Blog

The rising risk of Russian cyberattacks after the Ukraine invasion

03.17.2022
Person typing on a computer

For the last several months, security and intelligence agencies have watched with grim trepidation as Russian military equipment and troops have mobilized along the Russia-Ukraine border. On February 24th, 2022, Russian troops crossed the border, beginning an invasion and armed conflict that has Ukrainian civilians fleeing to neighboring countries for safety and the rest of the world watching to see what will happen next.

Unfortunately, military aggression is not the only weapon in Russia’s arsenal. Cyberattacks from Russia are a common occurrence, and their expertise in cyberwarfare is unmatched. Let’s discuss how Russian intelligence organizations are using  cyberattacks on Ukraine in this conflict and how US-based business can prepare for the global increase in cybercrime that could result from these growing tensions.

Russian Cyberattacks During the Ukraine Invasion

In the days before the physical invasion of Ukraine, Russia’s cyberattacks on Ukrainian government websites and related organizations ramped up in an effort to sow disorganization and confusion.

Here are a few examples of those attacks.

  • A mass distributed denial of service (DDoS) attack from Russia on Wednesday February 23rd targeted both Ukrainian government websites and national banks. To help mitigate the damage, the affected government agencies were forced to route traffic elsewhere, as Russian cybercriminals flooded their network with illegitimate traffic to stop the normal operations of these services.
  • Simultaneously, dangerous wiper malware was activated in an attempt to destroy or disable essential data.
  • Another incident attributed to Russian agents occurred a week prior, when many Ukrainians received text messages claiming that the country’s ATMs were no longer functional.

Russia’s History of Cyberattacks

While these cyberattacks against Ukraine’s government entities are shocking, it is not unexpected. Russia has a long history of using cybercrime as a weapon against foreign entities, both for political and financial gain.

Given that the United States and other countries have recently imposed punitive financial and export sanctions against Russia, every organization operating online must be prepared for the possibility of Russian cyber retaliation. These attacks could run the gamut from ransomware to more DDoS attacks, all designed to sow discord, unsettle American businesses, and spread disinformation.

In the past, Russian state-sanctioned cyber criminals have not discriminated between government agencies and those operating privately in their fight to disrupt American life. Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued guidance on how American organizations can protect themselves and their digital assets from interference by Russian agents.

Their recommendations include technical guidance to improve your current security posture, as well as resources on free services and partners that can help you feel more cybersecure.

How to Prepare for Possible Russian Cyberattacks

In addition to following the recommendations from CISA, here are some other best practices and security measures organizations can and should be following to help protect themselves from Russian retaliation and cyberattacks.

  1. Enable multifactor authentication for anyone accessing your network or administrative data – especially those logging in remotely.
  2. Prioritize software updates to ensure you are working with the versions that offer the most protection from known security vulnerabilities.
  3. Communicate any concerns to employees and make them aware of the increased risk, so they know to be more cautious when opening emails or downloading unknown files.
  4. Test your response to a disaster or crisis to see where there may be gaps that could lead to increased downtime or data loss.
  5. Ensure your current firewalls and antiviral software cover your entire attack surface.

Active Defense Strategy

Unfortunately, many organizations are working with firewalls that do not offer enough protection against sophisticated cyberattacks like the ones perpetrated by Russian agents in the past. Over the past week, our team at Threater has had an outpour of requests inquiring  how and what our solution can provide in an unfortunate time like this.

If you know or suspect that your firewall is not as effective as it could be, establishing an active defense should be a fundamental part of your security plan. Threater fill gaps in your firewall to offer instantly increased network protection without the hassle of re-engineering your entire security stack. Our Geo-IP blocking platform even allows your organization to specifically block cyberattacks from Russia, if it’s installed before an attack occurs. The importance of continuous collaboration with cyber intelligence in real-time will only further aid us in understanding and reducing risks to our network. Resulting in optimal security environments and protected organizations for all.