What Can the Ukraine Conflict Teach Us About Modern Cybersecurity?

While the war in Ukraine is thousands of miles away, domestic cybersecurity professionals must pay close attention to stay ahead of emerging threat actors.

We’re all watching the situation taking place in Eastern Europe and our thoughts are with the people of Ukraine. Of the many takeaways we can learn from afar, one of the most prominent is  that cyberwarfare continues to position itself at the forefront of international conflict. They may not be happening in our backyard, but the lessons we can learn from the recent cyberattacks against Ukraine are as relevant as ever. 

What IT Professionals Can Learn from the Ukraine Conflict

Hackers are notoriously adept at circumventing systems and will always have a greater incentive to exploit vulnerabilities, endeavoring to stay one step ahead of the latest cybersecurity methods. In turn, cybersecurity experts must quickly adapt to fix exploits before too much damage is caused. This endless game of cat and mouse is the reality of the cybersecurity world, meaning it’s up to cybersecurity experts to learn from the latest cyber attacks in Eastern Europe if they want to keep their adversaries at bay. 

In the early days of the conflict, long delays at border crossings between Ukraine and Poland were ultimately blamed on a cyber intrusion to passport verification systems, forcing processing systems back to a pen and paper format. This led to long lines and poor conditions for refugees seeking asylum from the growing conflict. 

An even more ominous attack was in the works. Microsoft’s Threat Intelligence Center, a specialized unit of Microsoft’s cybersecurity team, got a glimpse of a unique “wiper” malware they called “FoxBlade.” Just hours before Russian armed forces crossed into Ukraine, FoxBlade was deployed to target Ukrainian government organizations and their networks to disrupt operations and potentially disable key infrastructure and financial systems. This could have left the Ukrainian people and military forces without power and cellular communications. 

Unfortunately, unique forms of malware like FoxBlade or their variants often end up on the dark web for sale to anyone with enough cryptocurrency — meaning wider access for hackers and bigger threats for organizations. 

New Attacks Call For New Defensive Strategies

The speed of the FoxBlade attack spiked concern not because it was a novel form of malware — but because the targets were already identified and vulnerabilities in those systems were already present. Thanks to foresight by cybersecurity and IT teams from around the world, procedures and protections were in place to ensure a rapid response to any intrusion and strive to quickly fix any issues as they arose. 

While there are no confirmed cyberattacks connected to Belarusian and Russian cyberattacks on U.S.-based organizations or companies, there have been numerous intrusions within systems in Europe connected to these hackers. In light of these increased and varied attacks, CISA issued a warning for U.S.-based entities to prepare for possible disruptions via cyberattacks. Furthermore, Palo Alto Network’s Unit 42 outlined security implementations specifically designed to counter newer variations of wiper attacks like FoxBlade. 

What You Can Do to Prepare

What implications do FoxBlade and other new malware variations have on your organization’s cybersecurity efforts? To protect your organization’s assets and safeguard against future forms of cyberattacks, you and your IT team should prepare for every contingency as threats evolve and change. Here’s what you can do to immediately improve your cybersecurity:

• Continue monitoring and protecting your networks. Follow through on unwanted or unfamiliar access and report suspicious activity to your cybersecurity and information technology teams. Any unique or anomalous attacks should be reported to CISA at central@cisa.dhs.gov or to your local FBI field office.
• Update your incident response plan. CISA has a dedicated page called “Shields Up” to address the Ukraine crisis as it relates to cybersecurity. There you’ll find specific guidance to defend against the latest attacks.
• Backup your data. Segmenting critical data from other parts of your network with multiple redundancies is the best way to avoid data loss should an attack occur. Conduct backup contingencies frequently to provide immediate recovery in the aftermath of an attack, power loss, or other disasters.
• Reduce further opportunities for malicious attacks. Working now to address vulnerabilities and known exposures will prevent hackers from accessing your systems in the future. Applying fixes to initial networks will prevent unwanted access via spearphishing, direct brute-force attacks, or exploits. CISA recently published a technical guide to known vulnerabilities against edge systems that are broadly used throughout enterprise and government-level networks. If your network infrastructure uses any of these systems, you should apply mitigation solutions immediately.

At the end of the day, the best thing you can do to stay secure is to keep your core systems up-to-date and work with an informed IT partner you trust.

The cybersecurity team at TTI is capable of evaluating your network and organization from the ground up to provide a right fit solution to keep you secure. If you’re uncertain about the integrity of your cybersecurity solutions, take advantage of our free Cybersecurity Assessment Tool or contact us for a detailed assessment.