Russian cyberattacks on Ukraine alarm global cybersecurity community

In January 2021, Ukraine accused Russian hackers of cyberattacks on about 70 government websites. The intrusions marked the latest wave of cyber issues for Ukraine purportedly by Russian attackers. Last week, Ukraine placed the blame squarely on Russian cyberattacks for targeting two banks and its defense ministry — an act which was the largest of its type ever seen.

According to a report by The Guardian, Russia has denied that it was behind the denial-of-service attacks. Russian cyberattacks on Ukraine have been ongoing for a few years as the crisis between both countries continues to escalate.

The cyberattacks in Ukraine have since raised the alarm on cybersecurity globally as well. In the US, the Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) published a joint cybersecurity advisory regarding Russian state-sponsored cyber actors’ ongoing efforts over the last several years to target the US and its cleared defense contractors. The advisory details the industries and information Russian actors have targeted, common adversary tactics, detection and incident response actions, and mitigation recommendations.

In the UK, the National Cyber Security Centre (NCSC) has called on organizations to bolster their online defenses. The NCSC has urged organizations to follow its guidance on steps to take when the cyber threat is heightened. While the NCSC is not aware of any current specific threats to UK organizations in relation to events in and around Ukraine, there has been a historical pattern of cyberattacks on Ukraine with international consequences.

Meanwhile, the BBC reports that a cyber rapid-response team (CRRT) is being deployed across Europe following a call for help from Ukraine on Russian cyberattacks. The newly formed team of eight to 12 experts, from Lithuania, Croatia, Poland, Estonia, Romania, and the Netherlands, has committed to help defend Ukraine from cyberattacks – remotely and on-site in the country.

A European Union initiative, CRRTs deepen defense and cooperation between member states. They are said to be equipped with commonly developed cyber-toolkits designed to detect, recognize and mitigate cyberthreats.

Be it Russian cyberattacks or any other state-sponsored attacks, the reality is government agencies have realized that they have to work together to solve the problem. And this would include sharing information on cyber threats or potential attacks on any country or organization.

However, while these agencies exchange information and intel on cybercrime, organizations need to also play their part in ensuring they have adequate cybersecurity protection to deal with cyberattacks.

As threats of more cyberattacks loom large, Richard Bird, a senior fellow with the CyberTheory Zero Trust Institute, board member of Identity Defined Security Alliance, and CPO of SecZetta spoke to TechHQ on immediate actions that can be taken in the absence of comprehensive zero trust programs to strengthen organizations’ and federal agencies’ cybersecurity in light of the heightened tensions with Russia.

Bird explains that organizations need to transition from a presumption of good intent to that of malice when there is an inconsistency in how something should look. Oftentimes, most organizations’ cyber policies will lead them to believe that the cause was due to an innocent mistake. During times of geopolitical tensions, organizations should be approaching any inconsistencies with an assumption of malicious activity rather than a well-intentioned employee making a mistake.

Bird also highlighted the need for organizations to prioritize identity controls. There is often a knee-jerk reaction among cyber professionals to focus on threat detection and response when the threat of a cyberattack is looming. An equal focus should be on the utilization of identity programs to protect operations and data, as most larger attacks are the result of bad actors simply logging in with compromised credentials.

Most importantly, organizations should never assume they are not a target. “Just because you are not an organization classified as critical infrastructure does not mean you are safe.  As we’ve seen over the last year, the target of many cyberattacks has shifted from pure financial gain to negatively impacting citizens’ access to food, fuel, and daily services,” commented Bird.