The Russian invasion of Ukraine this week was met with sweeping sanctions by the United States and its allies in an effort to force Russian President Vladimir Putin to reconsider his move to attack. Government officials and business leaders in the U.S. and countries across Europe are now bracing for retaliation in the form of Russian cyberattacks.
“In just minutes, a single cyberattack can inflict billions of dollars’ worth of damage to our economies, bring global companies to a standstill, paralyze our critical infrastructure, undermine our democracies and cripple our military capabilities,” NATO Secretary General Jens Stoltenberg said in an article he wrote for the British magazine Prospect.
Stoltenberg stated that a serious cyberattack could trigger Article 5 of NATO’s founding treaty, in which “an attack against one ally is treated as an attack against all,” and the Russian invasion could widen into a much broader conflict.
President Biden said Thursday that the U.S. is prepared to respond “if Russia pursues cyberattacks against our companies, our critical infrastructure. … For months, we’ve been working closely with the private sector to harden our cyber-defenses, sharpen our ability to respond to Russian cyberattacks as well.”
A hack on U.S. chipmaker Nvidia Corp. was initially feared to be connected to the Ukraine crisis, but was reported to be an unrelated ransomware attack on Friday.
It’s an uncertain and frightening time for companies, government agencies and private citizens.
Christopher Budd, a security expert and GeekWire contributor, wrote in an article for IT security company Sophos that “chaotic times breed more chaotic times and actions” and “uncertainty can be overwhelming.”
“The reality is that in times and situations like this, keeping focused on the basics still provides a solid foundation that can help you better protect yourself and your organization,” Budd wrote.
The Cybersecurity and Infrastructure Security Agency has issued guidance to businesses and other organizations on how to avoid a digital breach. GeekWire reached out to Seattle-area cybersecurity experts for their tips and advice on what to watch for and how to plan for potential cyberattacks. Here are a few replies:
Justin Beals, CEO and co-founder at Strike Graph
It seems that the typical issues we are going to see from foreign actors will fall under:
- Phishing attacks
- Code injection
- Ransomware
Major areas of focus to help solve these problems are:
- Review your risks! That will allow you to focus your time on the most vulnerable and valuable aspects of your business in a dynamic geo-political climate.
- Check your change management processes and automated patching to ensure that code can’t be injected into production systems.
- Schedule a security training specifically covering phishing attacks and security incident notification processes to ensure a quick reaction from the team.
Jeff Costlow, chief information security officer at ExtraHop
Most planned attacks arrive with volumetric and nuisance threats — the “shock and awe” tactic we’re seeing via the onslaught of DDoS attacks. However, these threats often provide air cover while attackers lay the groundwork for the main event. Organizations should assume that once a fast and furious attack dies down, a far more destructive attack is in the works. It’s difficult to predict how any attack will be carried out, but past attacks suggest we will see phishing attempts targeting organizations, continued exploitation of known vulnerabilities like Log4Shell, and targeting of the software supply chain.
‘Organizations should assume that once a fast and furious attack dies down, a far more destructive attack is in the works.’
Organizations should implement basic cyber hygiene and focus on their incident response plans. Have teams run through practice scenarios and engage with trusted partners and advisors to shore up any holes.
Finally, I advise organizations to focus on the midgame. We know that motivated, sophisticated cybercriminals can gain access to nearly any organization. Smart defenders should have a defensive playbook around the midgame, where the attacker pivots through your infrastructure, taking actions that can alert your team to the intrusion — command and control communications, data staging and lateral movement.
Christopher Budd, director of global threat communications at Sophos
Focusing and executing on five specific, concrete areas of action can help you better protect yourself and your organization from attacks during this time of increased uncertainty:
- Alert and educate your users about the increased risks.
- Update systems, mobile, IoT and network devices and apps.
- Run and update security software.
- Secure remote access accounts and devices.
- Make and verify backups.
Read Budd’s full piece here.
Alex Gounares, CEO at Polyverse Corp.
It’s probably a good idea to refresh everybody about the “basics.” I was helping a friend the other day who was hacked from a phishing attack, and they used the same password everywhere. A meaningful, but solvable, problem quickly turned into a bigger problem for them.
- Use multi-factor authentication.
- Check the sender of an email (not just the name, but the email address and so on) before clicking on any links or attachments.
- Do a real phone call to a person to verify things like account numbers before sending money (and then follow up to make sure it was received).
- Use the anti-virus and other protection software that might be on your system (e.g. Microsoft’s Defender product, or the security features in Amazon’s Eero home networking equipment).
- Use different passwords for different services / websites, and so on. Both Google Chrome and Apple’s Safari browsers have really excellent “Safety Check” features that should be used. If those tools say a password has been compromised, change it right away.
A practical way to have a unique password for every site / service you use is to not try to remember 100 different passwords, but rather remember a few algorithms that can generate a good password (the longer the better).
As a simple example, an algorithm could be take the first letter of the website and your favorite color with that letter, two words about what you think about that site (or what you buy or anything easy for you to remember), sprinkled with your favorite special characters and numbers.
What matters is that it’s an algorithm you can remember that generates really long passwords without any obvious or personal information in them.
There is a nice comic strip on this.
And of course, back up a good password with multi-factor authentication, like the SMS to a phone or an app like Google Authenticator!
Chris Hallenbeck, CISO of the Americas at Tanium
The ongoing conflict between Russia and Ukraine is putting both public and private sector organizations in Ukraine, the U.S., and other western allies at increasing risk of cyber attack. I would offer the following four tips to executives looking to bolster their cybersecurity posture amidst these heightened threats.
- Dust off cyber resilience playbooks: Having a plan prepared ahead of time is always great – it’s even better if it is specifically catered to your organization and its unique practices. Take the time to test drive the exercises outlined in your plan to allow everyone involved to best understand the role they play and discover how your response may vary based on different scenarios.
- Focus on mitigating supply chain risks: Supply chain related risks are only continuing to grow, and an event like what is currently happening in Ukraine makes supply chain hacks even more likely. Organizations should scan their environment to find what assets they have and where their vulnerabilities may be. And if those vulnerabilities are infiltrated, repair them as quickly as possible.
- Step up threat hunting activities: Live under the assumption that an adversary has gotten into your environment and always be on the lookout through a proactive threat hunting approach. Ensure threat hunting teams look through the organization to find the places a hacker may be able to gain access and monitor those closely for a potential breach.
- Upgrade patch management processes: Patching is often the simplest and quickest way to repair a security breach, but hackers often take advantage of slow patch management systems. The best approach is to automate monthly patches and make sure new systems are sufficiently tested before being rolled out.
