Cyber Security Bulletin: Increased Attack Activity

While the Russia-Ukraine tensions may seem far away, there is a very real threat of increased Cyber Attacks against European countries, as well as Canada and the US; any country that has retaliated against Russia’s invasion of Ukraine. It is highly unlikely Putin will be able to harm Canada or the US with military force, therefore his likely best option is through Cyber attacks. It is suspected that Russia has already attacked Ukrainian businesses with Malware, some with Ransomware and some that attacks systems and wipes them clean of data without any Ransom request – simply to disrupt/cripple the operations of these companies.

Over the past several months, SRG has observed an increase in attack activity. Ransomware and Denial of Service attacks are leading the way. Our professionals are monitoring our clients’ systems and blocking (or alerting our clients) to suspicious activities. Additionally, we are monitoring both the Deep and Dark web, as well as non-valid traffic from thousands of Dark Web Tor Exit Nodes. With this, we are also actively updating Indicators of Compromise (IOCs) in our security monitoring platforms to advise on new and emerging threats associated with the Russia/Ukraine conflict.

At the moment it is difficult to discern where the increased Attack activity is originating from, however we need to focus on the risk of Russian led Cyber attacks against our country and businesses. We recommend companies stay very vigilant and ensure they have taken reasonable steps to mitigate the risk of an attack being successful on their organizations.

The following are recommended Cyber Security processes:

• Ensure you have a layered Cyber Security Regime – multiple layers of defense
• Change passwords and do so frequently (use multi-factor authentication where possible)
• Ensure Patching is up-to-date and is done immediately following Patch releases
• Ensure Monitoring systems are Tuned to identify traffic from Russia (and their allied counties) as High Risk
• Where possible, block any traffic from Russia, Belarus and other Russian allies
• Staff training – most successful attacks are a result of a staff member inadvertently clicking on an attachment of an email from an unknown source. Phishing training must be part of the Cyber Security regime
• Segmentation/Classification of Assets – ensure higher layers of Cyber Security surrounding your most critical information/systems

Please reach out to your SRG Contact for more information on how to protect yourself and your business. Alternatively, you can contact SRG at admin@securityresourcegroup.com.