Ukraine has been a target of cyber attacks coming from Russia since at least 2013, a long time before the first Russian tanks crossed its border on February 24, 2022, marking the beginning of the ongoing full-scale military invasion.
As soon as the prolonged conflict between Ukraine and Russia escalated into a global crisis, with 141 of the 193 United Nations member states condemning Russia’s invasion of Ukraine and many of the same countries introducing harsh sanctions to limit Putin’s ability to finance war, hackers from around the world split into two camps: one taking the side of Ukraine, and the other one taking the side of Russia.
Just like Russian forces in Ukraine are increasingly committing indiscriminate attacks as they attempt to brute-force their way to victory, some cybersecurity experts now worry that we could see a similar increase of indiscriminate cyber attacks against Ukraine, and small businesses around the world could become collateral damage unless they protect themselves sufficiently.
“Putin has not initiated significant retaliation yet for any U.S., E.U., NATO sanctions, probably because he is too busy dealing with the surprising level of Ukrainian resistance and failures by the Red Army,” said Richard Clarke, the first White House cyber coordinator. “We still believe retaliation, including cyber attacks, is coming.”
Download
DoD Contractor’s Guide to CMMC 2.0 Compliance
Russia-Ukraine Cyberwar Spillover Is to Be Expected
In 2017, Russia unleashed a new variant of the Petya encrypting malware, referred to by Kaspersky lab as NotPetya, on Ukraine. The new variant propagated via the NSA-developed EternalBlue exploit, and it was used to target organizations in the Ukrainian financial, energy, and government sectors.
As is often the case with targeted malware attacks. NotPetya managed to spread out to other countries and infect a huge number of devices, causing more than $10 billion in damages as it paralyzed entire corporations, froze government agencies, and disrupted large ports.
Another similar Russia-Ukraine cyberwar spillover is not only a real possibility—it’s to be expected.
One day before Russia invaded its neighbor, ESET researchers detected a new strain of malware on Ukrainian computers. Dubbed HermeticWiper, this extremely dangerous wiper malware is designed to prevent infected computers from booting up, rendering them useless.
According to Broadcom’s Symantec Threat Hunter Team, “[HermeticWiper] has some similarities to the earlier WhisperGate wiper attacks against Ukraine, where the wiper was disguised as ransomware.”
So far, neither HermeticWiper nor WhisperGate have been detected in the United States, but that could change quickly, and the potential negative consequences for businesses are difficult to predict.
Protect Your Small Business
Knowing that a Russia-Ukraine cyberwar spillover is to be expected, you should proactively take the steps necessary to protect your organization against its potential negative consequences.
We recommend you start by familiarizing yourself with the “Shields Up” warning issued by the Cybersecurity and Infrastructure Security Agency (CISA).
“As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyber-attacks,” states the agency in its warning. “CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Some of the actions recommended by CISA include:
- Access management: Knowing that 80 percent of data breaches are the result of poor or reused passwords, CISA urges organizations to implement multi-factor authentication whenever possible. To reduce friction, organizations should also consider single sign-on (SSO) solutions, making it possible for users to access multiple applications with one set of credentials.
- Intrusion detection: To effectively respond to cyber threats, organizations must be able to detect them in a timely manner, which is why around-the-clock security monitoring provided by a security operations center (SOC) has been growing in popularity among SMBs.
- Incident response: CISA recommends organizations update their incident response plans to protect sensitive data and their IT infrastructures in general from security incidents. They should also review their compliance obligations to avoid non-compliance fines, whose cost can exceed the direct cost of the security incident itself.
- Backup & recovery: Some of the most dangerous malware today is designed to make important data inaccessible, so having everything backed up in a safe location is a must. CISA reminds organizations to test their backup procedures to ensure that critical data can be rapidly restored.
Contact for an Audit of your SMB Security
These and other cybersecurity best practices can go a long way in helping SMBs face increased cyber threats amid the Russia-Ukraine cyberwar. If you would like help with their implementation, don’t hesitate and get in touch with us at OSIbeyond.
Conclusion on Cyber Security with Russian / Ukraine Conflict
Cyber attacks have been at the forefront of Russia’s warfare strategy for some time now, and it’s likely that Putin has yet to unleash the country’s full cyber warfare capabilities on Ukraine. Instead of waiting for state-sanctioned cyber attacks to make headlines again, SMBs should proactively strengthen their cyber defenses by implementing the cybersecurity best practices recommended by CISA and other professionals.