The world is facing unprecedented geopolitical challenges that affect business everywhere. Amid the financial tensions caused by the global pandemic, the conflict between Ukraine and Russia continues to grow – and there are fears of devastating consequences if hostilities spread to cyber theater.
Since the beginning of the conflict, governments have continued to do so warn organizations around the world to be on the rise for nation-sponsored cyberattacks. On April 20, CISA, in collaboration with many other cybersecurity agencies Five-eyed countriesreleased the joint cybersecurity tips. The latest advice, citing evolving intelligence, re-alerted businesses to the potential cyber consequences of the Russia-Ukraine conflict and updated previously released TTP which cybersecurity teams need to review.
Code wars of the 21st century
Cyberattacks, as part of information operations, are widely considered the fifth dimension of war and are now considered as an extension the military power of nation states, given their ability to disrupt critical infrastructure and systems they rely on, such as telecommunications, energy and transport services.
From the earliest example of cyber attacks against Estonia and Georgia, the use of cybernetics to gain a geopolitical advantage is not new. Perhaps the most recent example of this is between Israel and Iran – a conflict that dates back a decade. One of the most serious incidents involved an attempt to attack an Israeli water facility in which hackers tried to increase chlorine levels in the region’s reservoirs. Hundreds of civilians would be affected if the attack was successful.
Today, as the conflict in Ukraine continues, Russian-sponsored cyber actors have already launched large-scale attacks on Ukraine’s critical infrastructure. Take, for example, the attack on Ukrtelecom, the country’s largest national telecommunications company. Although the attack was quickly detected, it caused major internet outages across the country, dropping connectivity to 13%.
Navigating the stormy landscape of threats
Unfortunately, it can only be a matter of time before other nations and businesses outside the conflict find themselves on the line of fire. Against this background, security leaders everywhere must act urgently. The CISA Council includes specific details of relevant stakeholders, their associations attributed to TTP, and comprehensive preventive measures that businesses can take in response to this crisis. However, every business may be at a different point in their respective journeys to maturity in security, and for many it begins with asking these five simple critical questions:
- Is your perimeter constantly evaluated and protected? Be aware of and solve the challenges posed by the ephemeral and automatically scalable features of your IaaS perimeter footprint. In today’s hybrid work environment, your perimeter also extends to where your employees’ endpoints work. Adapt quickly to these new paradigms. A true understanding of your perimeter is easier said than done, and starting your journey to building an asset inventory in real time can help. Your posture should include continuous assessment of the perimeter for remotely exploitable vulnerabilities. To help prioritize, use a known vulnerability that can be exploited catalog from CISA and on specific CVE that these threats are known to use. Ideally, you already have a robust vulnerability management program in place to help you track and troubleshoot issues you find.
- Do you have enough registration and discovery on site? If you have not already done so, enable security-related logging of ALL your critical surfaces. You cannot investigate what is not registered and detailed registration will be more valuable than gold in the middle of a critical incident. Examine your posture for discovery. Your ability to proactively detect TTPs used by relevant state-sponsored participants may be the difference between a benign and a serious accident.
- What is your maturity for responding to accidents? Responding to high-impact incidents requires close collaboration between external stakeholders and a variety of internal stakeholders from IT, legal, PR, customer support, your leadership team and even your board of directors. Proactively build these relationships and test your muscle for response to appropriate desktop scenarios. Proactively build textbooks and consider important cross-functional variables for incident resolution.
- What is your current position at the Ministry of Foreign Affairs? Identity, as they say, is the new perimeter. Know what your critical applications are and evaluate MFA coverage. It is trivial to add MFA to your sensitive access points. It is also trivial to we exploitak factors like SMS and even easier for social engineers to share 2FA codes. State-sponsored participants often use identity-based attacks as their main entry point. Choose strong 2 factors that are resistant to phishing and other techniques.
- What is the state of your organization’s security culture? Not all employees have the same security behavior. Some are more vigilant than others in identifying and reporting common social engineering attacks such as phishing and viking. The cyber attack on Twitter in 2020 was a great example of this. Employees should now be required to undergo several compliance-based cyber-awareness trainings throughout the year, but in most cases they are unlikely to be effective. In the current threat landscape, implement targeted intelligence-led training to improve organizational awareness against specific TTPs identified on the CISA board. Your employees can be the most effective security control.
Although entities with a large EU presence and certain industrial verticals such as finance, oil and gas, energy and transport need to be particularly vigilant, any cyberattack is unlikely to adhere to sectoral or other boundaries. If the interdependent nature of the supply chain and third-party risks has taught us something, it is that regardless of the vertical of your industry, you can be a target if your customers work in these areas. Every security leader needs to put smart readiness at the forefront today and improve their ability to withstand and recover from an attack with minimal business disruption.