Rising Danger of Russian Cyberthreats and What You Can Do to Protect Your Organization

The Department of Homeland Security has warned of Russia’s potential to launch cyberattacks against the United States in response to a possible escalation of the crisis unfolding at the border with Ukraine. According to a DHS Intelligence and Analysis memo sent to law enforcement partners nationwide, the US government assesses that Russia would consider a cyberattack if a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security.

DHS indicated in its assessment that Russia’s threshold for conducting disruptive or destructive cyberattacks in the US remains very high. Disruptive and destructive cyberattacks take many forms, from distributed denial-of-service attacks to complex attacks on critical infrastructure.

Last year, Russian threat actors caused two of the most destructive cyberattacks in recent memory. The Colonial Pipeline attack in May 2021 took down the largest fuel pipeline in the US and led to widespread shortages across the country, while the meat supplier JBS had its operations shut down due to Russian-based hackers and had to pay an $11 million ransom.

Russia is also responsible for the SolarWinds breach in late 2020, where Russian-backed cybercriminals gained access to 10 US government agencies, including the Department of Homeland Security, the Pentagon, and the Department of Commerce. These Russian cybercriminals had access to many key systems for over 90 days before this hack was discovered. We need to take all this into account and realize that these Russian cybercriminals may still have embedded themselves in critical systems that we have not yet discovered.

Could Cyberattacks on the US Backfire?

It depends on the timing and impact of an attack. Russia could provoke a major response from the United States by taking down the critical infrastructure that the people of this country depend upon. Russia understands that launching a blatant attack like this would result in counterattacks against its institutions, so the country’s leaders will tread lightly.

How Can US Organizations Protect Themselves?

Government agencies and large corporations are not the only targets that Russian cybercriminals have in their sights; unfortunately, small to mid-sized businesses (SMBs) are increasingly becoming victims of state-sponsored cyberattacks.

Ensure your organization has the appropriate security controls in place to help protect your valuable corporate and customer data and mitigate the chance of becoming the next cyberattack victim. Consider taking the following steps to strengthen your organization’s cybersecurity defenses:

1.     Secure Your Hardware

Unpatched or out-of-date assets provide the easiest entry points for threat actors. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Vulnerability scanning and timely patching to fix discovered vulnerabilities that ransomware might exploit are critical.

Update software, including operating systems, applications, and firmware on IT network assets on time. Prioritize patching known exploited vulnerabilities and critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment. Patching should be ongoing because new vulnerabilities are continually identified, and new patches developed. Consider using a centralized patch management system.

2.     Employ a Data Backup and Recovery Plan for All Critical Information

You should assume that you will fall victim to a ransomware attack at some point in time. One of the most important steps you can take to protect your data and avoid paying a ransom is to have a reliable backup and data recovery plan for your business-critical information. Encrypt your data so that the data will be inaccessible if a data breach occurs. 

Also, you need to up the frequency of your backups – the backup frequency is the primary factor determining how much data could be potentially lost in a ransomware attack, even if you can fully restore your backups. For example, if you are backing up data every 15 minutes, you could lose up to 15 minutes’ worth of data in a ransomware attack because that data has not yet been backed up and therefore cannot be restored.

Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Note that ransomware can also affect network-connected backups, so critical backups should be isolated from the network for optimum protection.

3.     Develop a Comprehensive Security Strategy Based on the NIST Cybersecurity Framework

The NIST Framework offers guidance for organizations looking to better manage and reduce their cybersecurity risk. It offers a set of processes that can help organizations measure the maturity of their current cybersecurity and risk management systems and identify steps to strengthen them. Organizations of all sizes should have a comprehensive cybersecurity strategy based on the NIST Cybersecurity Framework that considers the Greater adoption of IoT devices, greater use of public and private clouds, BYOD, and the new reality of employees working from home.

However, many organizations lack qualified personnel to develop and implement a security strategy for various reasons. Those organizations should consider hiring a third-party company specializing in cybersecurity, such as Orion Networks. We can help you develop a comprehensive cybersecurity program that enables you to identify, prevent, detect, respond, and recover from ransomware threats.

4.     Provide Ongoing Employee Cyber Awareness Training and Testing

Most ransomware attacks start with a phishing email. In May 2021, Russian-backed hackers launched a supply chain attack targeting human rights groups and think-tanks, including USAID. The hackers sent out emails that looked like they came from USAID. Those emails contained links, and when the recipients clicked on them, it loaded malware into their systems, allowing the hackers full access.

One of the best ways to increase your protection and reduce the risk of having your confidential data breached by a ransomware attack is to provide continuous cybersecurity awareness training for your employees. People need to know the tactics of our enemies as they are the first line of defense.

Implement regular security awareness campaigns at all levels of the business to embed security into your company’s culture. This helps employees automatically consider cybersecurity in every decision they make, which can help keep your organization safe. Management, at all levels, needs to understand its importance and make security part of the company culture. Your cybersecurity awareness training program should cover topics related to malware, ransomware, social networking, safe surfing, phishing, and more, as well as password protection, device security, data handling and disposal, cyber incident reporting and handling, and other safe practices.

Randomly test employees, at least quarterly, to determine if they are susceptible to phishing scams. A phishing test allows organizations to send employees an email that looks real but is completely fake to test their users. The point of regular testing isn’t to penalize employees for wrong answers or infractions, but to create teachable moments anchored in real-life experiences. It also helps you reevaluate your training plan by spotting where your staff failed to comply. Provide additional resources and training for employees who struggle.

Secure Your Organization Against Ransomware with Orion Networks

A ransomware attack can disrupt business operations, render critical infrastructure unusable and significantly damage the organization’s brand. With cybersecurity services from Orion Networks, you can prepare your organization to prevent, detect and respond quickly to ransomware, mitigating the effects of an attack. Our comprehensive cybersecurity services include round-the-clock monitoring, operations management, ongoing optimization of your security environment, response and remediation, and backup and data recovery. Contact us today to schedule a consultation.

Thanks to our colleagues at Velocity IT in Dallas for their help with this article.