The scenario unfolding with Russia’s invasion of Ukraine is scary and deeply distressing. We at Cutover stand in solidarity with Ukraine and with all those who are striving for peace around the world. Alongside the immediate impact on the Ukrainian people, this heightened conflict also has wider-reaching implications for cyber security.
Immediately after the conflict broke out, suspected Russian-sourced cyber attacks were observed over a 48-hour period at an increase of over 800%. US cybersecurity agencies, the FBI, and the Department of Homeland Security have all shared high alerts covering threat levels, preparedness, and response.
The risk of cyber attacks in the wake of international conflict is unprecedented. Unheralded components of cyber attacks can cause huge disruption far beyond their intended target. Recent examples include attacks like NotPetya and WannaCry which had far-reaching impacts on global business, snowballing as vulnerabilities were exposed and exploited. NotPetya caused approximately $10 billion in damages and WannaCry cost the NHS £92 million directly as a result of access to information and systems being unavailable.
One of the latest threats is the Sandworm cyber espionage campaign, which uses a previously undiscovered zero-day vulnerability in Windows operating systems to steal information, spreading via infected PowerPoint attachments and files from phishing attacks.
With increasing pressures and sanctions placed upon Russia, we could see less concern for these global impacts when designing attacks aimed at destabilizing the Ukrainian Government.
Getting the basics right
The best cyber defence involves building strong security foundations and getting the basics right. Just because a threat actor is sophisticated, it does not necessarily mean their attack is. Individuals and companies can take simple steps to protect themselves and their organizations from being susceptible to an attack, including:
- Ensuring you are running the latest operating system available on all devices and third-party systems such as Slack or Zoom
- Being vigilant against phishing attacks which attempt to lure you into engaging with content which creates an open door for malicious parties to gain access or steal information
- Ensure you have strong, unique passwords for all your accounts - you can use a secure password manager to store these so you don’t have to remember them all
- Having cyber security runbooks in place so you can plan, simulate, evolve, and execute when a threat is detected
Due to the ongoing conflict, technology and logistical supply chains are more complex and critical than ever. Preparedness to face these threats will be key to ensuring resilience and protecting businesses and customers.