A cybersecurity war is being waged in addition to the Russian ground attack on Ukraine. At this point, the targets are largely Ukraine and Russian critical infrastructure. 

A few statistics: 

• Nearly 80% of nation-state activity targeted enterprises; 21% targeted consumers. 
• The most targeted sectors were government (48%), NGOs and think tanks (31%), education (3%), intergovernmental organizations (3%), IT (2%), energy (1%), and media (1%). 
• Microsoft has alerted customers of nation-state attack attempts 20,500 times in the past three years.
• Russian nation-state actors primarily target the United States, Ukraine, and the United Kingdom, Microsoft data shows.

US commercial enterprises are not being targeted for damage at this point, but you may have gaps and vulnerabilities that could or already are being used as a “remote army” of sorts for any of the bad actors out there in the wild. 

Have your systems been enlisted?

Cyberwar is not bound by analog maps and borders. YOU are a PATRIOT; you support democracy and the underdog. But what side of the conflict is your computer enlisted to fight for? Good or bad? Is your computer or computer network really part of the global allies?  Are you sure? There has been plenty of news about embargoes but very little about the traitor within.

Do you unknowingly have command and control c2 servers sitting in wait? Do you have vulnerabilities actively in wait? Are you running TOR network nodes? Do you have exposed cloud services like AWS, Azure, and Google Cloud Platform? Do you have OT networks like cameras and subscription security services for HVAC? These are just a few examples of the “troops” of this new warfare. Don’t let the bad guys enlist your assets or your resources and turn them against you!

Cybersecurity is your patriotic duty.

What can you do about it? It’s time to do your patriotic duty. This is the time to change passwords, review your internal and external exposure, and shrink your footprint.  Do your servers need internet or PDF readers installed? If so, limit the access to just those resources. Do you know what resources are hosted and exposed through your internet connection?

Ramping up basic cybersecurity activities like patching, MFA, least privileged access, network segmentation, and limiting outbound traffic from your server infrastructure are very effective in stopping ransomware, DDOS, and Man-In-The-Middle nation-state attacks. Ensuring that you have complete network visibility to anomalous behavior will allow you to take quick action as well as monitor workstations for command and control activities.  

RAVENii will continue to monitor trends, but we are well-positioned to fend off attacks for our SOC customers. We strongly encourage everyone to remain vigilant. If you need advice or assistance with any cybersecurity concerns, please give us a call at 844-317-0944. We are here to help!