5-Minute Fridays: Cyber Readiness And The Russia-Ukraine War

Hank Schless 00:00

Hi everyone, I'm Hank Schless, host of the Security Soapbox podcast, and welcome to Five Minute Fridays, where we highlight one story from the cybersecurity industry that you should know about. This week our focus is on cyber readiness in the context of Russia's invasion in Ukraine. On a global scale, countries are imposing heavy sanctions on Russia and supplying arms to Ukraine, yet the Russians continue to push deeper into Ukrainian cities. In the course of all of this, many people across the cybersecurity industry have been dedicating resources, research, and software and effort to protect Ukrainians from Russian cyber attacks. It was particularly encouraging when a couple of media outlets released a list of private sector vendors that were providing their services for free to Ukrainian organizations. During that same news cycle, we heard that Microsoft announced they'd stepped in to block a new family of malware developed by Russians and targeting Ukrainians. More recently, news came out about anonymous hacking of the Russian government in a number of ways, declaring cyber war on Russia, and hacking into state TV stations to stream video of what's really happening in Ukraine. They sent millions of anti-propaganda text messages to Russian citizens, and then also hacked the Russian agency responsible for monitoring and censoring media, which they then released about 400,000 documents from that agency. With all this going on, there's been a question in the minds of many across the cybersecurity industry, which is will Russia execute a large-scale cyber attack and retaliation to those who have either sanctioned them or shown support for Ukraine. We've seen the effectiveness of Russian backed cyber attacks before. For one example,  in 2017, the Russians used Petya to target Ukrainians. But the attack ended up affecting citizens in more than 60 countries, and destroying almost 50,000 computers across countless organizations. There are large global organizations that had to stop their operations. Because of this, it ended up being a serious issue for people all around the world. So this also exemplified how interconnected everything and everyone is these days, and how an attack on one country or one company can really have widespread effects, which means that anyone can be affected by either direct or indirect cyber attacks. So when we think about how to protect ourselves, there are three key things to focus on, in my opinion. First is that cybercriminals will always use times of unrest or uncertainty to deploy socially engineered phishing campaigns. Right now, the war in Ukraine is the ideal compelling event for attackers to phish people and trick them into sharing corporate login credentials or downloading malware to their device. Second, it's really important to continuously monitor all systems and proactively hunt for threats across the infrastructure. Advanced cyber attacks rarely happened in a very short timeframe. You'll see attackers gain access, monitor and observe your internal internal practices and security tools, silently disable them in some cases, and then execute their attack for maximum effectiveness. This could take days or months. But regardless, you need to be searching for all of this proactively. And the third is that you need to keep in mind that cyber threats are not limited to conflict zones in this interconnected world. Regional conflicts can easily spread elsewhere, as we saw with Petya  in 2017. And it can happen very quickly. So you want to be prepared. The best thing we can do is prepare ourselves. There are plenty of resources coming out from federal organizations in the US like CISA, the Department of Homeland Security, and the FBI that you can look into, follow their guidance, secure all your users and endpoints and make sure you're protecting your data against the threat of modern cyber attacks. So that's all for today on Five Minute Fridays from the Security Soapbox podcast. My name is Hank Schless.