Advanced phishing

Businesses warned to boost cyber defenses due to Ukraine tensions

by Egress
Published on 14th Feb 2022

After a week of diplomatic discussions over the ongoing tensions in Ukraine, cybersecurity concerns have come to the fore. Regulators have strongly advised businesses to improve cybersecurity in the face of potential attacks.

What are governments advising?

The Department of Homeland Security (DHS) has warned that if tensions were to escalate in the region, US businesses could be at risk of being targeted by cyberattacks. Infrastructure companies in the US have been told to have a "heightened state of awareness" and search for any signs that their systems may have already been compromised.

While there haven’t been specific threats against US organizations, Homeland Security Secretary Alejandro Mayorkas told reporters last week that the United States is on "heightened alert”. He continued to say: "It’s difficult to calibrate the likelihood of something happening. The whole point is, when the specter of harm arises, we call for vigilance and quite frankly, in the cybersecurity arena, ever-present vigilance is what we call for.”

This sentiment was echoed in the UK where organizations have been urged to bolster their defenses by The National Cyber Security Centre (NCSC). Critical national infrastructure (including energy and water suppliers, transportation, healthcare and telecommunications) have all been warned about specific vulnerabilities known to be exploited by Russian hackers.

What could happen?

The Ukraine government website was recently shutdown amid a spate of cyberattacks. Government workers have seen mouse cursors being taken control of remotely, power being turned off, and communications lines disrupted. Ukrainian officials pointed the finger in Russia’s direction but Moscow has denied that they were behind any attacks.

The main concerns for US businesses include increased phishing attacks, distributed denial of service (DDoS) attacks, and in extreme scenarios ransomware or killware that could shut down critical infrastructure. Cybercriminals based in Russia were behind the most destructive cyberattacks on US soil in recent times. In May 2021, Colonial Pipelines was hacked leaving many people on the east coast without power and major meat supplier JBS had their operations shut down.

This also wouldn’t be the first time problems in Ukraine spilled over to western businesses. In June 2017, hackers exploited tax return software to hit Ukrainian companies with ransomware. The attack spiralled and malicious software spread beyond Ukraine's borders to international companies, crippling their operations. The UK’s NCSC estimated that at one point roughly 20% of the world's merchant shipping fleet was being controlled via WhatsApp because their computer systems weren't working. They estimated the global cost at $5-10bn.

What can businesses do?

Jack Chapman, VP of Threat Intelligence at Egress, has the following advice: “Organizations must listen to the DHS and NCSC’s advice to protect themselves from being caught up in a potential cyber conflict. They need to understand how the event increases their organization’s risk on a per company basis. It’s important to prioritize necessary work and focus on the most prevalent and sophisticated threats.

“Over 90% of malware is delivered via email. With the increased risk of very sophisticated phishing threats that target the human, training and traditional security is not enough. A layered approach of advanced technology combined with a review of people, technology and policies is a necessity against these threats.

“By educating employees to recognize potential attacks and putting in place the right technology, businesses can reduce their exposure to phishing threats. It’s also important to stay ahead of attackers by routinely updating software and patching vulnerabilities, for example to VPNs and firewalls.

“In recent years, attackers have increasingly exploited the supply chain to execute devastating attacks, so organizations must also hold suppliers to a high level of scrutiny to avoid this security blind spot. Understanding their place in the supply chain is key to understanding the risks they face. Organizations mustn’t be complacent when it comes to cyber-threats – it’s vital that they remain vigilant to attacks, whether they're politically or financially motivated.”

Top three takeaways

  • Check regularly for security updates and patches, and ensure all endpoints are updated
  • Make sure your current tech stack and awareness training enables your people to detect security threats that specifically target them (for example, phishing emails)
  • Seek assurance from your supply chain about their security measures, particularly those that reduce the risk of a cyberattack