IT Director or CISO of Critical Infrastructure or Service: here's how to protect yourself against Russian cyber attacks
Not a day goes by without media reports of cyber attacks attributed to Russia and targeting NATO countries. The Canadian Center for Cyber Security and the White House have issued alerts to make organizations aware of the increased risk of cyber attacks in Canada and the US. We also confirmed in the Journal de Montréal that the attack that targeted the Aluminerie Alouette came from the Russian group Conti.
In this period of military conflict, one thing to remember is that the risk of cyber attacks from the Russian government is real. However, these cyber attacks will not target all organizations. Indeed, they will be mainly directed against organizations considered as being vital to Canada (also called Critical Infrastructures).
How do you know if you are an essential infrastructure or service?
To find out if your organization is considered critical or not, please consult the following list on the Revenue Québec website. You can also contact the Canadian Center for Cyber Security, the RCMP or Public Safety Canada for confirmation.
You are indeed an essential service if you have been authorized to continue to operate during the closure of organizations due to COVID-19 in March 2020.
Essential or critical infrastructure or services will be targeted as a priority
Russian cyber attacks will be launched mainly with the intention of punishing NATO countries that have imposed sanctions against Russia. The objective is to hurt them, to make them regret their decisions so that they eventually back down. For this, cyber attacks against critical infrastructure are a powerful weapon. Some sectors such as Energy, Manufacturing, Health/Pharmaceutical, Transportation as well as Retail will be particularly more targeted than others because the impact of their hacking can have a (very) strong impact on the population.
The main cyber attacks that will target critical infrastructures or services
Ransomwares will be the main attacks because the hackers will be able to kill two birds with one stone: cripple systems and collect a ransom. In addition to the Russian government, several cybercriminal groups close to or far from the Russian government will launch such attacks. The Russian cybercriminal group Conti has already declared itself ready to help Russia. When it comes to cyberattacks, when we have Moscow's blessing, almost anything goes.
Distributed denial of service (DDOS) attacks will also be part of the game. The objective is to saturate computer systems in order to paralyze them. Ransomwares are likely to be demanded as a result of DDOS attacks. The effects of ransom demands are a deterrent and may lead organizations to negotiate to stop the attack.
The risk of phishing will also increase during this period. It can be used as leverage to access sensitive information, steal passwords, commit fraud, etc.
The risk of espionage will also increase during this period. This is a good opportunity to try to access information that Russia has been coveting for years. So, if you are from R&D in advanced fields (aerospace, military, manufacturing, AI, pharmaceutical/health, universities and research centers, etc.) you are prime targets.
Targeted cyberattacks are more likely to succeed
Targeted cyber attacks are much more likely to succeed than random attacks. This is because it assumes that the attacker has specifically designated you as a target since you are obtaining something of interest to him such as sensitive data, intellectual property, etc. He may also simply be convinced that his action will cause you great harm.
Unlike random attacks, targeted attacks usually involve a lot of resources and several people if necessary. A country such as Russia has great capabilities, including certain technologies, as well as hackers intent on launching large-scale attacks. The attack that took place in February 2022 against Ukraine is an example of this.
When you are designated as a target by Moscow, the chances of being hacked are very high if you do not protect yourself.
How critical infrastructures or services can protect themselves from Russian cyberattacks
The following measures should be applied by critical services or essential infrastructures in order to protect themselves from cyber attacks during the current turbulent period.
1- Contact the Authorities and follow their instructions
Several governmental authorities such as the CSE, the RCMP or Public Safety Canada can provide you with relevant information on the state of the threat in your sector of activity. They conduct ongoing threat intelligence activities and can alert you if your sector or organization is an imminent target. Finally, in the event of an attack, they can support you in the response.
However, manage your expectations. The authorities will not do the job of protecting your network for you. That is your responsibility.
2 - Prepare yourself mentally and flex your muscles
No country, including Canada and the USA, has a cyber army capable of protecting all its organizations. So you are the only ones you can count on to protect yourself against cyber attacks related to the military conflict between Ukraine and Russia.
Now is the time to test your security incident response plan. It's important and urgent to create a response plan if you don't have one already. Practice handling incidents, including ransomwares cases, and sharpen your reflexes. Update your escalation list and make sure you have staff available 24/7 to support the management of a cyber attack.
Also, have the contacts of cyber security firms (such as StreamScan) that specialize in cyber attacks response on hand to assist you in case of need. We can't be too careful!
3 - Educate your senior management and employees because you are a potential target
Following the NATO and Canada's position against Russia and because you are a critical infrastructure, all your employees and your senior management must be informed of the possible risk of a targeted attack. Everyone must be vigilant. Phishing and even previously considered mundane security events should be reported to the IT or cybersecurity team. This heightened level of vigilance must remain until the military conflict is over.
4- Apply the other measures we recommended to minimize the risks of being hacked due to the military conflict between Ukraine and Russia (article IT Directors & CEOs: What to expect in terms of cybersecurity following the current military conflict between Russia and Ukraine).
How can Streamscan help you?
We can help you define your incident response plan and test it to confirm that you are prepared to deal with incidents that may target you.
We act as your incident response firm. If an incident does occur, you can count on us to help you manage it effectively. We have to our credit the management of several dozen cases of ransomware, data exfiltration, fraud, phishing, etc.
Our 24/7 security monitoring service gives you 360-degree visibility and helps you manage your network security effectively and proactively. It also protects you from cyber attacks. We know the most common ways for hackers to enter networks and how they operate. When monitoring the security of your network, this knowledge is used to quickly isolate problematic cases and treat the source before they become a problem.