Cyber lessons from the Russia-Ukraine conflict 

By CyberArk

CyberArk discusses new cyber threats presented by the Russian-Ukraine conflict and how to tackle them. 

The deadliest wars in history have always involved weaponry – from cannons to machine guns. But it seems that geopolitical conflict is taking on another form with the emergence of tech. The world sits on the edge of its seat as Russia and Ukraine engage in cyber warfare.

The ongoing crisis has given rise to a series of cyberattacks at an unprecedented scale and garnered significant attention from the cybersecurity community. The question left hanging is: how can governments around the world avoid the same fate?

From closely monitoring partners who are working in affected areas to fine-tuning their crisis response plans, CyberArk shares how countries can improve their cyber resilience with vigilance.


Cyber threats of the Russia-Ukraine conflict


Tensions between Russia and Ukraine are creeping into the online world, with both parties launching cyber operations on the other.

Hackers have defaced more than 70 Ukrainian government websites, according to ZD Net. Attackers replaced official content with threats that citizens’ personal data had been disseminated to public networks.

Hackers have also infected Ukrainian servers with wiper malware, which erased data. The IsaacWiper is a variant known to delete data from government networks and services, forcing them out of order.

This diversion tactic is effective as attackers can strike elsewhere while Ukrainian officials are scrambling to restore their data, Tech Game World wrote.

On the flip side of the coin, the IT Army of Ukraine has used Telegram to coordinate cyber efforts against Russia. Members of the group have targeted the websites of Russian banks, power grids, and railway systems, according to The Conversation.

Another group of hackers known as Anonymous claimed to have disrupted several state-owned Russian broadcasters such as Moscow 24 and Petersberg Channel 5. Programmes on these television channels were interrupted by clips from the war in Ukraine, Council on Foreign Relations reported.


Improving cyber readiness


The conflict between Russia and Ukraine doesn’t just implicate those directly involved; it can also affect the rest of the world. CyberArk shares how governments can brace for impact in these times.

First, organisations should install all available software updates In particular, they should prioritise updates that address known vulnerabilities.

Second, organisations should examine the network of partner companies to identify those working in affected areas. At the very least, they should make sure that remote vendors are protected by antivirus and antimalware software.

It is also important for organisations to enforce necessary precautions for remote vendors such as stronger access control. This means implementing multi-factor authentication to ensure that only those with proper authorisation can access sensitive data.

When communicating with remote partners, organisations need to secure data that is sent and received over protected networks. They should also be prepared to disconnect at any time if the other party is compromised.


Improving cyber resilience


More importantly, countries need to refine their plans in responding to cybersecurity attacks. CyberArk provides tips on how governments can better mitigate cyber threats.

Organisations can designate a crisis-response team with clear responsibilities in the event of a suspected cybersecurity incident. It is vital that key personnel are available to respond to threats in the event of an attack, US CyberSecurity and Infrastucture Security Agency advised.

Organisations should also conduct regular tabletop exercises to remind participants of their roles during an incident. This refers to the process of guiding participants through a simulated incident scenario and highlighting the flaws in their response planning.

In the hypothetical scenario of a malware infection, companies need to consider a few questions. For example, what is the process for identifying the attack, and what are the methods to contain it? How can companies ensure that attackers are no longer active in their networks, and who are the relevant people to alert when these situations crop up?

Having only one plan will not suffice. It is important for organisations to test backup procedures as well to ensure that critical data can be rapidly restored. This will only work if backups are isolated from network connections.

While the ongoing crisis has the potential to implicate the rest of the world, governments can avoid the brunt of attacks by scrutinising their security strategies.