The news about Russia’s amassing troops on the border of Ukraine may hit closer to home than you think. Recent attacks in Ukraine highlight the danger of incursions on cyber boundaries as the US government warns all US organizations, from small businesses to enterprises and municipal governments, of a possible Russian retaliatory response to US involvement overseas. This developing situation makes a strong case for Geo Fence policies to protect systems from attacks from these hot spots.
Consider recent cyber news from the region this month:
The arrests are good news, of course. But the threats remain.
Recently, Microsoft reported “destructive malware in systems belonging to several Ukrainian government agencies and organizations that work closely with the Ukrainian government.” An Ukrainian security official attributed the attack to a Belarus intelligence outfit. About 70 Ukrainian government websites were hacked with messages in Ukrainian, Russian, and Polish people to be afraid and expect the worst.
While fear of active warfare rises along the border, there is also concern about cyberattacks. The Center for Strategic and International Studies predicts once there is “a justification for war…cyberattacks will likely follow to degrade Ukraine’s military command and control systems and public communications and electrical grids.”
NPR’s cybersecurity correspondent noted, “There's a lot of vulnerable, pirated software out there on Ukrainian systems.” Worse still, those “cyberattacks could actually spill out and cause damage outside of Ukraine.”
Neighboring Poland, for one, has raised its cybersecurity terror threat level “due to the possibility of a possible security breach of electronic communications.”
The U.S. government, meanwhile, also proactively warned businesses to be wary of digital traffic from the Ukraine and attacks from Russia.
It is not unheard of for an attack on one country to have global ramifications. History’s “most costly cyberattack,” NotPetya in 2017, infected not only Ukrainian devices but companies around the world. Spreading on its own, the malware cost over a billion dollars globally.
The Cybersecurity and Infrastructure Security Agency (CISA) on January 11, 2022, posted Alert AA22-011A, “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.”
CISA, the FBI and NSA strongly urged companies to reduce “the risk of compromise or severe business degradation” by:
CNN reported on January 24, 2022, that it had obtained an intelligence bulletin from the Department of Homeland Security voicing concern that Russia might conduct cyberattacks as a response to US involvement in Ukraine with NATO. The memo stated, "Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure.”
At the time of this article’s writing, it was unclear how the tensions in the region would play out. Precautions are necessary. To enhance your cyber posture, the small business can take action to protect against the threats coming from the region.
First, strengthen your network security by setting up Geo Fence policies. This defensive measure ensures you deny all IP traffic, except from approved countries and whitelisted IP addresses. With geo fencing, you can eliminate attack vectors malicious cyber actors use to target your network by as much as 80%.
Blocking traffic from selected countries can stop brute force and DOS attacks and prevent persistent reconnaissance and probes.
Calyptix’s Geo Fence feature, part of our AccessEnforcer solution, provides a highly intuitive, interactive heat map for optimizing configuration. Detailed alerts also enable better monitoring, troubleshooting, and tightening of the configuration.
Implementing shared threat intelligence can also help your business block traffic from malicious and suspicious infrastructure. Calyptix’s Community Shield™ further defends users from hostile network traffic and attacks. Leveraging data from Calyptix’s fleet of AccessEnforcers and External Threat Feeds, we create a curated list to defend customers from a range of threats that often leverage US-based infrastructure.
Third, patching your software is one of the top things you can do to protect your network. As we’ve seen with Zero-Day exploits, like the recent Log4j vulnerability, it’s important to implement a vigorous vulnerability and patch management process to eliminate software defects.
The CISA report specifically identified 13 software defects (aka vulnerabilities) targeted by Russian state-sponsored advanced persistent threat (APT) actors. These products should be investigated, patched immediately and aligned with a routine vulnerability and maintenance process. Common software defects that threaten small businesses include:
Calyptix’s AccessEnforcer users benefit from automatic software patches as every unit is kept up to date with the latest security rules.
Fourth, implement Zero Trust Network Access (ZTNA). Remote Desktop Protocol (RDP) continues to be the top target at small businesses. Securing your remote connections is vitally important. ZTNA relies on technologies such as multifactor authentication, analytics, encryption, scoring and file system permissions to limit users to the least amount of access they need to accomplish their tasks. It may sound complicated, but Calyptix’s Gatekeeper feature of AccessEnforcer secures remote access by SSH or Microsoft RDP with two factor authenticated access control (2FA) for every network session before remote users can access systems.
While we continue to watch the geopolitical tensions play out in Ukraine, you can take defensive action today. Find out more about the AccessEnforcer solution purpose-built for small business networks. Contact us today!
Photo by Ivan Serediuk