As the world watches the escalating conflict between Russia and Ukraine, we understand that this may present an opportunity for cybercriminals to attack vulnerable systems. The Russian Federation routinely leverages cyberspace to conduct various forms of cyber warfare including reconnaissance/espionage, breaches, sabotage, as well as other malicious activities against IT and IoT targets. These are both targeted and random attacks based on the scope and intended impact.

There is a real threat to every IT & IoT asset connected to the internet as a result of the current conflict. Over the coming days to weeks, intelligence suggests that these attacks will increase against public and private sector targets including critical infrastructure, IT service companies, cloud service providers, etc. These attacks will be launched leveraging various vectors including phishing, 0-days, and exploitation of vulnerabilities present in many private and public sector IT environments.

Because of this, it’s not only important to secure your own IT/IoT environments to protect yourself but to protect your clients, fellow business owners, and even our country. IT/IoT assets at risk can be leveraged to commit attacks on other external targets in various ways. Exploiting your systems/infrastructure, the adversary can launch attacks directed at other businesses, critical infrastructure targets throughout the United States, and our allies that could be traced back to your organization, concealing the actual perpetrators of the attack.

This makes cyber security initiatives within your organization imperative to the welfare of your own company, employees, customers, and the rest of the world connected to the internet. Because of this threat, the Cyber Security Incident Response Team at Micro Strategies has assembled some recommended actions you can take to secure your IT/IoT environment.

RECOMMENDATIONS

  • Closely monitor all anomalous activity on your network
  • In addition to traditional anti-virus, install EDR (End-point Detection & Response) on all workstations & servers
  • Enable multi-factor authentication and enforce conditional access policies wherever possible
  • Ensure all IT/IoT assets are properly patched and up-to-date with the latest security patches to known vulnerabilities exploited by ransomware groups
  • Ensure security awareness training initiatives are in-place for employees
  • Block all connections to the MEGA Cloud Storage service
  • Pay attention to all warnings and advisories from the Cybersecurity and Infrastructure Security Agency (CISA) and report any malicious activity to CISA
  • Block any IT/IoT assets from directly accessing the internet wherever possible
  • Segment internal network resources to minimize the spread of ransomware
  • Implement the principles of Least Privilege & Defense In-Depth throughout your organization

 

These are just some of the most critical things you can do to reduce your risk surface. In the face of uncertainty, it’s important to know that you’re not alone, we’ve got your back and are here to help. Please feel free to reach out if you have any questions or would like to schedule a time to discuss an action plan.

Edward E. Serafin III, C|EH
Chief of Security