Cybersecurity in 2022: How war in Ukraine changes the game

In April, the U.S. Attorney General and New York Times made public a development undeniably linking global cybersecurity with the Ukraine war. The U.S. government had secretly removed malware from computer networks worldwide that could have created Russian-controlled botnets for malicious actions from surveillance to cyber attacks.

In another side to the war, Ukraine’s “IT Army,” comprised of the nation’s tech workers and volunteers worldwide, published critical information about Russian and Belarusian financial services companies, then knocked their websites offline.

As activity in the global cyber landscape escalates, with critical infrastructure often in its crosshairs, so have requirements for cybersecurity monitoring and reporting. Entities including the U.S. government have enacted strict mandates and deadlines for reporting hacks, ransoms and more.

It’s clear that in addition to sanctions, supply chain disruption and the direct humanitarian impact of the war, companies have another Ukraine-related issue to keep on their radars: cybersecurity. What can CIOs/CISOs and executive leaders do to keep their companies protected and prepared, particularly as the environment evolves? Read on for background, with next steps for taking action.

Cyberspace Has Become a Second Theater of War

Russia is a noted state cyber actor. With the 2017 NotPetya attack, the world caught a glimpse of these capabilities in use against Ukrainian entities — and the global repercussions. In February 2022, increased observations of “cyber probing and skirmishing” soon turned to full recognition that Russia was deploying malware, ransomware and more against Ukraine and nations acting in Ukraine’s defense.

In late April, Microsoft released a report detailing 37 Russian cyberattacks inside Ukraine between February 23 and April 8 alone. This report and others detail attacks targeting critical infrastructure, local telecom providers, energy grids and government networks.

“Russia’s use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations targeting services and institutions crucial for civilians,” Microsoft wrote in its report. “Actors engaging in these attacks are using a variety of techniques to gain initial access to their targets including phishing, use of unpatched vulnerabilities and compromising upstream IT service providers. These actors often modify their malware with each deployment to evade detection.”

European Conflict Ignites a Global Hacker Army

Resistance has been digital as well. Ukraine is a tech-savvy nation. In fact, it’s estimated that more than 100 of the world’s Fortune 500 companies rely at least partially on Ukrainian IT services.

Ukraine has been leveraging its tech expertise in its defense. In the war’s early days in March, the Washington Post reported that “An IT army of volunteers from inside and outside Ukraine has been targeting Russia with a mix of offensive hacks and information operations aimed at cracking through Russian censorship with news about the bloody conflict.”

Players from outside of Ukraine’s borders have joined the fight as well: allied nations offering remote assistance, nations such as China allegedly joining the mix of hackers worldwide rallying to the cause, many via a Ukrainian Telegram channel with hundreds of thousands of subscribers.

“For the first time in history anyone can join a war,” Lotem Finkelstein, head of threat intelligence at Check Point Software, told CNBC. ‘We’re seeing the entire cyber community involved, where many groups and individuals have taken a side, either Russia or Ukraine. It’s a lot of cyber chaos.”

A March article in Quartz further detailed the situation — and potential threat ahead: “The cyber-skirmishes in the Russia-Ukraine war have been fought mainly by activists and amateurs engaged in relatively harmless vandalism, DDoS attacks and memeing. But there’s a risk that the cyberwar could escalate if Russia’s cyber gangs join the fray.”

Elevating Cybersecurity Against Escalating Threats

How can CIOs and CISOs keep their organizations out of the cyber crossfire, or at least mitigate the risk, minimize the damage and remain compliant?

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends that organizations of all sizes adopt a heightened cybersecurity posture. Tips follow drawing from CISA and Diligent guidance on next steps.

• Reduce exposure through multifactor authentication, vulnerability scanning and strong cyber hygiene and controls
• Stay current on antivirus/anti-malware software, signatures, patches and updates, particularly those that address known exploited vulnerabilities
• Isolate sensitive records, documentation and data among corporate entities and subsidiaries using entity management solutions
• Safeguard board and executive communications using secure portals and messaging apps
• Sharpen visibility using risk intelligence data and monitoring tools, including solutions equipped with AI for real-time monitoring
• Monitor, inspect and isolate traffic from organizations with ties to Ukraine and closely review access controls for that traffic
• Train cybersecurity and IT personnel to quickly assess and respond to any unexpected and unusual network behavior
• Use supplier management solutions, integrated with up-to-date news and regulatory data, to identify IT and cybersecurity-related vendors and products that have been banned or placed on sanctions lists, such as Kaspersky IT tools and solutions
• Frequently and thoroughly communicate about precautions with investors, shareholders, customers and employees

Heightened cybersecurity also includes a plan for keeping operations running if critical data is stolen or key systems go down. You should:

• Back up data and keep this data isolated from network connections
• Have manual controls in place as needed, especially if using industrial control systems or operational technologies
• Test these backup procedures and manual controls before you need them
• Designate a crisis response team and key personnel for surge support and communications in areas such as technology, communications, legal and business continuity
• Use tabletop exercises to walk through plans, roles and responsibilities

Strengthen your preparation and protection even more with Diligent’s Risk Management Checklist.