As the West tightens its sanctions and supplies further assistance to Ukraine, we may anticipate Russian state-sponsored assaults to increase.
The conflict in Ukraine is drawing attention from around the world. Russia has launched cyberattacks against Ukraine first, as predicted, and much of the West is concerned that Russia will retaliate against countries that support Ukraine later. Most experts believe that some assaults are already underway, and further attacks on Western organizations are certain to increase as the war continues and more sanctions are
The first wave of businesses targeted by the Russian state, as well as threat actors it supports, will be those that cease operations in Russia or take direct action to assist Ukraine. Information warfare and subversion against these firms are likely. When defending against Russian cyberwarfare, examining the sectors, styles, and goals of their assaults may help organizations prepare.
Industries Targeted by Russian Cyberattacks
While we anticipate that businesses openly assisting Ukrainians will be targeted by Russian cyber assaults, it’s worth noting that industries have been targeted in the previous year. You’ll notice that governments, infrastructure, and technology services have consistently been among the most-targeted sectors.
Cyber attacks can be divided into five categories: state-sponsored, private-sector sponsored, criminal/insurgent sponsored, criminal/insurgent
- Ransomware – since 2021, the most popular cyber threat to target private businesses has been ransomware.
- Email Phishing – the most popular approach to access sensitive information and networks is by hacking.
- Credential Stuffing – one of the most popular approaches, which is frequently used by C-Suite executives and gamers to obtain access to their accounts in order to acquire privileged
These attacks are not new, but they are growing more worrisome.
Objectives of High Profile Cyber Attacks By Russian Cyber Actors
Over the last year, the Russian government and cybercriminals affiliated with it have targeted commercial enterprises in several assaults. Common but effective methods—including spear phishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—have long been used by these APT actors to gain early access to target networks.
We believe there are three major goals for which Russian cyber actors, both criminal, and government, will target those networks:
- Influence
- Retribution
- Gain
The following is a three-step best practice approach to defending organizations, locations, and people from becoming successful targets that may be vulnerable to attack:
Step 1: Influence
To identify and combat influence campaigns while also ensuring sensitive IP is not leaked or compromised, utilize open-source monitoring.
Conduct robust open-source and dark web monitoring, which may or may not include actor engagement, to determine the following:
- Is your company’s reputation being damaged by false claims or disinformation?
- Has your intellectual property been stolen and offered for sale on the dark web or in private forums?
Step 2: Retribution
To prevent and detect cybercrime, ransomware, and other aggressive network exploitation, keep an eye on the external attack surface.
Understand how adversary-operated malware is spread via these channels.
Step 3: Gain
Keep a record of everything from the beginning. From time to time, I’ll be able to share some important tips and tactics on how we can further streamline our procedures in order to make them more aggressive, successful, and efficient.
Maintain a strong online presence for all executives and reduce their public exposure and exposure. Impose alerts when inauthentic social media accounts are established for executives and employees.