The Ukraine Crisis – Cybersecurity Imperatives to ensure Resilient Business Operations in a World full of Turmoil
Mar 01, 2022

The Ukraine Crisis – Cybersecurity Imperatives to ensure Resilient Business Operations in a World full of Turmoil

Vasudev Surabhi
VASUDEV SURABHI
DIRECTOR, NETWORK AND CYBERSECURITY

Enterprise readiness to mitigate cyberattacks will have far reaching consequences as the on-going cyber warfare in Ukraine poses a threat to global businesses.

For a couple of months now, Ukraine has been victim to a series of cyberattacks which have been known as the most devastating and complex cyberattack in their history. Cyber experts around the world are on high alert and continue to provide security guidance to ensure business resilience. At Microland, we have always emphasized that Cybersecurity is no longer an afterthought for global enterprises but should be integral to their business and technology strategy.

As we look at some of the imperatives for enterprises to detect, thwart, respond and remediate cyber-attacks, some of the measures recommended in this article will continue to evolve. Microland will continue to work with global enterprises to monitor cybersecurity concerns and provide adequate support through our Managed Detection and Response (MDR) offerings from our Cybersecurity practice.

We urge enterprises to give a critical thought to their cybersecurity posture and remain vigilant during these unprecedented times. We continue to share guidance with our global stakeholders that specific tactics, techniques, and procedures (TTPs) could quickly evolve into a direct attack or emerge as a spillover from an earlier cyberattack.


Possible Attack Vectors

 

One of the most devastating type of attacks include Malware and Ransomwares which can cripple an enterprise. Cybersecurity researchers have just discovered a new data wiping malware, dubbed HermeticWiper malware (a.k.a KillDisk.NCV) which is fairly similar to WhisperGate, Stuxnet, WannaCry, and NotPetya. Ransomware could also be used to disrupt foreign infrastructure and national assets (one such Ransomware attack was on Colonial Pipeline, the largest pipeline system for refined oil products in the U.S) and the attackers could simply refrain from decrypting files, even if they receive ransom payments, in order to maximize and prolong the disruptive impact on victims.

Recent media reports highlight the rise in DDoS attacks on government ministry websites. In this context, it is plausible that state-sponsored actors will use DDoS cause to disruption to global services. There have been reports of anonymized brute-force access attempts against hundreds of governments and private sector targets worldwide. Cyber criminals use discovered credentials to gain access into networks and further exploit known vulnerabilities such as CVE to elevate privilege and further gain access to critical processes.

Phishing attacks continue to play a dominant role in the digital threat landscape. Phishing attacks are now being linked to malicious websites that masquerade themselves as news sources, aid groups, or other seemingly relevant content. Phishing attack can also target specific individuals or government officials.

Website defacements has been witnessed as the perfect arsenal for cyberattackers to spread propaganda and fake news. The malicious actors typically access a website’s hosting environment and make changes to important assets like public HTML directory, SQL databases, or WordPress admin accounts. Attackers exploit security vulnerabilities using techniques such as SQL injections, brute force attacks, credential leakage, cross-site scripting (XSS), malware insertion, etc. to get unauthorized access to critical systems.


Imperatives for CISO, Red Team and Blue Team Defenders to achieve Cyber Resilient First Business Operations

 

Adhering to established best practices can minimize risk of cyberattacks, some of these activities become mission-critical in times of heightened cyber threats. These include:

  • Evaluate cyber posture and maturity assessment to limit attack surface exposure
  • Build proactive cyber defense architecture with end-to-end coverage   
  • Establish 24/7 continuous monitoring with complete visibility of all critical/crown jewels from SOC operations along with a robust and proactive incident response plan
  • Proactive risk-based vulnerability management and cloud security posture to identify exposures, vulnerabilities, and misconfigurations that can provide opportunities for attackers to gain a foothold in enterprise environments
  • Proactive measures to actionize relevant mitigations and patches
  • Proactive Penetration Testing (PenTest) and Red teaming exercises

 

In the past, Microland Cybersecurity services has been tasked to provide a range of cybersecurity services for critical infrastructure entities, such as global Energy & Utilities organizations and Government agencies.  We continue to coordinate with global technology partners on issues related to cybersecurity threats targeting mission critical sectors.

At Microland, we provide curated and proven cybersecurity services that have helped enterprises and governments secure their digital landscape and focus on business. We also recommend global enterprises to check their local government website for continued cybersecurity guidance. Click here to engage with an expert from Microland to learn more.