What You Need To Know About The Cyber Attack On Ukraine

Do you understand how battles are won and lost in the era of cyber warfare? Earl Foote recently appeared on the Dave & Dujanovic podcast to talk about the cybersecurity and cybercrime implications of the rising tensions between Ukraine and Russia.

Over the past few weeks, tensions have mounted at the Russia-Ukraine border as President Putin mobilized troops and made overtures of invasion. While the real-world conflict has been minimal so far, on Feb. 15, Ukraine suffered a major cyberattack on its governmental and banking systems.

“Based on the trail of breadcrumbs, everyone is speculating that these cyber attacks are coming from Russia, “says Earl. “The data footprint seems to suggest that as well.”

Do you know what implications this has for the West and what lessons the business world should learn from these incidents? Nexus CEO Earl Foote joined the hosts of the Dave & Dujanovic podcast to give them a cybersecurity expert’s perspective.

Ukraine’s Critical Systems Taken Offline

“With tensions mounting between those two countries, it’s pretty easy to conclude that what we’re seeing is the next evolution of warfare, “says Earl. “The first wave of cyber warfare attacks destabilize populations, cause pandemonium and confusion.”

According to Earl and many other cybersecurity industry leaders, this attack is a textbook example of cyberwarfare. Ukraine confirmed that the systems compromised in the attack are all critical ministry and banking targets:

  • Ministry of Defense website
  • Water distribution systems
  • Petroleum pipelines
  • Citizen banking systems

The attacks used Distributed Denial-of-Service attacks which flood the target website host with multiple data requests, resulting in lags and crashes. They also employed a form of malware similar to ransomware, but instead of encrypting the data, it simply deletes it.

The idea is that by causing chaos at the citizen level (disrupting their access to utilities and finances), Ukraine will be that much easier of a target if and when further military action is taken. A less organized enemy is less capable of defending itself.

“We saw that happen on our own soil with Colonial Pipeline, “says Earl. “That’s probably the tactic that is being carried out here so that if Russia chooses to mount a physical attack, it is probably a much easier scenario for them to take control.”

What Does This Attack Tell Us About The Future Of Cyber Warfare?

“The Ukraine government and business organizations and our government have to take these threats seriously and be proactive, “says Earl. “We’re all at cyber warfare at all times, and you have to take the threat seriously.”

This is a clear example of the threat that nation-state-affiliated hackers pose to the world. While they can often be involved in geopolitical conflicts between Russia and Ukraine, these cybercriminals also target businesses. That’s why you need to make sure you’re protecting your data.

How To Protect Your Systems Against Similar Cyber Attacks

  • Make An Inventory Of Your Data Assets: You have to start from a place of understanding. Begin by taking stock of your data—what it is, where it is stored, etc. With that information, you can then move forward in protecting it.You also have to consider the worst-case scenario. What would it mean to you if you lost your data right now? Do you have a backup plan? Do you have redundancies and contingencies in place?
  • Backup Your Data: Do you have a data backup policy in place? If not, then you’re vulnerable, right now, to ransomware. If you have a data backup solution, it doesn’t matter if your data has been encrypted by ransomware. You can replace it with your backup, simple as that. That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary. Be sure to:
    • Backup data regularly (at least daily).
    • Inspect your backups to verify that they maintain their integrity.
    • Secure your backups and keep them independent from the networks and computers they are backing up.
  • Make Sure Your Staff Is Secure: A comprehensive cybersecurity training program will teach your staff how to handle a range of potential situations:
    • Identifying and addressing suspicious emails, phishing attempts, social engineering tactics, and more.
    • How to use business technology without exposing data and other assets to external threats by accident.
    • How to respond when you suspect that an attack is occurring or has occurred.
  • Monitor For Intrusions: Security information and event management (SIEM) technology is a secure cloud service that provides 24/7 security and operation monitoring to oversee a given practice’s security needs. A SIEM solution offers a monitoring service with adaptive threat protection that identifies active cyberattacks and takes action in real-time to protect your practice. By integrating intelligence from global threat monitoring feeds, this solution responds to network-based zero-day exploit attempts, drive-by downloads, and advanced malware that routinely bypass conventional firewall and antivirus technologies.  This works in concert with a Security Operations Center (SOC)—this is a team of people, employing a range of proven processes and using carefully implemented technologies (such as SIEM) which are often centralized. They gather and analyze user reports and a range of data sources—such as logs—from information systems and cybersecurity controls. Typically, the main point of a SOC is to identify, address and eliminate cybersecurity events that could negatively impact an organization’s information systems or data.

Are You Defending Against Cutting Edge Cybercrime Attacks?

“It’s a matter of being hypervigilant,” says Earl. “It’s less a matter of ‘if’ than ‘when.'”

Nexus IT Consultants offers comprehensive cybersecurity services, including SOC, SIEM, and more, to help you adequately protect your organization against modern cyber threats, including nation-state attacks.