Preparing for increasing cyber attacks during the Ukraine crisis
With the recent escalation of events in Ukraine and the resulting sanctions imposed by various Western governments, there is a dramatically increased risk of cyber attacks on organizations in the United States, Europe and elsewhere.
State-sponsored threat actors and other cybercriminals will actively target the U.S. and other companies focused on critical infrastructure to disrupt their operations, steal or destroy data, and damage infrastructure.
Organizations must develop increased awareness and more security in this crisis
In January 2022, the US Agency for Cybersecurity and Infrastructure Security (CISA) published Alert (AA22-011A): Understanding and Mitigating Russian State-Sponsored Cyber Threats to US Critical Infrastructure CISA also began urging US organizations to prepare for malware attacks to delete data.
At that time, according to Bleeping Computer, the Ukrainian cyber police said that they are investigating the use of Log4j vulnerabilities and stolen credentials as another way of accessing the networks and servers .
On February 18, CISA announced that the New Zealand National Cyber Security Centre (NCSC-NZ) has published a General Security Advisory (GSA) to prepare for cyber threats related to tensions between Russia and Ukraine.
CISA: Time to shield yourself
It is crucial that you take preventive measures in anticipation of an increase in cyberattacks targeting your business or organization. CISA has released “Shields Up,” a helpful guide for organizations of all sizes and their leaders. Some of the steps described by CISA include:
- Reduce the likelihood of a malicious cyber attack.
- Take measures to quickly detect a potential break-in.
- Make sure that your company is prepared to react in the event of an attack.
- Maximize your organization’s resilience to a destructive cyber incident.
Other important steps can make a big difference in deterring and/or detecting attacks, such as setting robust policies for incoming traffic at your network perimeter (for example, preemptively blocking connections or logins from Russia or other risky countries) and otherwise taking an extremely cautious approach to all incoming traffic, even if it means losing some performance in favor of security.
SonicWall strongly recommends that organizations stay in direct contact with their internal and external cybersecurity experts and resources to ensure that they are as prepared as possible for the inevitable increase in cyber attacks.
SonicWall also emphasizes the importance of multi-layered defenses such as IPS, email security, two-factor authentication, and real-time sandboxing such as Capture ATP with RTDMI. With a comprehensive defense strategy, your organization is better prepared to recognize the impact of a zero-day attack or other targeted threats.
SonicWall-Protection against remarkable cyber attacks
Zero-day attacks are increasingly becoming a common threat. While attackers could exploit previously unknown vulnerabilities, defenders with SonicWall protection have the advantage of being able to detect, contain and fix anomalous activities in real time.
SonicWall actively protects companies from cyber attacks that are known or feared to be used during the Ukraine-Russia conflict.
SonicWall helps companies to proactively defend against new threats such as HermeticWiper. For example, SonicWall Capture ATP has detected HeremticWiper with RTDMI, as documented in our SonicAlert “HermeticWiper Data-Wiping Malware Targeting Ukrainian Organizations “.
HeremticWiper-Malware Signature Protection
- GAV: HermeticWiper.A (Trojan)
- GAV: HermeticWiper.A_1 (Trojan)
Ransomware for accounts
The Conti ransomware gang has publicly announced that it would attack any organization that launches a cyber attack on Russian infrastructure. Therefore, it is important that organizations are protected from Conti ransomware. Both SonicWall Capture ATP with RTDMI and an active SonicWall firewall with current signatures are protected against Conti ransomware.
Conti Ransomware-Signature Protection
- GAV: Conti.RSM (Trojan)
- GAV: Conti.RSM_2 (Trojan)
- GAV: Conti.RSM_3 (Trojan)
- GAV: Conti.RSM_4 (Trojan)