The invasion of the Russian troops in Ukraine has resulted in a surge of cyberattacks in the country as security experts are warning that more and larger hacks are expected in the energy and financial sectors.
Researchers at ESET, a cybersecurity company, found software that disrupted hundreds of computers in Ukraine and was likely planned for several months, according to its Twitter account.
Vikram Thakur, a technical director at Symantec, a cybersecurity company, told Reuters that the hacking was found in both Ukraine and Latvia. A Symantec spokesperson said the hack also included Lithuania. The targets included a financial institution and a government agency, sources told Reuters.
Ramping up cybersecurity right now is critical, Hitesh Sheth, CEO at Vectra, a San Jose, Calif.-based cybersecurity company told TheStreet.
“The war we see on TV is only a fraction of the conflict,” he said. “No one can afford complacency about the events we are watching in real time. They prove the alarming point that old-fashioned cyber defenses centered on perimeter protection will fail under fire.”
Companies should check that their cybersecurity efforts are tightened, Sheth said.
“Security begins at home, and private interests cannot rely on state-sponsored protection,” he said. “There is an immediate need to audit and reinforce cyber defenses and prioritize AI-augmented detection and response. Doing so will contribute to stability in a worrisome time.”
Russian cyber attacks against critical U.S. infrastructure and economic assets will escalate rapidly if the U.S. takes a “real stance against the annexation of Ukraine to Russia,” Mark Moses, director of client engagement at nVisium, a Falls Church, Virginia-based application security provider, told TheStreet.
“If the U.S. entertains serious sanctions or starts supplying arms and material support to the Ukrainian resistance, we can expect escalated cyber warfare against Western interests in general,” he said. “Government entities and key businesses should be paying particular attention to bolstering their defenses and ensuring redundant systems are in place, as defense against state-level actors is at another level from defense against the average Internet threat actor.”
What Sectors Could Be Impacted
While a global attack is unlikely, industries such as banking, energy and infrastructure should be even more focused on monitoring the activity at their companies.
“What’s likely to happen are responses to any potential activity from NATO members that are supporting Ukraine,” Andrew Barratt, vice president, technology and enterprise at Coalfire, a Westminster, Colorado-based provider of cybersecurity advisory services, told TheStreet. “It is highly likely that profiteering-criminals will seek to take advantage of any new attacks that Russia leverages and use the conflict to mask their actions.
The energy industry is a common target and as sanctions ramp up, western banks enforcing them can expect attacks as well, John Bambenek, principal threat hunter at Netenrich, a San Jose, Calif.-based digital IT and security operations company, told TheStreet.
“The most prolific tactic is DDoS and this is solved by using Content Delivery Networks (CDNs) or other scrubbing tools in front of critical assets to maintain uptime,” he said. “Beyond that, many attackers aren’t strictly state-tasked, they are just caught up in the furor and using conventional attacks so good cybersecurity hygiene helps. Make sure everything is patched, be aware of phishing themes related to the conflict and lock down PowerShell by requiring signed PowerShell scripts and limit which users can use it.”
What could occur as the war continues is that Russia could choose “tit for tat,” targeting the Western equivalent of any Russian company or individual the West has sanctioned, Rick Holland, chief information security officer at Digital Shadows, a San Francisco-based provider of digital risk protection solutions told TheStreet.
The other victims of a targeted attack include German energy and financial services sectors, who are at high risk as Germany froze the Nord Stream 2 gas project yesterday. Companies that conduct business with Germans could see disruption pending Russian reprisals.
“There could also be unintended or collateral damage victims of Russian targeting; think 2017’s Maersk and the NotPetya attack that cost hundreds of millions of dollars,” he said. “A ‘wormable’ attack could impact almost everyone; once the genie is out of the bottle, you can’t put it back in.”
How to Avoid Being Hacked
Both companies and consumers should avoid being an easy target and instead should make initial Russian access harder, Holland said. He recommends not running unpatched services known to be exploited by Russian threat actors. Ensure that all external services are running multifactor authentication.
“If you do business in Ukraine or with Ukrainian companies, you need to ensure you have third-party risk mitigations in place,” he said. “Monitor and potentially block extranet connections coming out of Ukraine. Monitor any Ukrainian third party partner accounts that could provide initial access to your environment.”
Even though the Russian targets will primarily include Ukrainian military and government organizations, media organizations and e-services used by Ukrainian citizens, cyber criminals could expand their attacks globally, Alex Ondrick, director of security operations at BreachQuest, an Augusta, Georgia-based company in incident response told TheStreet. The attacks could include fraudulent messaging, malware attacks and website defacements.
Consumers can stay safe by using two-factor authentication, changing passwords annually and should rotate and avoid reusing the same password across accounts and services.
“Consumers can use sites like haveibeenpwned.com to see if they’ve been impacted by a security breach,” he said. “ If you want to be extra careful, use at least a 12-character password. Regularly rotate passwords especially on email/social media accounts and for WiFi and routers.
Businesses should consider engaging ethical hackers to assess whether it is difficult or easy to circumvent the company’s defenses, Casey Ellis, founder and CTO at Bugcrowd, a San Francisco-based company in crowdsourced cybersecurity, told TheStreet.
“A good offense is the best defense,” he said. “Launching a vulnerability disclosure program as a ‘see something, say something’ exercise will not only help you find weaknesses, but it will also help you train non-security personnel within your organization that mistakes happen and that they can often be exploited.”
Applying updates to your computers, laptops, and mobile devices is another way to avoid being hacked, Ellis said.
“Last but not least, if your computer, an email, or anything else asks you to do something, think twice and be aware of the high likelihood of spam, scams, and information warfare as a result of this development,” he said.