Russian Cyberthreats

This week the threat from Russia to the Ukraine has turned to reality. The attack was preceded by cyber threats probably long before the physical threat was known. It most likely began with the same events we deal with each day: phishing attempts, advanced persistent threats (ATPs), and compromised accounts. Apparently, after gaining that foothold the hackers have started to put their reconnaissance to work as I’m reading Ukraine computers have been reported as infected with malware poised to wipe their data.

We have seen all the warnings from threat sources and regulators come through recently. So, now that we know it’s here, what should we do? Hopefully, we all realize that preparing for cyber threats cannot be done when the threat intelligence hits. Stacked up vulnerabilities, delayed investments, and projects cannot be implemented overnight or even in weeks or months. Cybersecurity programs are too to turn on a dime in any significant way; kind of like realizing you’re heading toward the iceberg in the Titanic…it’s too big of a ship to turn. We have to be proactive to be successful.

We know the financial sector is the most targeted sector. Also, unfortunately, our old habits still haunt us. Sometimes gaining access to an unprivileged account can be as easy as buying stolen credentials on the dark web. So, what do we do, even if we are just starting today?

1. Recognize security risk is business risk. It’s becoming more prevalent that if computers are down, employees are not sure what to do. What aspects of banking no longer require a computer? It’s difficult to imagine banking without information technology. So, it follows when technology is down, your business is down.
   
   
2. Have your Business Continuity Plan ready. Make sure the plan addresses how we can still service our customers until systems while systems are down. This may involve having paper forms, procedures, and backup personnel ready.
   
   
3. Prepare for further supply chain disruptions. I never realized this, but the microchip industry is reliant on Ukrainian sourced neon per Crowdstrike CTO, Dmitri Alperovitch. So those already very slow supply chains for computers likely will be taking another hit. Other impacted sectors could be agricultural, medical, and automobile.
   
   
4. Keep communication lines open. Check-in with peer institutions, closely watch those threat intelligence feeds, and check-in with your connections with the FBI field office, CISA, and other law enforcement contacts. If you don’t have them, be sure you make some.
   
   
5. Awake the security mindset in your employees. While this is nothing new, this is the front line to prevent, detect and report events and incidents. If you have this already, it may be a good time to send out reminders to be on the lookout for strange activity.

Sources:

https://hbr.org/2022/02/the-cybersecurity-risks-of-an-escalating-russia-ukraine-conflict

https://www.scmagazine.com/analysis/apt/as-russian-cybercriminals-become-emboldened-us-banks-prepare-for-potential-attack

https://www.reuters.com/world/europe/ukrainian-government-foreign-ministry-parliament-websites-down-2022-02-23/