long will the restoration take? If you haven’t thought about this before, now is the last chance to prepare for the worst-case scenario. Here is what you need to do:
- Check backups of your critical systems
- Prepare the emergency plan
- Verify recoverability of your assets
- Make sure you can ask for help from elsewhere
How CYBERS can help?
- Security Operations Center (SOC)
CYBERS is the best-in-class and highly mature SOC provider, offering a wide variety of security services, such as security event monitoring and incident response, continuous threat hunting, threat intelligence and more. By using CYBERS’ managed security services, you will significantly improve your organization’s cybersecurity posture. You will gain visibility and control of cyberthreats targeting your organization and designed to hurt your company’s business. Fast on-boarding guaranteed!
- Emergency Computer Security Incident Response Team (eCSIRT)
This unique service will help you resolve the toughest cyber-attacks with optimal results and help you make sure that they don’t happen again. With CYBERS Emergency Computer Security Incident Response service, you get an experienced team of cybersecurity responders ready to jump in, when you need them the most! Our defenders react to requests within 2 hours during business days. Full discretion and confidentiality guaranteed!
Our highly experienced team of cyber security experts is ready to help improve your organization’s cyber threat resilience. CYBERS security specialists will help you select, implement and maintain cyber security solutions destined to protect your organization. We offer Endpoint, Network, Identity, Data, Web and Cloud security solutions that will be aligned with your business requirements and needs. Quality guaranteed!
- Cyber resiliency testing (CRT)
Is your company safe and ready for a cyber-attack? CYBERS provides a cyber resilience testing service that reveals security gaps that can be exploited by adversaries to attack your organization. The service incorporates various techniques to identify vulnerabilities and flaws that may have an impact on the overall security posture of your organization. It combines analytical and technological capabilities to deliver the best results. Security efficiency guaranteed!