Feb 28, 2022 23:00:00

Seven points you need to know about 'cyber attacks from Russia' that are not fires on the opposite bank

Following Russia's invasion of Ukraine on February 24, 2022, the United States and EU countries have imposed strong economic sanctions, including a

decision to eliminate Russian banks from the International Interbank Communications Association (SWIFT). I did. Experts explain how to protect yourself from the possible retaliatory cyberattacks from Russia.

7 Steps to Take Right Now to Prepare for Cyberattacks by Russia
https://www.darkreading.com/threat-intelligence/7-steps-to-take-right-now-to-prepare-for-cyberattacks-by-russia

The Ukrainian Special Communications and Information Protection Agency announced on February 24 that government-related websites and banks were under heavy cyberattack. In the past, the damage of malware targeting Ukraine has spread all over the world, so experts point out that even organizations that are not directly related to Ukraine are not unrelated to hacking by Russia.

DDoS attack on Ukrainian government site and new malware discovering data deletion on hundreds of Ukrainian machines-GIGAZINE

Dark Reading, a cyber security-related news site, has summarized the results of interviews with experts on cyber attacks of concern following the invasion of Ukraine in the following seven points.

◆ 1. Not everyone faces the same risk
According to Chester Wisniwski, a senior researcher at security company Sophos, the risks to Russian cyberattacks vary from organization to organization. In particular, companies doing business in Ukraine need to anticipate the worst and keep all security up-to-date, including monitoring credential abuse and preparing backup plans.

The same applies to areas around Ukraine such as Poland, Romania, Estonia, Latvia, Lithuania and Moldova. For example, Wisniowski confirmed on February 24, 2022 that a malware targeting a Ukrainian company called Hermetic Wiper also damaged Latvia and Lithuania.

In addition, even organizations unrelated to these regions are at increased risk of being targeted by Russian cyber attacks that attempt to damage Western countries and Russian enemies. Japan is alsoparticipating in economic sanctions against Russia.

◆ 2. Minimize the attack target
Matthew Warner, co-founder and CTO of Blumira, a security platform provider, uses the IoT device-specific search engines Censys Search and Shodan Search Engine to create a security system. It states that it is necessary to take measures to reduce the risk of being exposed to attacks by checking the above and introducing ' Sysmon ' of the system monitor.

It is very difficult to detect national level malware directly, but in most cases malware communicates in some way, so monitoring outbound traffic may be able to detect signs of command and control . ..

◆ 3. Do not neglect basic measures
According to Warner, Russia's targeted attacks, including

APT attacks , are very similar to other high-threat cybercriminal organizations. It is also important to note that cyberattacks reported in Ukraine often target systems that have been previously targeted.

Due to these characteristics of Russian cyber attacks, Mr. Warner said, 'Slightly unfortunate for those seeking special measures, advice on measures against hacking from Russia, such as applying the latest patches and using multi-factor authentication, is common. It's the same as the advice, 'he emphasized the importance of basic security measures.

Due to the increasing threat of ransomware in recent years, the need for backup is increasing, especially among the usual countermeasures. Experts also advised updating router software, setting passwords more secure, and checking to see if the admin interface is hidden from the outside world.

◆ 4. Pay attention to B2B VPN connection
As mentioned earlier, the greatest risk for organizations outside Ukraine is the involvement of cyberattacks targeting Ukraine. 'The most likely is a B2B VPN connection that isn't filtered by security controls such as firewall rules,' said John Pescator of the SANS Institute, an IT security education company, on the path of an attack targeting Ukraine. He said that networks between companies are particularly dangerous.

According to Pescatl, the best way to reduce the risk of B2B VPNs is to block all high-risk protocols. If the nature of your business does not allow you to block, you may want to limit the destinations of high-risk protocol traffic. He also recommends monitoring all VPN exit points with

NetFlow so that you can disconnect immediately if something goes wrong.

Putting these measures together, Pescatl said, 'We should make sure that at least known dangerous protocols are blocked. Going further, allowing only the minimum required ports, protocols and applications. Ideally, it should be. '

◆ 5. Establish a communication system within the organization
It is said that cyber attacks are often triggered by social engineering attacks such as phishing scams . So Warner said, 'Please act more carefully and notify all employees to report any suspicious emails or files as soon as they are found.'

Also, a common pitfall is that connections and communities on politically sensitive topics, such as social media posts that criticize Russia, are used to target. BreachRx, a privacy incident management platform, said about countermeasures against cyber attacks that occur when sanctioning Russia, 'It may be targeted not by the content of the business but by the viewpoint. Also, malicious insiders raise security issues. You should also consider how to deal with internal human risks, as they can cause them. '

◆ 6. Be cautious about introducing new things or changing the system.
'IT departments need to keep changes to a minimum and investigate all new software, executables, new accounts, and highly privileged accounts,' Pescatoll said. In particular, it is recommended to increase authentication of privileged accounts and strengthen change management and change monitoring.

◆ 7. Consider joining an information sharing organization
Companies and organizations belonging to specific sectors and industries have set up the Information Sharing Analysis Center (ISAC) , an organization that shares and analyzes information about security, and is working across organizations. In response to growing international tensions, the ABS Group, which provides risk management services, said, 'Companies in the oil, natural gas and power sectors are at risk of attacks aimed at cutting off these critical infrastructures. Is increasing, 'he said, encouraging organizations with a high potential for cyberattacks to join ISAC.

Dark Reading also said to organizations other than infrastructure companies: 'Many organizations wouldn't expect themselves to be hit by a Russian cyberattack, but even if it's not a target. , It is still likely that pro-Russian cybercriminal organizations will be involved in optimistic attacks or indiscriminate attacks. ' I showed you how to look at.