Global Unrest in Ukraine Highlights Need for Enhanced Network Protection from Malicious Foreign Cyber Threats

The news about Russia’s amassing troops on the border of Ukraine may hit closer to home than you think. Recent attacks in Ukraine highlight the danger of incursions on cyber boundaries as the US government warns all US organizations, from small businesses to enterprises and municipal governments, of a possible Russian retaliatory response to US involvement overseas. This developing situation makes a strong case for Geo Fence policies to protect systems from attacks from these hot spots.

Consider recent cyber news from the region this month:

  • Russian authorities arrested 14 members of the Russia-based REvil hackers, known to have been responsible for the Colonial Pipeline hack and the Kaseya attacks
  • Ukrainian police this month arrested five members of a group behind more than 50 companies across Europe and the US and having made at least $1 million through their malware attacks

The arrests are good news, of course. But the threats remain.

Recently, Microsoft reported “destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government.” An Ukrainian security official attributed the attack to a Belarus intelligence outfit. About 70 Ukrainian government websites were hacked with messages in Ukrainian, Russian, and Polish people to be afraid and expect the worst.

While fear of active warfare rises along the border, there is also concern about cyberattacks. The Center for Strategic and International Studies predicts once there is “a justification for war…cyberattacks will likely follow to degrade Ukraine’s military command and control systems and public communications and electrical grids.”

NPR’s cybersecurity correspondent noted, “There's a lot of vulnerable, pirated software out there on Ukrainian systems.” Worse still, those “cyberattacks could actually spill out and cause damage outside of Ukraine.”

Neighboring Poland, for one, has raised its cybersecurity terror threat level “due to the possibility of a possible security breach of electronic communications.”

The U.S. government, meanwhile, also proactively warned businesses to be wary of digital traffic from the Ukraine and attacks from Russia.

Warning of Digital Traffic from the Region

It is not unheard of for an attack on one country to have global ramifications. History’s “most costly cyberattack,” NotPetya in 2017, infected not only Ukrainian devices but companies around the world. Spreading on its own, the malware cost over a billion dollars globally.

The Cybersecurity and Infrastructure Security Agency (CISA) on January 11, 2022, posted Alert AA22-011A,  “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.”

CISA, the FBI and NSA strongly urged companies to reduce “the risk of compromise or severe business degradation” by:

  • Being prepared (e.g., “Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline.”
  • Enhancing cyber posture (e.g., “Follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.”
  • Increasing organizational vigilance (e.g., “Stay current on reporting on this threat.”

CNN reported on January 24, 2022, that it had obtained an intelligence bulletin from the Department of Homeland Security voicing concern that Russia might conduct cyberattacks as a response to US involvement in Ukraine with NATO. The memo stated, "Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure.”

Geo Fence to Cut Risk of Cyberattack

At the time of this article’s writing, it was unclear how the tensions in the region would play out. Precautions are necessary. To enhance your cyber posture, the small business can take action to protect against the threats coming from the region.

First, strengthen your network security by setting up Geo Fence policies. This defensive measure ensures you deny all IP traffic, except from approved countries and whitelisted IP addresses. With geo fencing, you can eliminate attack vectors malicious cyber actors use to target your network by as much as 80%.

Blocking traffic from selected countries can stop brute force and DOS attacks and prevent persistent reconnaissance and probes.

Calyptix’s Geo Fence feature, part of our AccessEnforcer solution, provides a highly intuitive, interactive heat map for optimizing configuration. Detailed alerts also enable better monitoring, troubleshooting, and tightening of the configuration.

More Proactive Steps for Network Security

Implementing shared threat intelligence can also help your business block traffic from malicious and suspicious infrastructure. Calyptix’s Community Shield™ further defends users from hostile network traffic and attacks. Leveraging data from Calyptix’s fleet of AccessEnforcers and External Threat Feeds, we create a curated list to defend customers from a range of threats that often leverage US-based infrastructure.

Third, patching your software is one of the top things you can do to protect your network. As we’ve seen with Zero-Day exploits, like the recent Log4j vulnerability, it’s important to implement a vigorous vulnerability and patch management process to eliminate software defects.

The CISA report specifically identified 13 software defects (aka vulnerabilities) targeted by Russian state-sponsored advanced persistent threat (APT) actors. These products should be investigated, patched immediately and aligned with a routine vulnerability and maintenance process. Common software defects that threaten small businesses include:

Calyptix’s AccessEnforcer users benefit from automatic software patches as every unit is kept up to date with the latest security rules.

Fourth, implement Zero Trust Network Access (ZTNA). Remote Desktop Protocol (RDP) continues to be the top target at small businesses. Securing your remote connections is vitally important. ZTNA relies on technologies such as multifactor authentication, analytics, encryption, scoring and file system permissions to limit users to the least amount of access they need to accomplish their tasks. It may sound complicated, but Calyptix’s Gatekeeper feature of AccessEnforcer secures remote access by SSH or Microsoft RDP with two factor authenticated access control (2FA) for every network session before remote users can access systems.

While we continue to watch the geopolitical tensions play out in Ukraine, you can take defensive action today. Find out more about the AccessEnforcer solution purpose-built for small business networks. Contact us today!


Photo by Ivan Serediuk

Written by Calyptix

 - January 28, 2022

About Us

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology. Our customers do not waste time with security products designed for large enterprises. Instead, we make it easy for SMBs to protect and manage networks of up to 350 users.
call us
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram