Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Trustwave’s Action Response: Russia-Ukraine Crisis – Defending Your Organization From Geopolitical Cybersecurity Threats

Feb. 28 Update: The latest economic sanctions imposed upon Russia could inspire that nation or cyber groups working to support Russia to lash out against Western targets. With that in mind, Trustwave SpiderLabs wants to reiterate that all organizations must remain vigilant and, if they have not already done so, redouble their efforts to fortify their networks against a cyberattack due to the ongoing Russian attack on Ukraine.

Trustwave security and engineering teams are on heightened alert and are actively monitoring malicious cyber activity associated with and adjacent to the escalating military conflict between Russia and Ukraine. Trustwave is working closely with its clients around the world to enhance cyber preparedness during this time.  

Organizations that operate in high-value, critical industries such as banking, critical infrastructure (energy, oil and gas, etc.) and supply chain should especially elevate their cyber posture during this time. 

We have engaged our security teams across our global footprint to continuously harden our own cyber resilience and ensure service continuity for our clients as events unfold.  

As the situation evolves and additional threat intelligence becomes available, we will continue to proactively detect and respond to emerging threats.  

In addition to monitoring for cyberattacks and malware use during this time, the elite Trustwave SpiderLabs team is actively monitoring for phishing, social engineering techniques and Dark Web chatter associated with these events to further enhance cyber detection and response for our clients. For MSS clients that have managed solutions by Trustwave, we are validating available detective and preventative policies are deployed and are conducting historical searches for associated activity. 

Trustwave is prepared to issue a swift response and assist any organizations that fall victim to cyberattacks associated with these geopolitical events.  

Act Now: Government Agency Guidance to Prepare for Potential Threats  

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued multiple alerts associated with potential malicious nation-state cyber activity. CISA recommends all organizations – regardless of size – adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. 

Trustwave encourages all organizations to follow CISA’s “Shields Up” guidance, which can be found here

CISA has specifically provided guidance and resources for critical infrastructure organizations, which could be particularly targeted during this time:  

"The Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country's government, military and population and accelerate their acceding to Russian objectives," CISA said. 

Organizations across regions should also review the following guidance from CISA’s partner agencies:  

What Type of Organizations Are at a Higher Risk During this Time 

Organizations with business dealings with Ukrainian and Russian firms should take extra care to monitor, inspect and isolate traffic from organizations in that geography and closely review access controls for that traffic. Again, organizations that operate in high-value, critical industries such as banking, critical infrastructure (energy, oil and gas, etc.) and supply chain should especially elevate their cyber posture during this time. 

Nation-state or associated actors may have capabilities and intentions beyond those of a run-of-the-mill cybergang that are just looking to make a profit. With enough time and money, a nation-state is likely to succeed in gaining access, so it is imperative that organizations have a robust plan to detect and respond to a breach or major event. 

It is also essential to keep in mind that threat actors do not always have financial gain in mind when launching an attack. There are times when a threat actor simply wants to break something, hinder operations, and cause chaos for geopolitical or ideological reasons. 

All organizations should practice their response plans and remain vigilant. 

Stay Alert: New Malware and Malicious Tooling Emerging  

Organizations should also be aware of the new or repurposed malware tools now in the wild. The Russian-linked threat actor, dubbed Sandworm or Voodoo Bear, is using a “large-scale modular malware framework” that the cyber agencies have dubbed Cyclops Blink. Cyclops Blink has largely replaced the VPNFilter malware in Sandworm’s activities since at least June 2019. You can read the advisory from the National Cyber Security Centre here

Additionally, according to ESET Research, Ukrainian organizations have been hit by a cyberattack that involved new data-wiping malware called HermeticWiper. The malware has impacted hundreds of computers across networks.  

This malware attack followed a wide-scale distributed denial-of-service (DDoS) that took many important Ukrainian websites offline.  

Trustwave Nation-State Threat Defense Insights and Recommendations

The playbook organizations should use to keep safe from a nation-state or associated cyberattack during this time remains the same. Having the cyber fundamentals in place is critical now more than ever. Here are some of our top recommendations for organizations, in line with the guidance provided by leading government cyber agencies:   

  • Ensure that cybersecurity/IT personnel focus on identifying, detecting, assessing and responding to any unexpected or unusual network behavior.   
  • Conduct proactive threat hunting to ensure unknown threats are not lurking within your environment. 
  • Conduct an asset audit focusing on assets that have external access; eliminate stale accounts and check privileged access. 
  • Conduct a third-party vendor / supply chain assessment. Focus on those places where third parties have access to your environment. Ensure no old entry points are left open.  
  • Institute multi-factor authentication (MFA) for internal and external users. Check that passwords are strong. 
  • Bring your workers to a higher state of alert, tell them to triple check links and attachments in emails before clicking to guard against phishing attacks.
  • Deploy an effective endpoint detection and response (EDR) solution.
  • Conduct crisis simulations to ensure all parts of your organization are prepared to respond to a major cyber event, not just IT staff. 

The Long-Term Cyber Impact Trustwave is Keeping an Eye On 

There is a possibility that the malware and other techniques attackers use will eventually make their way into the hands of conventional threat actors. 

It is not uncommon for malicious code to get sold, traded, dispersed and then used for attacks against targets across industries like retail, e-commerce, etc. This activity might not take place for several months. Trustwave is actively monitoring for malicious techniques and code collaborations and sales on the Dark Web.   

Latest SpiderLabs Blogs

Important Security Defenses to Help Your CISO Sleep at Night

This is Part 13 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More

2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies

Trustwave SpiderLabs’ 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report details the security issues facing public sector security teams as...

Read More

How to Create the Asset Inventory You Probably Don't Have

This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More