On a personal note, we are deeply saddened by the humanitarian crisis in the Ukraine and our thoughts are with our colleagues, clients and partners who are impacted.

From a business perspective, we are actively monitoring malicious cyber activity related to the conflict and are working hard to prepare customers globally to elevate their security posture.

Our security teams around the world are on high alert:

For our Managed Security Services customers: Our security staff continuously validates and hardens our configurations, policies, and preventative measures to maintain the integrity of customers’ cyber defenses against evolving threats.
For our Consulting and Advisory Services customers: Our team of security experts are making themselves available to you and will be on-hand to assist in responding to any incidents you may encounter.

As the situation continues to evolve, we want to emphasize that organizations that operate in capacities of high value such as banks, critical infrastructure (water, energy, oil and gas, transportation, etc.), and supply chain should elevate their security posture and take additional precautionary measures due to the nature of this crisis.

VikingCloud stands at the ready to respond and assist any organization across the globe that falls victim to cyber-attacks related to these geopolitical events.

“Shields Up” and Other Government Agency Guidance

We strongly recommend that organizations follow the government agencies’ guidance in their respective localities.

The Cybersecurity and Infrastructure Security Agency (CISA) has recommended that “all organizations—regardless of size—adopt a heightened posture regarding cybersecurity and protecting their most critical assets.” To assist organizations, CISA has issued their “Shields Up” guidance that can be found here.

Other government agencies around the world have issued guidance that organizations should review as well:

UK National Cyber Security Centre: NCSC advises organisations to act following Russia’s attack on Ukraine
The Australian Cyber Security Center: – Australian organisations are encouraged to urgently adopt an enhanced cyber security position. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.

Contributing Risk Factors for Consideration

We want to highlight specific risk factors for this geopolitical situation that differentiate these potential attacks from attacks originating from financially motivated cyber criminals.

Location

The VikingCloud security team has “seen a large uptick in network traffic, originating from Russia”. Organizations should give extra scrutiny to events and traffic originating from Russia, Ukraine, and the surrounding areas. Organizations with vendors or other business relationships based in Ukraine and Russia should carefully monitor and inspect traffic that originates from those geographies, review current policies, and access controls, and ensure the integrity of those controls are maintained.

Resources and Capabilities

Threat actors belonging to or otherwise backed by nation-states may have expanded capabilities and resources that are not typical to usual cyber criminals, which can result in more sophisticated attacks. This level of sophistication, coupled with enough time and financial backing, greatly increases the likelihood that a nation-state can gain access. Having proper monitoring, alerting, and response capabilities in place is crucial to counter this type of threat.

Intentions and Motivations

A big difference between threats faced from nation-state affiliated attackers and typical cyber criminals is their motivations and intentions. Typical cyber criminals are largely financially motivated. That is not always the case with threat actors acting on behalf of nation-states. Their intentions may be to damage systems, cripple operations, or otherwise incite chaos motivated solely by the objectives of the nation-state instead of financial gain. This can make their behavior and likely targets difficult to predict.

Organizations should review their most recent risk assessment and adjust their response plans to address these and other factors specific to this risk profile.

Prevention, Detection, and Response Recommendations

We want to reiterate the elevated levels of scrutiny and vigilance needed for organizations that operate in capacities of high value, such as banks, critical infrastructure (water, energy, oil and gas, transportation, etc.), and supply chain.

CISA has specifically provided guidance and resources to these types of organizations and highly recommends reviewing and following the provided guidance:

Despite the ever-changing geopolitical landscape, the best practices and principles organizations should employ to defend against nation-state backed cyber threats remains the same. Having strong cybersecurity fundamentals in place and a culture of security and compliance at every level of your organization is paramount. VikingCloud has compiled a list of our top recommendations coupled with guidance and best-practice from government cyber agencies and regulatory frameworks:

Raise awareness of elevated threats and educate internal team members on security best practices:
- Require multi-factor authentication.
- Require strong, unique passwords in conjunction with a password manager.
- Turn on automatic software updates.
- Deliver phishing training and conduct simulated phishing exercises. Consider deploying an email security solution.
Conduct a risk assessment to address risk factors specific to the Russia-Ukraine military conflict.
Undergo penetration tests and simulated attack scenarios to identify vulnerabilities.
Test your incident response plans and revise the plans as needed.
Focus on Continuity. Ensure business-critical systems can continue despite a cyber intrusion. Consider redundant connectivity and other backup and resiliency solutions and conduct continuity tests to verify critical systems will continue to function.