US cyber agency issues new ‘shields up’ warning as Russian invasion of Ukraine intensifies
As Russia’s invasion of Ukraine continues, experts are urging US companies to double down on their cybersecurity protocols.
In mid-February, the Cybersecurity and Infrastructure Security Agency, a federal agency that seeks to improve cybersecurity preparedness, issued a “shield” warning to American organizations, as tensions between Russia and Ukraine s intensified. The Shields-up initiative encourages organizations of all sizes to take steps to reduce their risk of a cyberattack and ensure they are prepared in the event of a breach.
“T]he reason these newsletters are published, particularly aimed at small and medium-sized businesses, is that we have learned the hard way about the fragility of the global supply chain,” says Theresa Payton, former head of the White House. information officer under George W. Bush.
This fragility was apparent last year following the Colonial Pipeline ransomware attack, which led to widespread panic buying that led gas stations to run out of fuel. And Santa Clara, Calif.-based chipmaker Nvidia said Friday it was investigating a cybersecurity incident, though it’s unclear whether the potential cyberattack is tied to a specific entity.
Ukraine itself has already suffered a number of cyberattacks as the conflict with Russia continues, most recently a wave of Distributed Denial of Service (DDoS) attacks – incursions in which an attacker uses a botnet to overwhelm a server with bogus traffic to disrupt the flow of normal traffic. Hundreds of computers in Ukraine have also been infected with destructive malware.
Given how interconnected the world is, it’s possible these cyberattacks on Ukraine could reach US systems, Payton says. It also points to historical reasons for action. Malicious actors allegedly placed malicious code in an update to a tax program used by a Ukrainian software company, which paved the way for the 2017 NotPetya attack that caused billions in damage and havoc in the whole world.
The interconnected nature of supply chains, for example, makes preparing for an attack particularly difficult, Payton says. Whether it is contact systems in Ukraine or other central systems located in the country, this exposure increases the vulnerability of a US business. There is also the possibility that a small business’s third-party vendor may be infected, which could send back to their network. And it’s long been known that small businesses tend to be easier targets than their larger counterparts because they don’t have as many resources.
To overcome these challenges, it is best to get defensive. While assessing unusual behavior and beefing up your crisis response team might be standard safeguards to deploy, Payton adds that a few other tips for dealing with a Russian spin-off attack should also be on. Table. Here are four:
Beware of DDoS attacks: One question companies should ask themselves is whether their technology service provider knows how to detect DDoS attacks and what that provider can do to help them. If your website is not the primary means through which your customers interact with you, DDoS attacks may be less of a concern. But if you operate a retailer or if your website is how third parties connect with you, talk to your technology service provider to learn more about any safeguards they may have in place. There is no need to panic if the answer is no at the moment, but it is something to correct for the future prospects.
Close the side doors: If a third party that a small business works with is affected by a breach, it is possible for malicious actors to enter that small business through a “side door” hack. But businesses can stay on top of side door hacks through log management. Logging is the process of recording all movements and events regarding an organization’s data and other systems. These logs include entries containing information about events that occur in systems and networks. Companies need to manage their logs and closely monitor files and other data that are copied, moved, compressed, or sent outside of an organization.
Deploy encrypted backups: Critical infrastructure and financial services can be key targets in a coordinated ransomware attack. This is where companies want to make sure they have a complete backup of their systems and data. Also make sure everything is encrypted. Another tip? Keep backups separate from network connections, increasing an organization’s resilience in the event of a breach. This way, if a system is compromised, it helps prevent malicious code from spreading to connected systems.
Check MFA again: Even if you think you’ve fully rolled out multi-factor authentication and strong passwords, now is the time to double-check them. Companies do not need technical resources for this and can check their systems themselves. But organizations could also go so far as to have an internal or external team conduct a red team assessment, which simulates an attack to identify possible vulnerabilities. Ensuring that MFA and strong passwords work as intended is important, as Payton points out that Russian cyber operators are known for their skill in guessing passwords through what she describes as a ” password spraying”.
She explains, “They figure out how many login attempts you allow before you lock someone out, they look at old password data dumps, they get your corporate emails, and they leverage technology to password spray.”