Why the conflict in Ukraine means more Russian cyberattacks for global enterprises

Russia’s attacks on Ukraine have created a wide outcry from nations and companies across the globe. The conflict has the potential to lead to further military and economic action. There is a growing belief that companies should expect more aggressive malware, ransomware, and other cyberattacks from Russian operatives as a response to sanctions against the country. 

The U.S. Government thinks so too. In late March, President Biden issued a warning to the private sector. His most urgent warning: “If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately.” Additionally, the US CISA, FBI, and NSA published a joint Cybersecurity Advisory (together with the UK and Australian cybersecurity agencies) on ransomware trends, techniques, and mitigations adding to the urgency that companies strengthen their security posture against ransomware.

The belief that Russia may sponsor cyberattacks (whether openly or secretly) on oppositional countries is founded in recent history. The US has been charging Russian officials and sponsored parties for a variety of cyber-attacks over the last decade. In March 2022, the Justice Department announced criminal charges against Russian government offices for cyberattacks on energy companies that took place between 2012 and 2017. 

And prior to extensive military action, Russian cybercriminals have been attacking Ukraine digitally. In December of 2015, hackers believed to be Russian took down a portion of Ukraine’s power grid, which caused concern of a larger—and more sustained—cyberattack on critical infrastructure. Two years later, Russian actors acted again, “shutting down government offices, banks, ports, and the postal service” with the NotPetya attack. And since the beginning of the conflict, Ukraine has been experiencing cyberattacks. In fact, since February 15th, Ukraine has experienced more than three thousand DDoS attacks, including two hundred and seventy-five in a single day. 

There is another reason for US companies to be on alert. The 2021 Microsoft Digital Defense Report found that US companies are the most targeted for nation-state attacks with 46% of all nation-state attacks that year. The next most attacked nation was Ukraine, with 19% of attacks. On the other side, Microsoft reported that 58% of attacks originated in Russia. Given all of this, the likelihood of increased attacks on the U.S. seems highly likely.

What should companies do? A recently published joint Cybersecurity Advisory report (from the US CISA, FBI, and NSA with the UK and Australian cybersecurity agencies) on ransomware trends, techniques, and mitigations details recommendations for securing against an attack. Many of the suggestions to protect organizations against ransomware hold true for malware, phishing, and other cyberattack vectors. 

Additionally, companies need to review their security stack to see where gaps may exist. While most companies have a layered security approach, they still struggle to easily visualize network traffic and quickly identify abnormal behavior before a network threat can cause damage. A network detection and response (NDR) solution that taps into network flow data gives security teams intelligent threat detection through pervasive network visibility. An NDR solution gives security teams quick visibility of network activity and alerts teams of abnormal behavior through sophisticated ML engines. When you layer in an NDR solution with your FW, SIEM, and other security and workflow tools, your organization is better protected against sophisticated cyber threats of all kinds. 

The Plixer NDR platform offers security teams an easy-to-deploy enterprise network security solution. Learn more about our NDR platform or book a demo with one of our experts today.