DHS Warns of Russia Cyber Threats

DHS Warns of Russia Cyber Threats: 7 Tips to Protect Your Organization Against a Cyberattack

Over the past few years, tensions have been rising between Russia and the United States, not in conventional military terms but cyberspace. Amid fears of a Russian invasion of Ukraine, concerns are spiking about how such a conflict would play out in cyberspace. The Department of Homeland Security issued a warning that Russia could launch a cyberattack against US targets on American soil if it believes Washington’s response to its potential invasion of Ukraine threatens its long-term national security.

The DHS alert came in the wake of a string of destructive cyberattacks against Ukrainian government websites which bore similarities to previous Russian government-backed operations. Russian military intelligence assets have launched devastating cyberattacks against Ukraine’s power grid for years, succeeding in shutting down elements of it and knocking out power to millions of people.

Russian Cyberattacks Against the US

Russian cyberattacks against the US could range from relatively harmless strikes that aim to overwhelm websites to far more serious ones that aim to undermine economic stability by targeting US organizations and attacks on critical infrastructure such as airports and energy facilities.

Russia has a history of sponsoring cyberattacks against the US. For example, in 2021 alone, Russian criminals carried out several high-profile cyberattacks, including the JBS attack, which forced the meat supplier to pay $11 million in ransom, and the Colonial Pipeline ransomware attack, which caused fuel shortages on the East Coast.

In fact, the SolarWinds attack in December 2020, which was the worst-ever cyber-espionage attack on the US government, was carried out by Russian state-sponsored criminals. These criminals had access to key systems in more than 30,000 public and private organizations, including 10 federal agencies like DHS and the Pentagon, for over 90 days.

Why Would Russia Target the US Before Possibly Invading Ukraine?

Cyber capabilities are a means for states to compete for political, economic, and military advantage without the violence and irreversible damage likely to escalate to open conflict. However, these virtual battles have a real-world impact on our countries’ infrastructure, financial, and communications systems. The best way to cripple an opposing force’s capability is to cause widespread chaos across as many systems as possible via a cyberattack.

Unlike previous Russian-sponsored cyberattacks, which were conducted to make money or steal data, a Russian state-supported attack in response to the Ukraine situation would be done for a completely different purpose: to disrupt and cripple businesses and government agencies in the US These cyberattacks would distract the country from helping Ukraine in the short run, and in the long run to dissuade the US from taking any steps to actively support Ukraine under the threat of additional attacks. Russia thinks that enough disruption would create a public backlash against supporting Ukraine.

Could Cyberattacks on the US Backfire?

If Russia were to launch a blatant cyberattack against US targets, Washington would likely retaliate with defense or even offensive cyberweapons of its own. While it’s likely that Russia will continue to sponsor cyberattacks against the US in the future, the likelihood of an all-out attack in response to the Ukraine situation is unlikely.

The Russian government is likely to think twice before unleashing highly disruptive attacks against the US because the US government could interpret such attacks, particularly those targeting critical infrastructure, as acts of war, justifying counterattacks in the eyes of the world.

What Can US Organizations Do to Protect Themselves?

1.   Regular Patching

This is a very basic step but something many organizations struggle to implement. Outdated programs are often overlooked in vulnerability scans, meaning they could be easier for hackers to break into.

Make sure you’re always using up-to-date versions of everything on your network. This includes things like security cameras, firewalls, routers, operating systems, firmware, smart devices, and more. Keeping all of these tools up to date ensures that when vulnerabilities are discovered, fixes can be rolled out quickly before attackers can exploit them.

2.   Perform Vulnerability Testing 

Vulnerability testing is an ongoing, constant process. To ensure you have complete, in-depth coverage of your business’s entire network, you should perform regular vulnerability tests. These are similar to penetration tests in that they check for holes in your system — but they’re much simpler because they usually focus on one or two specific areas of interest instead of trying to scan everything at once.

They also run much faster than full penetration exercises, so it’s possible to run several scans concurrently. This ensures you don’t miss any potentially dangerous spots over time. Simply running automated scans isn’t enough, though – performing real-time security monitoring with sophisticated software will help you prevent attacks from gaining a foothold and allow your business to stay safe.

3.   Control Access to Your Systems

Access controls are the first line of defense against attackers and a good place to start reducing your attack surface. Without control on what a user can access, the user has access to every part of a network – even off-limits parts. Authorized users should have access only to those systems they need. This helps reduce potential exposure if one system is compromised by malware or infected with ransomware.

