GoVanguard is monitoring the ongoing escalating situation in Ukraine. We are committed to providing guidance to the business community about ongoing and upcoming potential cyber threats.
At this time, organizations must be extra vigilant about their cybersecurity posture but should not panic. As the US Cybersecurity and Infrastructure Agency (CISA) noted in their Shields Up statement, while “there are not currently any specific credible threats to the US homeland,” there is the “potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.”
Furthermore, CISA published Alert AA22-011A: "Understanding and Mitigating Russian State-Sponsored Cyber Threats to US Critical Infrastructure," listing many vulnerabilities targeted and exploited by Russian threat actors.
As the situation evolves into a greater geopolitical crisis, it's probable that US utility infrastructure, healthcare infrastructure, and public cloud infrastructure will be targeted.
With these consideration in mind, GoVanguard recommends:
- Ensure incident response plans are up to date, including the IR escalation chain. Also ensure that malicious actor detection systems are functional and configured to notify the appropriate IR channels/contacts.
- Ensure business continuity and disaster recovery plans are up to date. Special consideration should be made for any important SaaS/PaaS vendors that could be affected by DDOS attacks against public cloud infrastructure.
- Ensure backup infrastructure is functioning correctly and well-secured. Also ensure that restoration procedures are up to date.
- Ensure that external attack surface detection systems and vulnerability scanning solutions are functional and up to date. External systems with a larger attack surface should receive extra attention.
- A brief business impact analysis should likely be conducted regarding the residual impacts to supply chains such as fuel, manufacturing materials, and IT components.
- Organization stakeholders, staff, partners, and vendors should be aware of the likely noteworthy increase in attempted social engineering attacks over the coming weeks/months.
- Stay up to date on the latest CISA alerts on a daily basis.
Additional resources are located at:
- CISA Shields Up Report
- CISA Known Exploited Vulnerabilities (KEV) Catalog
- CISA Alert: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
We will stay abreast of the latest cybersecurity developments around the Russia-Ukraine conflict and will disseminate further recommendations.