What businesses can do to mitigate the increased risks and navigate the heightened security threats during the crisis, and beyond.
As the world watches in horror at the unjustified military invasion of Ukraine, fears of an unprecedented cyber-war are mounting. Alongside the horrifying images of destruction, there has been an onslaught of less-visible cyber-attacks on computer networks.
Organisations, including SupPortal, are doing everything possible to develop and share appropriate resources to help businesses mitigate the risks and navigate the heightened cyber threat during the crisis.
New Malware Families Discovered
ESET researchers have discovered several malware families targeting Ukrainian organisations. These destructive campaigns included denial-of-service (DDoS) attacks against significant Ukrainian governmental websites which preceded the Russian military invasion by just a few hours.
These attacks leveraged at least three components:
- HermeticWiper: makes a system inoperable by corrupting its data
- HermeticWizard: spreads HermeticWiper across a local network via WMI and SMB
- HermeticRansom: ransomware written in Go
The malware deployed can destroy computer systems and make them completely inoperable.
Heightened risks for countries that back Ukraine
At the time of writing, there is no indication that any other countries have been targeted, however, there are risks that the same threat actors will launch further activity against countries that back Ukraine, or sanction Russian entities.
According to governments and intelligence agencies from around the world, “Russia maintains a range of offensive cyber tools that it could employ against global networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure.”
As Russia responds to sanctions imposed on them for violating international law, it is prudent to assume that every organisation is at a heightened risk of cyber threats.
Potential high-risk targets include critical infrastructure services, such as governments, utilities, and financial institutions. Whilst your business might not be threatened directly, systems that your rely on to stay operational might. If they suffer, it is likely you will suffer too.
This heightened risk has forced US and Australian agencies to issue alerts on destructive malware targeting organisations in Ukraine, whilst in the UK, the NCSC is urging organisations to follow its guidance in response to the heightened cyber threat levels.
Actions to take
The most fundamental action for organisations of all sizes to make is to ensure basic cyber security is in place to protect devices, networks, and ICT systems. This is always important but becomes even more critical during times of heightened cyber threats.
Follow our 10-step plan, in line with the NCSC guidance, to mitigate the cyber risks presented to individuals and organisations.
1. Confirm defence systems are operational
Ensure you have anti-virus software installed and working correctly across all systems and check your Firewall rules are as expected.
2. Protect your passwords
Make sure all passwords for your systems are strong and unique and change any passwords that are not immediately. Ask staff to ensure their passwords are unique to your business and not shared across other non-business accounts or systems.
You should also ensure Multi-Factor Authentication is enabled wherever available and properly configured.
Pay particular attention to any accounts that have admin or privileged access rights and remove any old or unused accounts.
3. Secure your IT configuration
Remove or disable unnecessary functionality from ICT systems, and keep them patched against known vulnerabilities including all third-party software, firmware, internet-facing services, and key business systems.
Check automatic updates are turned on.
4. Back up your data
Confirm that backups are running as expected and perform test restorations to ensure that your process is practised and familiar.
5. Configure an incident plan
Ascertain if you have an incident management plan in place and confirm that it’s up to date, ensure it includes up to date contact details and escalation routes.
It should detail who has the authority to make key decisions, including out of normal working hours and that it will be available to use, even if your business systems are not.
6. Map your internet-based external footprint
Check that your external internet footprint records are correct and up to date, including IP addresses, domain names, and domain registration data. Perform a vulnerability scan of your whole footprint and check that everything that can be patched has been.
Internet-connected services with unpatched security vulnerabilities are an unmanageable risk.
7. Determine your phishing response
It is common for malware distributors to take advantage of global events to trick recipients into opening unsafe email attachments. At this time, there is nothing more closely watched than Russia’s invasion of Ukraine.
Ensure your staff know what to do and how to report phishing emails. Make sure you have a process in place to deal with them and clearly convey this throughout your organisation.
8. Monitor third-party access
Where a third party has access to your IT systems, check that they have appropriate privilege levels and ensure you understand their security practices. Remove any third-party access that is no longer required.
9. Take precautions when working remotely
If you have members of staff that do their work remotely, ensure their devices are as secure as equipment in an office by ensuring all devices and networks comply with company policies and procedures.
Using public WiFi could put data at risk, so you should ensure staff are always using a secure connection when working on the internet.
10. Brief your organisation
Ensure everyone in your organisation understands the increased cyber threats posed by the current situation by communicating the importance of heightened cyber-security awareness during this period as well as how they should report any suspect events.
Businesses of all sizes should carry out the actions detailed above, to ensure they have the most fundamental security measures in place.
If you don’t know where to start or want assistance in taking the correct precautions to protect your business, please call us on 023 8098 2218, speak to us via our live chat, or complete our online form. We’ll do all we can to help and support you and your business.