6 steps to take to protect yourself from Russian attacks related to the current military conflict
Since the start of the military conflict between Russia and Ukraine, several governments have issued advisories to alert organizations to the increased risk of cyberattacks. This is the case, for example, of the Canadian Center for Cybersecurity and the White House. The media has also been reporting on cyber attacks launched by the Russian government. We have also confirmed in the Journal de Montréal that the attack that targeted the Aluminerie Alouette came from the Russian group Conti.
It is obvious that the current military conflict strongly increases the risk of cyber attacks against the infrastructures of NATO countries because they have taken a stand for Ukraine. When sanctions are taken against Russia, the level of risk of cyberattacks increases each time. We are clearly in a turbulent zone in terms of cybersecurity. To sit idle is to take the risk of being hacked.
One of the peculiarities of ransomware attacks in times of military conflict is that there is usually little room for negotiation being victims. Indeed, the hackers will be primarily driven by the desire to punish you. The desire to collect a ransom comes next.
You have been warned! You must therefore do everything possible to avoid being breached at this time. How can you do this? Here's what to do.
Block Russian IP addresses if you don't do business with Russia
This measure is simple to implement and is quite effective. By eliminating the possibility that Russian IP addresses can launch cyber-attacks against your organization, you will minimize the probability of suffering from a computer intrusion from Russia.
Solution: Almost all firewalls on the market offer the ability to block IP addresses based on a geographic area. Implement rules to block traffic from Russia in case you do not do business with this country.
It should be noted that this measure will not protect you against 100% of Russian attacks, but will greatly reduce your attack surface. Indeed, there are various means such as VPNs, which allow you to bypass the geographical block.
It is important to remember that most attacks are not targeted and are initially launched by bots that scan the Internet 24/7 for vulnerable systems. IP blocking will be very effective against untargeted attacks.
By blocking IPs from Russia, you will greatly reduce the risk of cyberattacks either launched by the government or by Russian cybercriminal groups.
Educate employees on cybersecurity risks
You need to educate your employees on the risks of cyber attacks related to the current military conflict. Attacks against Canada and more generally NATO countries will increase. Phishing attacks will intensify because human vulnerability remains the easiest way to hack a network.
Make backups
Ransomware will be used extensively in cyberattacks that will be related to this conflict. One of the most urgent steps you should consider is taking backups. In the event of a ransomware attack, you will be able to restore them and get back into production quickly.
Solution: you should always back up three copies with one kept internally, one externally such as in the cloud as well as one kept offline. Test your backups and make sure they work.
Monitor your network security 24/7
Many cyber attacks generate a lot of noise in your network. Unfortunately, if you don't have intrusion detection technologies to protect it, you will never be able to identify and block them. By the time you realize you've been hacked, it will be late and the impact will be major.
Solution: you must develop an intrusion detection system such as StreamScan's CDS to protect your network. It is important to deploy an antivirus or an EDR on each machine of your network. The protection should cover your internal network, the Cloud and O365 for example. You should then monitor your network security 24/7.
Don't forget, hackers never take a day off or a vacation! If you don't monitor your network at all times, be prepared to deal with security incidents.
Apply security patches
Many cyber attacks will exploit existing security holes and vulnerabilities in your network. So you need to make sure that there are none that can be easily exploited by hackers.
Solution: install a vulnerability scanning tool such as NESSUS, QUALYS, OPENVAS, etc. These tools are used to regularly identify vulnerabilities in your network.
Connect with partners who can help you in the event of a cyber attack
If you don't have the in-house expertise to handle cyber security incidents, we strongly suggest that you connect with the Canadian Cyber Security Center. You will be able to benefit from advices on how to be well prepared.
You should also establish contacts with at least one firm specialized in cyber attack response such as StreamScan. If needed, we can assist you in an emergency, which will reduce the impact of the cyber attack on your organization.
How can StreamScan help you?
- We can help you define your incident response plan and test it to confirm that you are prepared to deal with incidents that may target you.
- We act as your incident response firm. If an incident occurs, you can trust us to help you manage it effectively. We have to our credit the management of dozens of cases of ransomware, data exfiltration, fraud, phishing, etc.
- Our 24/7 security monitoring service gives you 360-degree visibility and helps you manage your network security effectively and proactively and keep you safe from cyberattacks. We know the most common ways for hackers to enter networks and how they operate. When monitoring the security of your network, this knowledge is used to quickly isolate problem cases. It is also used to address them at their source before they become a problem.