What to do NOW as war in Ukraine increases cybercrime
As the war in Ukraine keeps escalating, many more cyber-crime groups are starting to emerge as a result. Why do you think this is happening? In places around the world that don’t have many opportunities to make money legitimately turn to crime to provide for their families
Now let’s fast forward to what is happening in Russia. Crippling sanctions have devalued the Rubel, and many vendors, companies, and industries are turning their backs on Russia. They are stopping the flow of technology to that country. Yandex, (an equivalent to Google in Russia as their search engine), says they won’t have the ability to pay their outstanding debt with the current economic state. Yandex also stated that their data centers will be able to function for the next 12-18 months; however, with sanctions blocking the in-flow of technology, they won’t be able to renew their data centers with new equipment. This will lead to a degradation of service, and they will be forced to go out of business, as they won’t be able to make money from advertising (primary means of how Google makes revenue).
The war in the Ukraine will create two threats: The first threat is that of state-funded hackers that Russians will surely use in their attacks on Western businesses, government agencies, etc. The second, will be the threat of cyber-attacks from Russia. In addition, the crippling sanctions will cause many displaced high-tech jobs and their employees that earned an honest living will turn to crime as the only means of supporting their families.
Threats from cyber-crime-as-a-service (CaaS), such as Conti, CobaltStrike, DarkSide and many more, will increase operations with more in-flow of volunteers taking up crime as their primary means of income. As Russians and Putin get more desperate, they will rely on cyber-crime to attack more government infrastructure and western companies in a desperate attempt not only to disrupt operations, but also to supplement their country’s income as funds start to dry up.
Here is what you need to do as a business to protect yourself from this rising threat.
Updates are a MUST
Keeping up with updates is no longer optional; it’s mandatory if you wish to keep your business safe. Downloading all updates is necessary. I recommend not jumping and grabbing the latest update as soon as they become available by Microsoft or other vendors. Many times, updates can brick devices and cause instability issues. And many times, Microsoft will recall updates days after they’re issued once issues are recognized. I suggest updating around Thursday or Friday for Microsoft updates. This gives them a few days of grace period to iron out any bugs to ensure you are getting updates that won’t cause more harm than good.
Getting rid of all legacy unsupported devices or upgrading.
This goes without saying if you are running on a Windows 7 computer, either disconnect it from your network and throw it away, or upgrade to Windows 10 or 11! Remember, it only takes one machine that can be easily compromised on the network for threat actors to get on to your network then move laterally across it. This is why it’s important to understand, even if the rest of your equipment is updated, it only takes one compromised device on the network to cause havoc to your systems.
Check your firewall
A firewall is the first line of defense between your systems and the internet. To ensure that your systems are protected, start by installing a trusted security device, such as those available from Sonicwall, FortiNet, Watchguard, Zyxel, and Cisco. Before selecting the firewall, check the security license costs and fees. This is normally a factor that ensures your firewall is supported. It’s important to keep an active license on your firewall application. So, if you haven’t logged into your firewall in a while, now is a good time to login and see if everything is up to date, from licenses to firmware. Odds are that unless someone is managing your firewall, like a Managed Services Provider (MSP), your firmware is out of date and your licenses could have lapsed.
Check your Backup
When was the last time you tried to restore something from your backup? Do you know if your backups run properly? If the answer to no, then its time to look into this. It’s important to have detailed documents as well to outline the steps needed in order to restore systems from backup in case of a disaster.
How secure is your cloud?
Here’s a crazy one for you: just because something is cloud-based, doesn’t mean it’s 100% secure. Make sure you’re using 2FA on all cloud-based services, especially if they hold secure data.
Centrally managed antivirus
As I said previously, the system is as secure as the least secure system on the network. Centrally managed antivirus systems allow for IT managers to ensure all machines are running the same virus definitions on all networked machines.
Above, I outlined just a few things that you can do in order to shore up your security resilience. With the war in Europe raging on, it’s important to understand that we need to take pre-emptive steps in order to bolster our cyber security. If your business needs assistance with assessing your cybersecurity or if you need ongoing Managed IT Services (MSP), AlphaCIS is doing system security assessments free of charge due to the recent global events in Ukraine and we want to stand united against Russian cyber threats and other security risks we face. Feel free to give us a call at (678) 619-1218
Dmitriy Teplinskiy
I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity