What steps should private companies take in preparation for potential Russian cyber retaliation?

By: Colin Murray, ITMG Insider Threat Analyst

Russia has invaded Ukraine under the direction of Vladimir Putin. We have all seen the news regarding this terrible action. In response, many countries and private companies around the world have done their best to impose economic sanctions on Russia to try and dissuade them from continuing the invasion. While his country and economy are being greatly impacted, Putin does not seem to have been given pause.

In 2020 American companies SolarWinds, FireEye and likely many more were infiltrated by Russian nation-state hackers. These attacks, while bad, appear to show that such hacks could only be worse in future. Based on Russia’s history of hacking it can be expected that there will be significant risk of attempted cyber retaliation in the coming months. As such, what are the risks facing insider threat teams and what can we do?

A major threat comes from phishing and credential harvesting. The Cybersecurity and Infrastructure Security Agency (CISA) said on February 16th that Russia has been conducting a two-year long campaign targeting U.S. defense contractors using phishing and credential harvesting techniques. Cybersecurity firm Avanan says that Russian based phishing attacks are eight times higher since only February 27th. The threat is here, and we all need to prepare.

The most important step is training. Everyone needs to be aware that they should be dubious of any emails or calls that they do not recognize. This is not something inherent for those outside of cyber security fields. Training is necessary to make all of those in a company aware of the risks. This training should be in the form of classes as well as exercises.

Training does not always work. It is likely that malicious actors will eventually find someone that clicks the link or provides the password. Therefore, CISA is recommending that we lower our risk thresholds for reporting. This will likely lead to an increase in workloads, but this is a unique time. A lower threshold may be the difference in catching a user that is behaving only slightly outside of their baseline behavior.

These are scary times, but it is now that community means the most. If you see attack vectors that have not been seen, share them with those that you know in the insider threat community and in the cybersecurity community.

Contact ITMG to Develop Strategies and Protocols Designed to Help Your Company Mitigate Your Insider Risk

ITMG is an industry leader in helping organizations throughout the United States strengthen their insider risk management programs and secure sensitive data and intellectual property. Our team of bona fide experts has the real-world experience necessary to plan out and create holistic security solutions tailored to the needs and risks in your industry. Contact ITMG today to learn more about how we can help! You can also visit our Facebook, Twitter, and LinkedIn pages for more updates and insights into the world of insider risk management.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading