Any state-sponsored Russian assaults aimed at supporting Russia’s invasion of Ukraine or retaliating for US, NATO, or other foreign measures taken in reaction to Russia’s invasion of Ukraine are more likely to be destructive or disruptive in character than aimed at stealing data.
This blog addresses the many sorts of attacks that businesses may face and suggests ways to mitigate or remediate them.
Malware
Among the most alarming scenarios is the possibility of a damaging malware assault on the United States, NATO allies, or other foreign governments. This could be a direct assault or the result of a spillover from an attack on Ukraine, such as the 2017 NotPetya operation, which targeted Ukraine and spread to other regions of the world.
The ideal malware protection is to prevent infection in the first place, which keeps assets up to date and employs effective access restrictions, like multi-factor authentication. It’s important to have an incident response strategy in place of the worst-case incident, as well as a business continuity plan.
Phishing Campaigns
Russian state-sponsored attackers are also well-known for spear-phishing attempts, and it is common to find phishing attacks that link to fake websites posing as news, charity organisations, or other seemingly relevant information.
Keep alert and avoid clicking on strange links or opening attachments. Defenders should implement strong spam filtering and attachment scanning. Educating employees about the hazards of phishing and executing phishing campaigns on a regular basis would also assist in reducing this issue.
Ransomware
Ransomware might be used to disrupt overseas targets as well. The 2021 ransomware assault on the Colonial Pipeline in the US was believed to be the result of criminals based in Russia. Opportunistic attackers searching for ransoms will still be on the hunt and will most likely take advantage of the confusion.
To achieve resilience, defenders should analyse asset and application settings, and in the event of a ransomware attack, evaluate incident response processes.
How else can you prevent attacks?
- Backup data on a frequent and regular basis
- Monitor cybersecurity measures continuously
- Create an incident response plan
- Conduct a vulnerability assessment
- Increase cyber awareness
- Incorporate cyber expertise into the board
