Cyberwar Protection Tracker

How to protect your company?

The war between Russia and Ukraine will increase the number of cyberattacks. Some government organizations or companies will be directly targeted because of their strategic nature or the symbolism they represent. Your company could also be a collateral victim, as cyber-attacks are far from being surgical strikes.

Cubic Consulting will maintain this page in order to share the latest information about threats and possible countermeasures.

The Basics

Attack scenario
  • Direct depeding on your activity sector or the randomness of cyber-criminal groups used as fromt ends by state actors
  • Collateral - you are not targetted but malware etc spreads any way to you
  • Please note that it is not impossible that - at some point - some attacks are specific or exclusive to the West (depends on the future geo-political status)

Newest updates

 

2022-03-07

catégories: cyberwar-news
not catégories:
raw catégories:
Aucune categorie?

2022-03-23

catégories: cyberwar-news
not catégories:
raw catégories:
Aucune categorie?

2022-03-25

catégories: cyberwar-news
not catégories:
raw catégories:
Aucune categorie?

Threats

Wipers and malware Updates

HermeticWiper and PartyTicket

catégories: wipers-and-malware
not catégories:
raw catégories:
Aucune categorie?

WhisperGate

catégories: wipers-and-malware
not catégories:
raw catégories:
Aucune categorie?

IsaacWhiper

catégories: wipers-and-malware
not catégories:
raw catégories:
Aucune categorie?

Phishing Updates

Phishing Emails Target Microsoft Users

catégories: pishing
not catégories:
raw catégories:
Aucune categorie?

DDOS Updates

DDoS or a more sophisticated cyber warfare

catégories: ddos
not catégories:
raw catégories:
Aucune categorie?

General reinforced security

 

Vulnerability management & exploits

catégories: cyberwar-security
not catégories:
raw catégories:
Aucune categorie?

Update AV-tools / IOCs

catégories: cyberwar-security
not catégories:
raw catégories:
Aucune categorie?

Update ransomware playbooks

catégories: cyberwar-security
not catégories:
raw catégories:
Aucune categorie?

Review Back Ups

catégories: cyberwar-security
not catégories:
raw catégories:
Aucune categorie?

Key Protective items

  • Ideally you are subscribing to a threat intelligence provider - this may/should be your central defensive pacemaker (depends on your contract) to prioritise your defensive measures, adjust the detection mechanisms etc.
  • Check for Ukraine IOCs and use them
  • Increase patching cycle (check CISA exploited vulns) (track specific Ukraine Updates)
    This will most likely imply that all software should be updated.
  • Same tighten refresh cycle on AV tools (keep an eye on Ukraine specifics but not only)
  • Analyse malware alerts
  • Check in detail that your DDOS protection is covering the most up to date complete view on your attack surface (if not reasonable, prioritise the assets)
  • Check your network defences (firewalls, IDS-IPS, proxies, VPN set ups etc.)
    At the minimum on all your internet exposed assets check for any known open vulnerabilities. If no recent Pen Test, try to organise one asap.
  • Make your staff has extra awareness for phishing mails
  • Set up IOCs as outlined above.
  • Keep a particular eye on ‘wipers’ i.e. malware whose purpose is to destroy data, PCs etc.
  • Check your SOC settings and make sure they are tracking Ukraine TI (See TI comment)
  • Make sure that you have a manpower plan to support the IR team as the Ukraine situation may drag on
  • Could consider an agreement with a 3rd security firm to provide man-power/expertise in case of incident
  • Check all back ups are correctly functioning
  • Fix/confirm recovery based on a number of possible impact scenarios
  • Make sure that there is a info sec crisis management set up and as well as link to the business crisis management (your company may have business impacts from the Ukraine war) and/or to the executive senior management.
  • Keep this meeting going on a daily base