On February 24th, Russian tanks and troops rolled across the border and into Ukraine, starting an invasion that has led to some of the worst fighting in Europe since the darkest days of World War Two. What is less newsworthy is that on that same day, the Russians also launched a successful cyber attack that knocked over five thousand wind turbines offline in Germany.
Russia has been behind many of the most significant cyber attacks in recent history. The Biden administration has also recently stated that Western states and companies should prepare for more cyber attacks coming from Russia. This warning should be taken very seriously because Western governments and the Biden administration specifically have been correctly telegraphing Russian war strategy since the beginning of the troop buildup in Eastern Russia and Belarus.
Clearly, the Biden administration has access to Russian intelligence from sources very near Vladimir Putin and the strategy has been to make their knowledge well known. The effectiveness of this strategy is up for debate, but one thing is certain; Russia is posing a very serious cybersecurity threat to the governments, corporations, and other institutions in the West.
It is known that Russian cyber criminals are planning attacks throughout Europe and North America, and while the Russian military may have vastly misjudged their capabilities in Ukraine, their cyber warfare capabilities still must be taken seriously.
Cybersecurity professionals should look at this as an opportunity to strengthen and tighten their security protocols. As any cybersecurity professional will tell you, the biggest threat to any system is complacency. Most successful attacks are relatively unsophisticated and rely on user error somewhere along the way to gain access to a system.
We have identified five specific actions that cybersecurity professionals should immediately take in the wake of these Russian threats.
#1 Educate & Alert Your Teams to the Threats
Both security team members and users should be made aware of their responsibilities in keeping an organization’s systems safe and secure. Simple reminders such as using and regularly changing passwords, and using a combination of characters of at least twelve different digits will help keep systems secure.
With the sanctions imposed on Russia, as a result of the conflict in Ukraine, the likelihood of Russia using its sophisticated cyber capabilities to engage in cyberwarfare is becoming increasingly more probable. This is a good time to update or implement phishing simulations programs and training to analyze how well users are aware of threats and if they are taking proper action when threats do arise. Often a simple reminder or short training session makes the difference between thwarting an attack and suffering severe consequences.
Not every attack is as sophisticated as something like Stuxnet, many simple phishing or social engineering attacks are successful, not due to their state of the art programming, but to simple user error or a small lapse in judgment. Often a simple reminder of basic protocols is all that is needed to fend off a would-be attack.
#2 Check & Double Check Backups
Having a solid and reliable backup of your organization’s data is another simple and effective way to combat many types of losses. Criminal attacks are the only one-way data can be compromised or lost. Losses due to system failure and benign human error are just as common as those from cyber attacks.
In 2019, the City of Baltimore lost valuable key data in a ransomware attack. The cost of the breach was in excess of five million dollars, and a forensic analysis after the fact revealed that the entire thing could have been avoided if the city’s cybersecurity officials had instituted simple offsite backup storage of the data. As we see time after time, even the best and most sophisticated tools are ineffective if they are not implemented.
Due to the Russia/Ukraine war, businesses should be more aware of an increased possibility of ransomware attacks. Russia may use this type of attack to cause conflict in Ukraine. As a result of the escalating friction with the West, the Russian government may be more lenient on hackers within its own borders, therefore making these attacks more likely to happen.
Encouraging users to store their data on removable drives can often lessen the impact of an attack or loss. Many studies have found that system downtime can result in costs of over five thousand dollars per minute. Keeping users up and running during an attack is everyone’s goal and responsibility, and with so many things in cybersecurity, the simple things usually are the ones that make the biggest difference.
Backups need to be redundant and offsite as well. It is not just cyber attacks that are the threat, many losses have resulted from everything from natural disasters to burst pipes. Following the “3-2-1 Rule” is advised. Three backups, two separate locations, one of which is offsite, will generally result in a robust backup plan that will reduce costs and downtime in the event of an attack or other disruption to the data.
#3 Secure Remote Access
The rapid need to expand remote access capabilities at the onset of the pandemic has left many systems vulnerable and has led to many of the worst attacks in the past two years. Remote access isn’t going away as many companies and other organizations are still allowing users to work from home.
Making sure employees are required to use Multifactor Authentication (MFA) methods will drastically reduce vulnerabilities and the possibility of a cyber attack from Russia. The Federal Bureau of Investigation (FBI) and The Cybersecurity and Infrastructure Security Agency (CISA) have expressed a joint warning that Russian state-sponsored actors are exploiting default multi-factor authentication protocols to gain access to networks. They have advised that MFA should be set up for all users and a configuration of policies to maximize safety. If you have not yet implemented an MFA strategy for your remote users, this current threat should give you the drive to set it up while it is at the forefront of everyone’s mind.
Along with MFA, your organization should also make sure remote users are using a virtual private network (VPN) and all of the software is updated to the latest version. A VPN will drastically cut down on the effectiveness of malware and phishing attacks by Russia, but it only works if it is being actively employed by an organization’s users. Reminding users that a VPN is crucial and mandatory can make a huge difference.
Remote access is often the weak point in social engineering attacks as well. Make sure users are trained on exactly what to, and what not to expect when following MFA protocols, as they can sometimes backfire and cause a false sense of security as was the case recently when hackers stole millions of dollars worth of assets by exploiting a weakness in the company’s account recovery function. It is important to remember none of these tools are foolproof and cannot run in a vacuum. Each tool is just one part of the overall strategy.
#4 Run and Update Security Software
Use this opportunity to make sure your organization’s security software is properly running and updated. Software updates may be time-consuming and annoying, but they are there for a very good reason. There have been dozens of high-profile breaches in the past several years that have resulted from security teams not running and installing patches that would have fixed the weakness that was exploited by a hacker.
Simply requiring or rebonding all users to set their Windows systems to Install Updates Automatically can be all it takes to thwart a cyber attack. Again, we know the threat from Russia is very real and imminent, and we also know these attacks tend to be less sophisticated, but can be quite effective when teams and users become lackadaisical and fail to do the simple things.
A quick double-check to make sure all software is up to date and being kept up to date will drastically reduce the threat to any organization.
#5 Update Mobile & Internet of Things Systems
The rise in popularity of mobile and especially Internet of Things (IoT) devices has left some gaping holes in many organization’s systems. These devices are crucial to the functionality of any organization’s systems but often present an overlooked weakness in security. When updating security software, do not forget IoT devices and also make it a point to have your security teams remind users and institute some training protocols as well.
It is easy to overlook the vulnerability that comes with many IoT devices, but anything connected to the Internet can be exploited. Something as simple as a smart coffee machine seems benign, but can provide access to a user’s banking information and can be exploited by common applications such as Amazon Alexa. Printers, smart speakers, and even fax machines are vulnerable, and often the easiest target of would-be hackers.
Cybersecurity threats continue to come from actors around the globe, including but not exclusively to Russia, and while we are all hoping for a quick and peaceful end to the war, its end will not result in the end of cyber security threats.
We are indeed facing many threats from Russia, and these must not be underestimated. Security officials and professionals should use this time to double-check all security systems and make sure all users are trained properly and understand their role in an organization’s cybersecurity protocols.
In addition to alerting and educating team members, security professionals are also reminded to update their systems, security software, remote access capabilities, and all mobile and IoT devices and make sure a proper data backup plan is instituted. While the threat is real and the consequences can be quite high, remember these attacks can almost always be avoided. Cybercriminals rely less on sophistication and more on exploiting common oversites. Making sure you have robust systems and protocols in place will drastically mitigate these threats.