Russia - Ukraine War Unmasks the Growing Cyber Threat

The Ukrainian government is battling Russia on air, land, sea, and also on the Cyber front. The country’s IT infrastructure was crippled due to series of cyber attacks in the run up to the war.

Impacted Institutions

Government Agencies

• Ukraine’s Ministry of Defense, Foreign Ministry and other Government agency websites were disrupted by constant distributed denial of service (DDos) attacks.

Financial Institutions

• Privatbank and Oshadbank, faced network and service outages followed by slow operations, challenges in the banking app as a result of the cyber-attacks. 

Public-Private Enterprises

• Public and private network infrastructures were impacted due to cyber-attacks, thereby impacting operations of enterprises across all major sectors. 

Type of cyber attacks 

DDoS Attacks

• Distributed denial of service (DDoS) attacks led to flooding of Ukrainian Government network /servers with traffic, making it offline for actual utilization.

Data Wiping

• “Wiper”, a data wiping software, was installed in numerous systems across Ukrainian enterprises, leading to significant destruction and loss of data.

Phishing and Malware Attacks

• Reports indicate increase in phishing emails and activities in Ukraine as well as in neighboring countries of Latvia and Lithuania.

The European Union (EU) formed a cyber rapid-response team (CRRT) with cybersecurity experts from Lithuania, Croatia, Poland, Estonia, Romania, and the Netherlands to assist Ukraine in defending its IT infrastructure from cyber attacks.

(Source: Reuters, CNN)

Cybersecurity – Global Impact

Globally, countries are preparing for a cyber-spillover due to the ongoing Russian invasion of Ukraine. Enterprises in banking and other key infrastructure segments are improving their security posture to mitigate any potential threats.

• The U.S. Government has advised financial institutions and all other public, private enterprises to improve their security infrastructure to mitigate any direct / indirect ramifications of cyber attacks in Ukraine. The Cybersecurity and Infrastructure Security Agency (CISA) has asked all U.S. businesses to “heighten security posture and protect critical assets”. The CISA report indicates that “currently there are no any specific credible threats to the U.S.” but are wary of potential actions in the wake of sanctions announced by the U.S. and other countries on Russia.

• Britain’s National Cyber Security Center has warned enterprises in the region to strengthen digital cybersecurity measures and engage in proactive threat monitoring. Ireland has asked consumers and businesses to be on ‘high-alert’ and ‘treat the internet as hostile’ for the next few days. The European Union formed a Cyber rapid-response Team (CRRT) to support Ukraine and monitor security activities in the region.

• Australian Cyber Security Center (ACSC) and New Zealand’s National Cyber Security Center(NCSC) have developed guidelines for enterprises to assess cyber security readiness and prepare for any potential cyber attack / disruption caused due to the Russia – Ukraine scenario.

(Source: Reuters, abc.net, securitybrief.co.nz)

Cybersecurity – Recommendations

Enterprises can improve security infrastructure by developing short-term and long-term goals after communication / collaboration with internal IT security experts and third-party application / security services providers.

Short Term Recommendations

• Initiate multi-factor authentication (MFA) for all internal employees and external stakeholders of the organization. Advise employees to set strong alphanumeric passwords. Ensure all applications and software are patched and updated on all devices. Alert employees on possible phishing and malware email links.

• Dedicate an IT Security resource to continuously monitor, assess and report any change in network, malicious infrastructure activity. Engage in proactive threat hunting and deploy an effective endpoint detection and response solution (EDR).

Long Term Recommendations 

• Introduce Zero Trust Security Framework to improve security standards and minimize threats due to remote work and cloud-based breaches. A zero-trust framework uses AI/ML based threat intelligence mechanisms to continuously monitor and verify credentials of users, gains better control over cloud and containerized work environments .

• Extended detection and Response (XDR) provides visibility into advanced threats by real-time monitoring and collection of data from emails, servers, networks, cloud workload and other endpoints, to mitigate data loss and security breaches.

(Source: Industry reports, Beroe analysis)