How the Ukraine Conflict Influences Cyberattacks: An Analysis

Table of Contents

Introduction

Attached is a Security Advisory regarding current findings on the threat situation for cyber attacks in relation to the Ukraine conflict

General Information

  • In a publication dated March 23.3.2022, XNUMX, the Office for the Protection of the Constitution points out the danger situation, sees a high risk of cyber attacks and lists a wide variety of scenarios and developments.
  • Statements at the highest political level, such as from US President Joe Biden, warn of possible large-scale cyber attacks by Russia or other actors. Such clear statements indicate that there are tangible secret service findings that move these levels to the statements. So the danger should be taken very seriously.
  • In the context of propaganda and hacktivism, the boundaries and sympathies of the actors quickly become blurred. There are already numerous examples where both pro-Ukrainian and pro-Russian actors have taken action to attack organizations and companies simply because they belong to a specific geographic region, or are otherwise associated with either side of the conflict (this can also easily happen by mistake). The danger of being affected by attacks as an actually uninvolved company is therefore very real.
  • Propaganda and opinion manipulation is a very relevant tool in the conflict. For example, the Russian embassy in Germany has set up a mailbox for reporting attacks on "compatriots" and makes reported cases public. This has already led to the spread of misinformation on several occasions.
  • The #bloodytrade campaign, for example, also shows that companies can quickly become the focus of the debate regarding support for Russia. Due to the rapidly evolving situation and many unpredictable actors, this poses a very real threat of being the target of attacks.
  • Since Germany, the EU and other allies are supporting Ukraine in the conflict, the risk of German organizations and companies becoming targets for cyber attacks is high. This danger is especially true for companies in KRITIS sectors.

recommended action

  1. In its security notice of March 23.3.2022, XNUMX, the Federal Office for the Protection of the Constitution gives general recommendations for action: https://www.verfassungsschutz.de
    1. Reducing the attack surface by restricting external access
    2. Creation of data backups
    3. Closing already known vulnerabilities
    4. Configuration of endpoint protection systems and intrusion prevention systems so that they stop detected threats directly and not just log them
    5. Remove user and service accounts that are no longer needed
    6. Use of multifactor authentication
    7. Awareness of the dangers of phishing emails
    8. Educate and inform all employees about the current threat situation
    9. Establishment of reporting processes and anomalies and security incidents to be able to report quickly and easily
  2. In addition, we recommend that all companies evaluate to what extent their own company profile, business area, locations, cooperations and subsidiaries in Ukraine and/or Russia could lead to the company becoming the target of cyber attacks.
  3. In addition, we recommend that all companies and organizations reassess which measures to improve information security can be implemented or started in the short term. However, this should be done with caution. Working to improve information security should not result in compromising responsiveness.
Is there a security incident?
As a partner or customer company in certain critical sectors (e.g. KRITIS), ProSec has the option of sharing classified IOCs and other information that is subject to confidentiality.

If you have any questions, please contact us.
We are not permitted to publish this information
Contact us