As most these days know, Ukraine has been subjected to relentless Russian cyber attacks since at least 2013. But the attacks that were hitting it last month were different because they foreshadowed the full-scale military invasion that Russia launched against its neighbor on February 24th.
Since then, 141 of the 193 United Nations member states voted for a resolution deploring Russia’s invasion of Ukraine and called for the immediate withdrawal of its forces. Most western countries have also introduced harsh sanctions against Russia, targeting everything from Putin himself to the country’s financial reserves. Now, Russia is expected to retaliate, and many experts believe that it will use its advanced cyber warfare capabilities against those who support Ukraine.
It’s expected that the retaliatory cyber attacks will be aimed at high-profile targets, but US small businesses in the US could easily find themselves caught in the crossfire.
The Risk of Collateral Damage Is Already Here
Just one day before the first Russian tank crossed Ukraine’s border, ESET researchers detected a highly dangerous wiper malware on Ukrainian computers and machines in Latvia and Lithuania. The new malware, dubbed HermeticWiper, is designed to do one specific job: keep the infected device from booting up, basically making it useless.
HermeticWiper isn’t the only new malware targeting Ukraine. On January 13th, Microsoft found intrusion activity originating from Ukraine. It didn’t take long before the activity was connected to a malware family known as WhisperGate. Just like HermeticWiper, WhisperGate is a destructive strain of malware whose sole purpose is to cause as much damage as possible.
While neither HermeticWiper nor WhisperGate have been detected in the United States at the time of writing this article, past experience tells us that the situation could change quickly. For example, in 2017, Russia attacked Ukraine with an encrypting malware called NotPetya. The malware spread out to other countries and infected a huge number of devices. A White House assessment pegged the total damages brought about by NotPetya to more than $10 billion.
Even worse news is that experts believe the worst is yet to come. “Putin has not initiated significant retaliation yet for any US, EU, or NATO sanctions, probably because he is too busy dealing with the surprising level of Ukrainian resistance and failures by the Red Army,” said Richard Clarke, the first White House cyber coordinator. “We still believe retaliation, including cyber attacks, is coming.”
Even cybercriminals who could care less about the conflicts may take advantage of the situation and start sending bogus emails capitalizing on what’s happening. It’s reasonable to assume we’ll all start seeing donation requests to fake charities that promise to help Ukrainians whose lives have been upended. The same emails could also contain malicious attachments disguised as official documents, a tactic that has been widely used since the outbreak of the COVID-19 pandemic.
Actions That All SMBs Should Immediately Take
Instead of waiting for a Russia-Ukraine cyberwar spillover to hit your company, you should err on the side of caution. Once breached, there’s no going back. There’s only mitigating the damage it causes.
Here are five things you can do right now:
- Check your patching: Nation-states and state-sponsored groups often target unpatched systems to take advantage of known software vulnerabilities. That’s why you need to make sure that all your employee devices are up to date.
- Review access controls: Weak passwords are responsible for around 80 percent of data breaches, so it’s vital that you review your access controls to ensure that employees use strong, unique passwords. You should also enable multi-factor authentication (MFA or 2FA) whenever possible on all systems and user accounts.
- Test your backups: You should always prepare for the worst-case scenario—which when it comes to tech is a total loss of data—by regularly backing up everything. Make sure to confirm that your backups are running correctly and your data recovery processes are quick and effective.
- Enable network monitoring: Enable network monitoring so you can immediately detect a potential intrusion. This will dramtically minimize the time it takes you to respond to it. The good news is that even small businesses with limited resources can now outsource a Security Operations Center (SOC) to a Managed Service Provider (MSP) like HDCav (which is something we’re doing more and more every day due to high demand).
- Strengthen your endpoint defenses: All endpoints that connect to your network should at the very least be protected by modern antivirus software. That’s at minimum. To be really effective you should implement a more advanced, comprehensive endpoint security solution that includes next-generation antivirus, threat detection, investigation, and response, device management, and more.
This is the Tip of the Iceberg
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) provides many other recommendations in its recent warning, entitled Shields Up, which is intended to help organizations prepare for, respond to, and mitigate the impact of cyber attacks.
If you need help with their implementation, don’t hesitate and contact us. By borrowing our cybersecurity experience and talent, you can strengthen your defenses without losing focus on your business.