Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Russia-Ukraine Crisis Heightens Malicious Cyber Activity: 8 Ways to Bolster Your Cyber Defense

The ongoing war between Russia and Ukraine has placed organizations worldwide on full alert due to the possibility that cyberattacks related to the conflict may impact organizations outside of the region. 

Trustwave's Darren Van Booven, Lead Principal Consultant, and Grayson Lenik, Director of Consulting and Professional Services, Trustwave Government Solutions, recently conducted a webinar “Russia-Ukraine Crisis – Defending Your Organization from Geopolitical Cybersecurity Threats” that looked at the current threat landscape and made cyber defense recommendations for organizations. 

Malicious Cyber Activity During This Time

After several weeks of warfare between Russia and Ukraine, an equivalent scale confrontation on the cyber front has not been opened. However, there have been some notable activities. For example, Russian-tied hackers have utilized wiper malware against Ukrainian organizations, and the notorious Conti ransomware gang and the Anonymous hacker group took sides. 

Trustwave SpiderLabs researchers also saw Dark Web chatter with threat actors attempting to gather forces to defend Ukraine. These discussions included launching Distributed Denial of Service (DDoS) attacks against the Russian government and military websites. 

Another possibility comes in the form of widespread malware. An attacker could release a malware variant like Not Petya equipped with a wormable functionality and, even though the attacker aimed the malware at a specific target, it could spread. If the malware developers don't put controls in the software to limit how it spreads, it can then end up being disbursed worldwide over the Internet striking any system that's vulnerable.

Hacking groups also seem to be taking advantage of the chaos during this time. The Lapsus$ ransomware gang has recently attacked NVIDIA, Samsung and Vodafone and is looking to bolster its ranks by putting a call out for recruits and access to other organizations.


18493_ams-ukraine-briefing-webinar-cover
WEBINAR

Russia-Ukraine Crisis – Defending Your Organization from Geopolitical Cybersecurity Threats

As the geopolitical stage becomes increasingly tumultuous, organizations across the globe need to be in a heightened state of alert regarding their cybersecurity. Watch this session as our security experts share their commentary and advice in response to potential state-sponsored attacks from Russia.

GET THE FULL REPORT

 

Take These Proactive Preventive Steps Today

These cyber fundamentals are not only pertinent during a time of crisis. The best practices we've outlined that align with CISA's Shield Up recommendations continue to prove effective and necessary for a strong cybersecurity posture. Organizations today already operate in a state of continual threat, and they should immediately implement the actions noted below if they have not done so already. 

  1. Multifactor Authentication (MFA): The number one recommendation we make is for all organizations to enable multifactor authentication. 

We respond to events from organizations and clients where they were exploited by not having multifactor authentication. MFA is something that we say is the bare minimum requirement that you must have and if you don't have that enabled for all of your users today, that alone creates an immediate, high-risk situation for your organization.

  1. Cyber Insurance: Having cyber insurance is key. However, the fact that a major war taking place right now has a cyber component could cause a problem even for those with general coverage.

First, make the call today to see if you are covered or exposed. If you have insurance, check to see if the policy contains any exclusions. Today, many organizations have cyber insurance policies that cover the impact on your business if an attacker brings down your system with a cyberattack. However, some policies have an exclusion stating that the insurance policy does not cover acts of war.

Exactly what an "act of war" is can be broadly interpreted, and it’s good to know what other exclusion the policy includes, so reach out today and ask your underwriter.

  1. Threat Intelligence: There are two layers to conducting threat intelligence within your organization.

At the top level, speak to your staff about what is going on in the world. This communication can vary from a new malware making the rounds that workers should be aware of or a major event like the Russia-Ukraine conflict. This internal monitoring will help staffers "tune in" to what they might see on their system so they can alert the proper team to take action.

On a more technical note, when it comes to vulnerabilities and malware, speed is key. 

With new malware, it doesn't take long for someone to start exploiting the threat in the wild. To be on top of that, you need to obtain the indicators of compromise and any other information you can about what's going on and perhaps who may be the focus of an attack. Once the IoCs are in hand, you can apply the necessary defenses to your organization. There are many places to obtain this information, such as the Cybersecurity and Infrastructure Security Agency, the National Security Agency and commercial threat intel companies. 

  1. Phishing Tests: Run phishing tests using the latest techniques that attackers employ. Here you can use your threat intel skills to develop a plan. For example, if security folks have spotted threat actors using a wiper-type malware in a phishing campaign, you can build a test around how the attacker is presenting the malware in emails.

If you conduct this test properly, you will get an accurate indication of how your staff will react. For example, in one recent case, a client ran such a test on 1,200 workers; 250 did in fact, click on the link, and 100 of those gave their username and password. So, while these numbers are alarming, it was a good test of what can happen, and now the company knows where to focus its efforts.

  1. Threat hunting: We recommend looking into your environment using the IOCs you have gathered regarding current threats. Conducting these exercises is a good habit regardless of the geopolitical situation. For example. if you are worried about a specific weakness or have a new IoC in hand, you can conduct a scan to ensure your system is safe.
  2. Vulnerability Scanning: For the most part, we have noticed many organizations do conduct vulnerability scans. Sometimes it's done to comply with regulations or part of a vulnerability management program that is in place.

A good scan should review your ingress and egress traffic controls, look at your access control list on your web application firewalls, next-generation firewall, and router control lists. It's never too late to go back through and take a deep dive look at what you are and are not restricting.

  1. Backup Data: Ransomware can spread and encrypt backups, so it's imperative these are checked for malware.
  2. Pen and Red Team Testing: Conducting these exercises essentially puts your security team and its response plans through all the points previously mentioned.

A good penetration test or Red Team will include threat intelligence, a phishing test vulnerability scanning, and review ingress and egress controls. So, if you're not doing Red Team or penetration testing, we would highly recommend finding a solid provider. However, if you do have a provider, it might be good to schedule your quarterly a little bit early.

Trustwave Continues to Stay Vigilant 

All organizations should be operating in a state of heightened alert. Organizations particularly in critical infrastructure, supply chain, healthcare and financial services should take extra precautions. 

As the situation evolves and additional threat intelligence becomes available, we will continue to proactively detect and respond to emerging threats for our clients.

Remember, while cyberattacks can happen at any time, hacking groups typically strike when organizations are short-staffed -- Friday afternoons, weekends or during holiday breaks. Have a plan in place for when an attack happens outside of business hours. Ensure your organization has configured its environment for that possibility and is executing the cyber fundamentals correctly. 

Many organizations just throw technology at the issue but don't have the staff to execute the plan. Harden your cyber defenses by having the right people with the right skills.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More