Cyber Advisory: Heightened Awareness Related to Russian Cyberattacks

As the Russian invasion of Ukraine progresses, having a heightened awareness for the potential cyber activities associated to the spillover of Russian cyberattacks is necessary. Whether it is spillover effects from the cyberattacks in Eastern Europe or specific targeting of industries attributed to Russia, these pose risks to businesses here in the U.S. 

One of the most effective and proactive activities security leaders can take is to conduct cyber risk assessments of your organization’s attack surface. External attack surface assessments can keep you apprised of present vulnerabilities associated to your public facing technology assets – including unknown exposed assets – that may be targeted or impacted by the increased cyber activities stemming from the Russia-Ukraine theater. Second to that is the monitoring of cyber threats not limited to compromised employee credentials, Bots and IoCs, sold by various hacker groups.

 

We are also seeing validation of heightened activity against certain industries attributed to Russia:

Oil and Gas

EQT Partners had this to say in a recent interview with Bloomberg.

At the 7:42 second mark- discusses the impact of cybersecurity and attacks from Russia as part of the Ukraine invasion to target North America oil and gas entities.

 

Healthcare

The American Hospital Association identifies the increase in probing scans from Russia and has notified its 5,000 member hospital organization to be on heightened alert.

“While this is an ‘all-hands-on-deck’ situation, businesses shouldn’t treat this as a one-off or ad-hoc response exercise, but to adapt and develop new strategies and processes for proactively assessing and managing cybersecurity risks based on the control gaps and deficiencies.” said Victor Gamra, Founder and CEO of FortifyData.

We can also recommend you follow Cisa.gov/shields-up, specific ISAC or ISAO organizations, for the information and resources they are providing to keep up to date as the situation evolves. CISA also published Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure that highlights the CVEs detected in Russian cyber activities.

We have good expectation that many industries will see increased network reconnaissance and probing activities stemming from Russia, or activity masked to appear to be coming from Russia. While many are focused on Russia, this could give other nation-state APTs the cover to increase their own reconnaissance of US organizations with critical vulnerabilities.

The FortifyData platform was built to provide an integrated view of cybersecurity risks across external networks, internal networks, cloud misconfigurations and third parties exposures. We are fully aware of wiper ransomware, DDoS and various other types of attacks in the Ukrainian theater, and we monitor for those activities for clients globally.

Feel free to take advantage of our complimentary assessment if you’re in need of another “set of eyes” on your organization’s technology.