Given Russia's reputation for highly-sophisticated cyberattacks, the country's invasion of Ukraine has sparked justified fears of an imminent global cyberwar.
While, for the time being, Putin’s cyber efforts against Ukraine are surprisingly restrained, this may not be the case for other countries. Russia appears to be mounting a cyberattack offensive against nations that have voiced their disapproval of Ukraine’s invasion through economic sanctions - a dampened fulfillment of Putin’s ominous threat of punishing any country that interferes with his efforts.
“Whoever tries to impede us, let alone create threats for our country and its people, must know that the Russian response will be immediate and lead to the consequences you have never seen in history.”
Vladimir Putin
President of Russia
The most recent evidence of this cyber threat being exercised occurred on Tuesday, 1 March. Just days after joining the economic sanction responses of its Western allies, Toyota was forced to halt all plant operations in Japan following a suspected supply chain attack. While Russia hasn’t officially claimed responsibility, its involvement can be inferred from the sinister remarks of Mikhail Yurlevich Galuzin, the Russian ambassador to Japan.
Learn how to comply with CPS 230 >
“Should Japan impose sanctions on Russia, there would be consequences.”
MIkhail Yurlevich Galuzin
Russian Ambassador to Japan
Since Australia has also implemented economic sanctions against Russia, Australian critical infrastructures and businesses are at a heightened risk of being added to Russia’s cyberattack firing line.
In recognition of this, the Australian Cyber Security Center (ACSC) has issued an urgent advisory for Australian businesses to elevate their security posture.
The following roadmap can help you achieve a standard of cyber resilience with the highest potential of defending against nation-state attacks.
Implement an Essential Eight Framework
According to the ACSC, the Essential Eight ensures Australian businesses meet the minimum recommended cybersecurity standard. This framework strengthens the cyber resilience of an IT network through eight strategies:
- Application control;
- Patch applications;
- Configure Microsoft Office macro settings;
- User application hardening;
- Restrict administrative privileges;
- Patch operating systems;
- Multi-factor authentication; and
- Regular backups.
Learn more about the Essential Eight.
Detect and Address Supply Chain Security Risks
Since January 14, 2022, Russia has launched a series of cyberattacks targeting Ukrainian government websites. Many of these attacks are believed to have been facilitated by a vulnerability in OctoberCMS, a content management solution used by the Ukrainian government.
The vulnerability tracked as CVE-2021-32648 is being used as an attack vector for a destructive new family of malware called WhisperGate.
Learn more about CVE-2021-32648.
Thanks to its malevolent efficiency, the supply chain attack is a well-worn tactic in Russia’s cyberattack arsenal. Instead of confronting fortified walls around common entry points, it’s much simpler, instead, to slip through the backdoor by compromising a third-party vendor in a victim’s supply chain.
Supply chain security risks can be instantly discovered with an attack surface monitoring solution.
The most comprehensive evaluation of the third-party threat landscape is achieved by combining attack surface monitoring with security questionnaires. Security questionnaires surface commonly overlooked third-party risks buried inside a supplier’s ecosystem.
UpGuard offers a library of security questionnaires that map to popular cybersecurity frameworks, including the Essential Eight.
Click here to try UpGuard for free for 7 days.
Familiarise Yourself with Russia’s Latest Malware Campaigns
Get familiar with the malware campaigns Russia is currently deploying. Each item in the list below links to a resource detailing mitigation strategies.
Conti ransomware is a particularly dangerous strain of ransomware due to the speed with which it encrypts data and spreads to other systems. Fortunately, the Conti source was recently leaked by a Ukranian researcher. This invaluable intelligence could help security teams predict and intercept the Conti ransomware attack pathway.
- For more information about the lifecycle of Russia's latest destructive malware campaigns, refer to this resource by Microsoft.
- For more details about Tactics, Techniques, and Procedures (TTPS) that could be associated with Russia’s malware campaigns, refer to this resource by the ACSC.
- For more information about how Australian businesses can improve their cyber resilience, visit Cyber.gov.au.
Detect and Shut Down all Data Leaks
Data leaks are overlooked exposures of sensitive data that make data breaches easier for cybercriminals. These leaks could be caused by software vulnerabilities or misconfigurations facilitating unauthorized access to sensitive resources - such as the significant Microsoft Power Apps data leak in 2021.
Like supply chain attacks, data leaks allow cybercriminals to circumvent formidable security controls by exploiting a backend vulnerability. Because of this convenience, data leak exploitation should be regarded as a probably tactic in Russia’s bag of cyberattack tricks and urgently addressed.
Speed is Critical
Australian businesses need to act fast. Russia’s probable cyber attack on Japan demonstrates how quickly the nation can punish those that have joined the chorus of economic sanctions.
To learn how UpGuard can help you accelerate the improvement of your security posture, get in touch with us now!