Impact Group: Blog
The Russia-Ukraine Conflict: Cybersecurity Implications for US Organizations and Institutions
The cybersecurity community has been monitoring the conflict between Russia and the Ukraine with great level of concern. Both Russia and the Ukraine are known as countries of origin many threat actors call home.
In this advisory we will focus on cybersecurity implications specifically for US organizations – private, public, non-profit and government, not the political side of what seems to be a very complex situation with deep historic roots.
As of today, there are no credible security threats to the homeland of the United States. This, however, can change.
Russia has the potential to engage in destabilizing actions outside the region. US organizations in sectors such as banking, energy, and transport (aviation) are most likely to be targeted in the event of a cyberattack by Russia.
An example of a recent attack comes from a group associated with Russian Intelligence Directorate (GRU) hackers acting as a command-and-control center. They hosted cloned copies of various Ukrainian government websites. According to Bellingcat, “The cloned version of the Ukrainian President’s website included a clickable ‘Support the President’ campaign that, once clicked, downloads a malware package to the user’s computer.”
It is unclear what the purpose of the malware payload is and whether it was a worker or just a placeholder. Due to the target audience, it is believed that this may have been intended to engage all infected computers in a distributed DDoS attack, or to steal social media credentials as part of a wider disinformation campaign to contain military resistance.
CISA checklist
The United States Cybersecurity Infrastructure and Security Agency (CISA) is offering their guidance related to threats from Russia on their website: Russia Cyber Threat Overview and Advisories | CISA
In addition, the following checklist might be useful, especially for organizations without a mature security program: CISA Insights Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats
Employee guidance
The following simple but effective guidance might be helpful, especially for SMB’s.
Employees should:
- Review their personal and work logins to ensure that passwords are difficult to predict, the same password isn’t reused on multiple websites, and that multi-factor authentication is enabled when possible.
- Exercise caution when clicking links, downloading files and sharing content.
For further analysis and help with getting your risk score, get in touch with our team and benefit from our experience in working with public, private, government, and non-profit US organizations in their journey to better cybersecurity.
For further analysis and help with getting your risk score, get in touch with our team and benefit from our experience in working with public, private, government, and non-profit US organizations in their journey to better cybersecurity.
IMPACT Group is a leading Twin Cities Managed Service Provider, helping Minnesota-based organizations manage and navigate throuhg the complexities and challenges of IT, among which cybersecurity. Click here to get in touch with our team and discuss your strategic or immediate IT needs.