"War, huh, yeah What is it good for? Absolutely nothing, uh-huh, uh-huh"
-War by Edwin Starr
The world is all looking in horror at the events unfolding in Ukraine. Our thoughts and prayers are with the people of Ukraine under siege. However, there some very real threats to all of us here at home
I have spent a lot of time in the last few weeks listening to the smartest security minds in industry and our government talk about this conflict and its known and potential impact on the US.
The bottom line is that while the shooting war is halfway around the world, the cyber war could already be here or coming to the US very soon.
CISA has been warning and pleading with all organizations in the US to prepare for potentially devastating cyber-attacks on the US depending on how this war unfolds. There have been some very big names that have had some significant, unexplained outages of late. Where they an isolated ransomware attack? An attack from a foreign government or government proxy? No one is saying.
One thing is clear though. This is a cyber war and hacker community is taking sides. Some hackers are aligning with Russia and hacking the West. Other hackers are aligning with Ukraine and hacking Russia. Vendor have chosen sides. Microsoft has stepped in and is actively protecting Ukraine from Russia sponsored attacks. Google is blocking their maps from showing Ukraine. Elon Mush is provisioning Ukraine with ground based StarLink receivers for StarLink internet from space.
Reports are that the Russian version of YELP was hacked so restaurant queries produced non-approved Ukrainian slanted news reports. Last night I got a tweet that the hacker "Anonymous" had locked Russia out of its spy satellite control.
What is true and what isn't is hard to tell right now.
However, this is definitely a guerilla cyber war with non-governmental entities joining the fight and inflicting damage on whatever side of the conflict they oppose.
The only thing we can do is be vigilant and work the list of the security items we know we have to fix and fortify our defenses to make someone else a more appealing target than us.
Gaps in protection, gaps in protection, gaps in visibility matter more than they ever have.
See something say something.
I write and speak about this every week.
While you need to do all those things I talk about, today you need to just make sure what you have is as good as it can be.
In listening to a number of high-level presentations here are a few things to pass onto your users:
- While this is about Russian and Ukraine, all those other folks that want to do you harm are increasing their own attack attempts. Expect more phishing attempts from around the world. All your users have to be very discerning in what links they click on and what files they download.
- Everyone's email will be flooded with more and more fake emails from fake news sites with salacious headlines and dangerous links to malware. Your users must be disciplined to not click on these unsolicited emails. If they want news, go to wherever their trusted news sources are and get the news.
- While we can do things like geo-blocking places like Russia, China, Iran and North Korea, the reality is that an attack is more likely to originate from an Optimum cable modem in Yonkers than Belarus. Infected routers and home computers across the world are part of a huge botnet army that the bad guys can leverage to hide who is actually attacking and where they are attacking from.
- All your users should be patching their personal machines and have current anti-virus products installed.
- Also, the forgotten item is making sure people's home routers are current to the manufacture's standards. It hasn't been talked about a lot, but a number of "home router" vendors have had "major" security issues with their products requiring firmware updates. I just had this discussion internally with our own non-technical staff and I got a lot of blank stares. If your users don't know how to check their routers, somehow, they need to figure that out with the cable company or whomever installed it for them.
It is all very confusing right now. However, is that this cyber war is already reaching beyond just the territorial borders of the Russia and Ukraine. One miscalculation by the cyber attackers, or a misperception by those being attacked and these same weapons can by turned against all of us. There are parts of the US physical infrastructure and the fabric of the internet that are extremely fragile and not well defended.
Be safe. Be vigilant.
If you need help, give us a call.