As the eyes of the world remain focused on the escalating conflict between Russia and Ukraine, cyberattacks are top of mind for professionals in the security sector, including the experts here at Ascend Technologies.
Increased cyber attacks often coincide with military action, and Russia’s invasion of Ukraine is a prime example of this relationship. Within the first day following the start of the invasion, cyber officials from the UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the US Federal Bureau of Investigation (FBI) identified a Russian State threat making rounds in the cyber-verse. The group known as Sandworm, previously attributed to the Russian GRU's Main Centre for Special Technologies (GTsST), was linked to a new malware framework targeting firewall appliances. Learn more about the Sandworm Cyclops Blink malware update here.
CISA (US Cybersecurity and Infrastructure Security Agency) issued a general warning for all US businesses to enter a “higher state of vigilance” as the standoff escalated. These warnings are especially relevant for those in the Defense Industrial Base and Critical Infrastructure sectors. Ascend predicts that the Finance sector may subsequently be targeted in response to sanctions against Russia.
For Ascend Cybersecurity Clients the following protections are in place (per service):
- Managed Firewall clients have geolocation blocking enabled for nations known to engage in state-sponsored cyberattacks such Russia, Iran, North Korea, Turkey, and others.
- Endpoint Detection and Response (EDR) and Next Generation Antivirus (NGAV) clients should be aware that the associated software vendors have noted their internal security and development teams are on high alert.
- Ascend’s Security Operations Center (SOC) is also on high alert and continuously monitoring threat intelligence feeds—adding any new Indicators of Compromise (IOCs) to our toolsets so they can be identified if they should appear in a client environment.
- Vulnerability Management clients are consistently being scanned for threats, which are correlated with attacks included in our threat feeds to ensure attackers cannot exploit these weaknesses.
Ascend’s Security Events Status page will be updated with any specific attacks that take place, vulnerabilities as they arise, and our actions as a security provider.
What can you do to protect your business?
Standard security awareness and basic protective measures are key during times of heightened cyber caution. Start by ensuring the following steps are taken at an individual level and within your organization.
- Treat email with increased suspicion, especially when the request claims to be urgent, involves money, or contains links/files. It is best to contact the sender through a known good phone number (not the one presented in the email) to verify the request.
- Remember that cyberattacks can also be initiated in the form of text messages and phone calls, so treat them with a similar level of suspicion as you would an email.
- Social Media should be treated with high caution and users should refrain from accessing these sites from business systems because they are a prime vector for cyberattacks—baiting users into clicking links that may lead to malicious payloads and used in campaigns of misinformation.
- Multi-Factor Authentication should be enabled for all users of Office 365 and VPN accounts.
- Use long passphrases if MFA cannot be used and avoid using the same password across multiple logins.
- Report suspicious activity to the Ascend SOC for investigation if you are a Cybersecurity client.
- Print a hard copy (or multiple copies) of your Incident Response Plan and keep the information in secure offsite location(s) for future reference.
- Ensure users are participating in Security Awareness Training so they are knowledgeable about various forms of cyberattacks and do not fall victim or put your organization at increased risk.
- Confirm your backups are working and stored securely offsite so they cannot be deleted during an attack.
- Contact your Cyber Insurance provider and legal advisors to learn how to engage them should a breach occur.
Rest assured at this time that Ascend is monitoring the situation closely, we have our defenses up, we are monitoring our clients’ defenses, and we will continue to provide you with actionable information as the situation develops.
- Ascend Cybersecurity Team