Obrela’s Resilience Operations Centers, since Thursday the 24th of Feb, are closely monitoring any cybersecurity activity in eastern Europe associated with the military conflict between Russia and Ukraine.
The following organizations should raise their INFOCON levels and be prepared for cyber-attacks because of this conflict:
- The banking sector
- Supply chain sector
- And especially organizations related to critical infrastructure like energy, oil, gas etc.
Our threat intelligence teams continue to enhance Obrela’s technology with new threat intel information as soon as it becomes available. We are conducting threat hunting activities to proactively detect and respond to emerging threats.
Our Resilience Operations Centers are prepared to respond to any incident that might be the outcome of this conflict to accelerate the containment and eradication of threats.
The recommendations during such a crisis always remain the same:
- Your IT security personnel needs to remain vigilant and try to identify and respond to any unexpected or unusual network behavior or anything that may seem out of the ordinary.
- Review the security of the perimeters and internal systems. Treat the mitigation of medium to high vulnerabilities as an urgent matter. In a cyberwar to the state level, threat actors may be utilizing zero-days or other mechanisms to infiltrate, manipulate and attack affected systems.
- Ensure that good defensive and prevention controls are in place and their detection and prevention capabilities are fine-tuned.
- Conduct proactive threat hunting activities to identify any potential threats that might have gone unnoticed. Utilize Threat Intelligence from multiple sources to receive early warnings about possible attacks which may target the organization, the sector or the region. Be part of more extensive corporate or state-level networks which exchange Threat Intelligence.
- Ensure that any publicly exposed assets are adequately secured/hardened and monitored.
- Ensure controlled use of administrative privileges and monitor privileged accounts.
- Notify your users and provide them with user awareness training to treat everything like it is something suspicious and to be extra vigilant.
- Ensure that your Endpoint Security solution is deployed across the whole organization. Endpoint Detection and Response (EDR) solutions are highly recommended.
- All the users accessing your environment should securely do that, and best security practices like complex passwords and MFA should be mandatory for all of them.
- Should you have outsourced any of your services to third parties, validate their entry points on your environment and ask them to perform assessments on their ends to ensure that they are operating according to the best security standards.
- Emphasize 24×7 monitoring of critical systems, networks, devices, endpoints using state-of-the-art threat detection and incident response technology and content. Work with MSSPs who have experts on Alert Triage, Threat Hunting, Incident Response support.
- Perform tabletop exercises across the organization so that all stakeholders can respond to incidents promptly.
How to respond
Should you identify anything suspicious in your environments, below are the IR actions that you should take:
- Immediately isolate any affected systems.
- Secure your backups and ensure that they are offline. If possible, scan your backup data with an antivirus program to ensure it is free of malware.
- Collect and review relevant logs, data, and artefacts.
- Consider engaging a third-party MSSP to assist you with any incident response activities and ensure effective containment, eradication, and recovery.
Given that victims of such attacks would be organizations that operate with critical infrastructure and have OT assets, they need to have a resilience plan to ensure that they will function if those assets are affected or lose access to the IT and OT environments.
Obrela Security Industries are monitoring the situation closely, aligning developments with our mission statement: We keep your business in business. If you have any questions, concerns or queries please feel free to reach out to our customer support at firstname.lastname@example.org and we will do everything that we can to support you and your business during these times.