As the Russian invasion of Ukraine continues to unfold, experts are urging American businesses to double down on their cybersecurity protocols.
In mid-February, the Cybersecurity and Infrastructure Security Agency, a federal agency that seeks to improve cybersecurity readiness, issued a "shields-up" warning to U.S. organizations, as tensions between Russia and Ukraine escalated. The shields-up initiative encourages organizations of all sizes to take steps to reduce their chances of a cyberattack and ensure that they're prepared in the case of a breach.
"T]he reason why there are these bulletins coming out, especially directed at small and medium-size businesses, is that we have learned the hard way about the fragility of the global supply chain," says Theresa Payton, a former White House chief information officer under George W. Bush.
That fragility was apparent last year in the wake of the Colonial Pipeline ransomware attack, which resulted in widespread panic buying that led gas stations to run out of fuel. And the Santa Clara, California-based Nvidia, a chipmaker, said on Friday that it's looking into a cybersecurity incident, though it's unclear if the potential cyberattack is linked to any specific entity.
Ukraine itself has already sustained a number of cyberattacks as the conflict with Russia continues, most recently a wave of distributed denial-of-service (DDoS) attacks--incursions in which an attacker uses a botnet to overwhelm a server with fake traffic to disrupt the flow of normal traffic. Hundreds of computers in Ukraine have been infected with destructive malware as well.
Given how interconnected the world is, there is potential that these cyberattacks against Ukraine could reach U.S. systems, Payton says. She also points to historical reasons to act. Bad actors allegedly placed malicious code in an update for a tax program used by a Ukraine software firm, which paved the way for the 2017 NotPetya attack that racked up billions in damages and wreaked havoc across the globe.
The interconnected nature of supply chains, for instance, makes girding for an attack particularly challenging, says Payton. Whether it's contact systems in Ukraine or other core systems located in the country, that exposure increases a U.S. business's vulnerability. There's also the potential of a small business's third-party vendor becoming infected, which could lead back to their network. And it's long been known that small businesses tend to be easier targets compared with their larger counterparts since they don't have as many resources.
To overcome these challenges, it's best to get on the defensive. While assessing unusual behavior and shoring up your crisis-response team may be standard safeguards to deploy, Payton adds that a few other tips to combat a Russia-derived attack should also be on the table. Here are four:
Look out for DDoS attacks: One question businesses should be asking is if their technology services provider knows how to detect DDoS attacks, and what that provider can do to help. If your website is not the main way that your customers interact with you, then maybe DDoS attacks are less of a concern. But if you operate a retailer or your website is how third parties connect with you, then talk to your technology services provider to learn about the protective measures they may have in place. There's no need to panic if the answer is no right now, but it's something to remedy for future outlook.
Close side doors: If a third-party that a small business works with is hit by a breach, there is potential for bad actors to breach that small business through a "side door" hack. But businesses can stay on top of side door hacks through log management. Logging is the process of recording all movements and events concerning an organization's data and other systems. These logs include entries, which have information related to events that take place in systems and networks. Businesses should manage their logs and keep a close eye on files and other data that's being copied, moved, zipped, or sent outside of an organization.
Roll out the encrypted backups: Critical infrastructure and financial services may be key targets in a coordinated ransomware attack. This is where businesses want to ensure that they have a full backup of their systems and data. Make sure everything is encrypted as well. Another tip? Keep backups separate from network connections, which increases an organization's resilience in the event of a breach. That way if one system is compromised, it helps prevent malicious code from spreading to connected systems.
Double-check MFA: Even if you believe that you've fully rolled out multifactor authentication and strong passwords, now is the time to double-check them. Businesses don't need any technical resources for this and can check their systems on their own. But organizations could also go to the extent of asking an internal or external team to conduct a red team assessment, which simulates an attack to identify any vulnerabilities. It's important to ensure that MFA and strong passwords are working as designed, since Payton highlights that Russian cyber operatives are known for their savviness at guessing passwords through what she describes as "password spraying."
She explains, "They figure out how many login attempts you allow before locking someone out, they go to past password data dumps, they get your corporate emails, and they leverage technology for password spraying."