Properly implemented multi-factor authentication (MFA) can significantly strengthen an organization’s security posture by requiring more than just a password for access. An identity and access management system that logs the identities of each user, tracks their employment status, and uses MFA to verify access attempts, can solve many of the issues organizations face regarding unknown user identities and access permissions and dramatically reduces the chances of a cyberattack.

4.   Backup Your Critical Data

If you have exceptional offline backups and can protect them from becoming encrypted when ransomware hits your organization, you can quickly recover your data and bounce back to business in no time. You don’t have to pay when the hacker demands a ransom, and that’s half the battle won right there!

However, you need to ensure your backups are redundant by keeping both online and offline copies. Use the 3-2-1 Rule, which stipulates that the organization should always have 3 copies of its data, store those copies in two different media types and keep one backup copy offsite. You should also ensure that your critical data is backed up frequently – if you suffer a cyberattack and your last backup is six months old, your business will have a hard time recovering. Be sure to test your backups periodically to confirm the proper retention of data and the capacity of the people concerned to actually implement recovery following a data loss.

5.   Implement Advanced Endpoint Detection and Response (EDR) Solutions 

Advanced EDR solutions use proactive techniques, such as machine learning and behavioral analysis to identify potentially new or complex threats. EDR solutions can quickly identify an attack, its scope across your network, and isolate and quarantine infected systems to stop the attack. These advanced techniques make it much more difficult for an attacker to establish a solid footing on your network.

Deploy EDR widely across endpoints on your network, especially on privileged user systems and infrastructure servers. Whichever advanced EDR solution you choose, strongly consider deployment of this capability across all endpoints such as end-user systems, servers, and IoT. Work with your chosen vendor to verify that your EDR solution is configured to utilize its capabilities fully.

Consider implementing an advanced security monitoring team that can respond to EDR alerts to investigate suspicious traffic and carry out proactive threat hunting for faster detection and remediation of threats. This team will help protect your organization’s assets like data, business systems, operational technology, and brand.

6.   Cybersecurity Awareness Training

Many security breaches stem from human error. According to Verizon 2021 Data Breach Investigations Report, 85% of breaches involved a human element, while 61% involved credentials. Threats to your business can come in several forms, such as phishing emails and social engineering. That’s why it’s important to provide regular cybersecurity awareness training for your employees.

These programs are designed to help users and employees understand the role they play in helping to combat information security breaches. Effective cybersecurity awareness training helps employees understand proper cyber hygiene, the security risks associated with their actions, and to identify cyberattacks they may encounter. The training needs to be frequent and reflects emerging security threats your organization faces. Some topics to cover in your training include phishing awareness, password security, email security, cyber incident handling and reporting, web security, and compliance.

You also need to ensure that the cybersecurity training includes the executive branch. Cybercriminals target executives since they are privileged users with access to sensitive data and have the authority to make financial decisions. Extending security awareness training to corporate executives helps build a cybersecurity culture and increase cyber resilience. Because the company’s leaders set the tone for the entire organization, training top executives may not only help them gain a better understanding of cybersecurity but also help to seed a “security-first” mindset throughout the organization. This helps ensure that every employee executes their day-to-day activities in ways that keep the organization as secure as possible.

7.   Develop an Incident Response Plan

Regardless of the maturity of your organization in terms of its security strategy and program, you can never 100% prevent a cyberattack. The worst time to prepare for a breach is after one has occurred. Having a robust incident response plan in place gives your organization the ability to manage the crisis, contain the threat, and recover and resume normal operations. The incident response (IR)plan clearly outlines the procedures to be followed and by whom when a breach or security crisis occurs in an organization.

A robust response plan should empower teams to leap into action and mitigate the damage as quickly as possible. Your incident response plan must be rehearsed regularly for various possible scenarios with all stakeholders (internal and external) across different roles. When an emergency occurs, you don’t want to waste time figuring out incident response processes and procedures while precious minutes are ticking away.

Secure Your Organization with Palindrome Consulting Today!

At Palindrome Consulting, we understand that safeguarding against cyberattacks involves understanding your business’s primary risks and addressing them through layered defenses encompassing people, processes, and technology. Our comprehensive end-to-end cybersecurity services include proprietary security assessment, penetration testing, security plan development, data breach and incident response, security awareness training, and managed security services. Contact us today to schedule an appointment with our cybersecurity experts and let us secure your business.

Thanks to our colleagues at Velocity IT in Dallas for their help with this article.