The Russian threat to its former Soviet neighbors is not new. Russia has a history of trying to annex territories that were once part of the Soviet Union. In 2017, Russia launched an unprecedented cyberattack on Ukraine with the NotPetya malware – akin to ransomware, but without the ability to undo its encryption, essentially destroying data forever. The targets of NotPetya were financial institutions and power plants.
In order to create instability and cripple communications in the days before the current invasion, Russia utilized a new malware called HermeticWiper to launch devastating cyber-attacks against critical infrastructure in Ukraine. HermeticWiper uses a signed driver to deploy a wiper that targets the Windows computer MBR, resulting in subsequent boot failure. This alert from Cybersecurity and Infrastructure Security Agency (CISA) has more technical details of the malware, including IoCs (Indicators of Compromise), to help keep your organization safe from its effects.
What To Do From a Cybersecurity Perspective
This conflict and the immediate increase in suspected Russian-sourced cyber-attacks have brought heightened awareness to the topic of cybersecurity and cyber warfare, resulting in many organizations asking the question, "Are we doing enough to protect our company from an attack?"
SBS CyberSecurity recommends several top controls in the Six Controls to Dramatically Reduce Cyber Risk of Incidents blog. Implementing the suggested controls will dramatically reduce cyber risk for the most common and most destructive attacks seen today. If your organization has a proactive cybersecurity mindset, you have likely already implemented many of these controls. If you are just beginning to review your cyber landscape, start by implementing these controls:
- Enforce MFA (Multi-factor Authentication) wherever possible
- Advanced email controls (sandboxing, SPF/DKIM/DMARC)
- Egress Firewall Whitelisting
- Country Code blocking
- Host Intrusion and Prevention Software (HIPS + scripting control), also known as Managed Detection and Response solutions (MDR)
ANY organization that has not implemented all these controls should start ASAP. If you have implemented the above controls, the following are excellent next steps.
- Verify data backups are being performed, tested, and segregated (air-gapped) from the network.
- Carefully update your risk assessments to monitor and manage risk.
- Perform audits of your organization's technical and non-technical security controls and remediate areas of vulnerability
- Educate and test employees regarding all aspects of social engineering
- Maintain a heightened awareness during times of crisis
The US Federal Government has created a CISA site specifically for dealing with the Russian cybersecurity threat called Shields Up. It contains an active blog, announcements, and how-to's from CISA.