As we continue to monitor the unfolding situation between Russia and Ukraine, we wanted to share this advisory pertaining especially to small and midsize businesses. Any business that doesn’t have up-to-date cyber defences and has not practiced it’s recovery procedure should take note.
Advisory Alert:
As a result of the conflicts escalation and significant sanctions imposed by the West, we expect to see a further increase in cyber activity in the near and medium-term as Russia retaliates and punishes the west for its support of Ukraine.. Activity levels will most likely not subside until an acceptable resolution is in place and sanctions are lifted.
Currently, the attacks have been mostly contained within Ukraine, but this is only temporary and we would see spill over and/or retaliation in Europe and North America.
The following scenarios are probable:
A similar attack like the massive NotPetya attack. In 2017 the Russians unleashed a cyberattack targeting Ukrainian institutions. The cyberattack spilled over and spread across Europe and North America encrypting and locking thousands of machines with cumulative damage of over $10B. NotPetya’s attack style was non-discriminatory, hitting large and small businesses alike.
Generally, during wartimes, the Russians use offensive cyber operations for three main purposes: disrupt military operations of adversaries, launch attacks on physical infrastructure, and cognitive attacks such as information manipulation to spread fear, confusion, or shift the public’s perception. There are two possibilities In this case:
In the short term, we will see directly targeted attacks (carried out by the Russians) against the West to inflict as much damage as possible and deter Western governments from escalating their support of Ukraine.
If sanctions are prolonged, the Russian regime may resort to launching ransomware attacks on Western businesses to fund the military operations and offset the financial impact of the sanctions. We estimate that the regime will not carry on the operation directly but will green light various cybercriminal groups. Under the Russian government's approval, cybercriminals will launch sophisticated attacks.
Additional players' involvement. We are seeing cybercriminals also taking sides. The Anonymous group for example supports the Ukrainian efforts, while other groups are siding with the Russian. And some, like LockBit, declared that it remains neutral with only financial gain as their motive. Unfortunately with these types of conflicts we only know how things start but not how they end. Much like on our streets, when there’s an increase in gang activity civilians are caught in the crossfire. Especially susceptible are SMBs without proper defenses.
Relying on cuber insurance may be a false hope. All insurance companies have an “act-of-war” clause which will exempt them from paying for the damages. In this case, your best course of action is to elevate your cyber posture and defense.
Things you should do:
This is the time to increase vigilance and double down on your cybersecurity efforts.
Consult a cybersecurity expert about your security posture and practical steps relevant to your business.
Ensure procedures around incident response and run various what-if scenarios (what if our website is down, payment network, vehicle fleet management software, etc)
Update and patch existing software.
Tighten cloud controls (including Office365 and Google Workspaces).
Scan your systems for vulnerabilities
Add Multi-factor Authentication (MFA) on accounts.
Review access privileges for critical accounts and platforms.
Review your backup procedures. Test restored image.
Address security gaps created by your remote workforce: upgrade your antivirus to an EDR solution, implement dedicated email security, and protect your mobile devices.
Refresh awareness with your team.
Want to have a more in depth discussion about the evolving situation and how you can secure your business? Our cybersecurity experts are standing to answer any question you may have.