The U.S. economy may become a battleground in the Russia-Ukraine crisis even if our military doesn’t officially become engaged. As both sides (and their sympathizers) seek to use any weapons they may have, including cyber, U.S. businesses should reassess their cyber risk to protect against getting caught in the crossfire.
Cyber for offense and defense
Russian hackers have attacked Ukraine’s infrastructure previously. For instance, in a 2015 cyberattack attributed to Russian hackers, 225,000 Ukrainians lost electricity. In recent weeks, a cybersecurity attack in Ukraine, which was assumed to be carried out by Russian cybercriminals, impacted government agencies and a financial institution. Russia has denied the allegations.
In response, the Ukrainian government began looking for volunteer hackers and security experts in late February to help protect and defend its infrastructure – including power plants, water systems, and the Chernobyl nuclear power plant – against Russian cyberattacks. As of this writing, Ukraine’s global volunteer hacker army has grown to 300,000 strong and has focused primarily on denial-of-service attacks (DoS attacks) against Russian government and state-backed websites.
Moreover, shortly after Russia invaded Ukraine, the hacktivist group Anonymous announced it was officially “in cyber war against the Russian government.” It later claimed responsibility for temporarily taking down the Russian-state-controlled international television network, RT, among other attacks.
New territory for hackers and businesses
Previously, ordinary hackers have stayed clear of disrupting economies because they didn’t want the blowback.
“What we’re seeing here is the opposite of what we saw coming out of the hacking community in the midst of the Colonial Pipeline incident,” said Emmett (Trey) Hawkins, CTO of Leapfrog Services.
“At that time, hackers were purposefully trying to avoid attacking businesses that would result in major economic impact to any given country. The shift we’re seeing now is alarming.”
U.S. companies are taking action
Given the circumstances, it’s more important than ever for US companies to protect themselves from denial-of-service attacks (DoS attacks), refresh their disaster recovery plans, and switch from passive to active vulnerability management. Companies should also be using multi-factor authentication (MFA) for all cloud and remote access, endpoint detection and response (EDR) to monitor endpoints in real-time, and third-party application patching in addition to typical operating-system patching.
Many, if not most, companies face added risk because they’ve shifted IT workloads into cloud services during the pandemic and haven’t completed comprehensive DR reviews since making the switch.
As a managed security service provider (MSSP), Leapfrog manages the complexities of securing IT, including cloud services. We follow a proven methodology that matches each client’s threat protection level to its business needs — the goal is to limit exposure through the right balance of protection, costs, and insurance. Since their cyber risk is greater now, some of our clients are making adjustments in their balance by prioritizing security improvements that had been scheduled for further down the road.