How the Ukraine Conflict Influences Cyberattacks: An Analysis
Table of Contents
Introduction
Attached is a Security Advisory regarding current findings on the threat situation for cyber attacks in relation to the Ukraine conflict
General Information
In a publication dated March 23.3.2022, XNUMX, the Office for the Protection of the Constitution points out the danger situation, sees a high risk of cyber attacks and lists a wide variety of scenarios and developments.
Statements at the highest political level, such as from US President Joe Biden, warn of possible large-scale cyber attacks by Russia or other actors. Such clear statements indicate that there are tangible secret service findings that move these levels to the statements. So the danger should be taken very seriously.
In the context of propaganda and hacktivism, the boundaries and sympathies of the actors quickly become blurred. There are already numerous examples where both pro-Ukrainian and pro-Russian actors have taken action to attack organizations and companies simply because they belong to a specific geographic region, or are otherwise associated with either side of the conflict (this can also easily happen by mistake). The danger of being affected by attacks as an actually uninvolved company is therefore very real.
Propaganda and opinion manipulation is a very relevant tool in the conflict. For example, the Russian embassy in Germany has set up a mailbox for reporting attacks on "compatriots" and makes reported cases public. This has already led to the spread of misinformation on several occasions.
The #bloodytrade campaign, for example, also shows that companies can quickly become the focus of the debate regarding support for Russia. Due to the rapidly evolving situation and many unpredictable actors, this poses a very real threat of being the target of attacks.
Since Germany, the EU and other allies are supporting Ukraine in the conflict, the risk of German organizations and companies becoming targets for cyber attacks is high. This danger is especially true for companies in KRITIS sectors.
recommended action
In its security notice of March 23.3.2022, XNUMX, the Federal Office for the Protection of the Constitution gives general recommendations for action: https://www.verfassungsschutz.de
Reducing the attack surface by restricting external access
Creation of data backups
Closing already known vulnerabilities
Configuration of endpoint protection systems and intrusion prevention systems so that they stop detected threats directly and not just log them
Remove user and service accounts that are no longer needed
Use of multifactor authentication
Awareness of the dangers of phishing emails
Educate and inform all employees about the current threat situation
Establishment of reporting processes and anomalies and security incidents to be able to report quickly and easily
In addition, we recommend that all companies evaluate to what extent their own company profile, business area, locations, cooperations and subsidiaries in Ukraine and/or Russia could lead to the company becoming the target of cyber attacks.
In addition, we recommend that all companies and organizations reassess which measures to improve information security can be implemented or started in the short term. However, this should be done with caution. Working to improve information security should not result in compromising responsiveness.
Is there a security incident?
As a partner or customer company in certain critical sectors (e.g. KRITIS), ProSec has the option of sharing classified IOCs and other information that is subject to confidentiality.
If you have any questions, please contact us. We are not permitted to publish this information
We use cookies, and Google reCAPTCHA, which loads Google Fonts and communicates with Google servers. By continuing to use our website, you agree to the use of cookies and our privacy policy.
Functional cookies
always active
The technical storage or access is absolutely necessary for the legitimate purpose of enabling the use of a certain service that is expressly requested by the subscriber or user, or for the sole purpose of transmitting a message via an electronic communication network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing Preferences that are not requested by the Subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.Technical storage or access that is used exclusively for anonymous statistical purposes. Without a request, the voluntary consent of your Internet service provider or additional records from third parties, the information stored or retrieved for this purpose cannot generally be used to identify you.
Marketing
The technical storage or access is required to create user profiles, to send advertising or to track the user on a website or across several websites for similar marketing purposes.