Cybersecurity Threat Advisory: Heightened Threat Activity Expected as Global Conflicts Intensify

Advisory Overview

This week there is a new critical alert that requires the mission-critical community’s immediate attention. As tensions continue to rise between Russia and Ukraine, cyberattackers have targeted the Ukrainian government and other Ukrainian organizations. Denial-of-Service (DoS) attacks took down Ukraine’s defense ministry and military websites. Similar attacks were deployed against PrivatBank and Oschadbank, two large banks in Ukraine. Although security experts have not confirmed that Russia was behind these attacks, Ukraine firmly believes Russian state actors are responsible.

What Is the Threat?

DOS attacks occur when an attacker successfully puts a service, website, or device into a state whereby it is unusable. In this case, these attacks were deployed against websites by flooding them with traffic to the point that they crashed. This made the Ukrainian banks’ websites unusable for example, which directly impacts all bank activities and all of the banks’ customers.

Why Is It Noteworthy?

Whenever one nation launches a cyberattack against another, this does not just increase cybersecurity risk for the involved nations, it also impacts global cybersecurity risks. While the attacks reported in this advisory were not sophisticated or difficult to mitigate, cyberattackers previously have used such attacks as a tactic to create a diversion to lay the groundwork for a more sophisticated and potentially more damaging attack. As a result, users should remain vigilant and pay close attention to the news cycle, especially because Russia is thought to be responsible for the SolarWinds and Colonial Pipeline attacks of 2020 and 2021.

What Is the Risk?

There is no active threat to which organizations need to monitor or apply patches, but there is always a chance that this type of situation can lead to an active threat. This situation actually has maxed out the Cyber Attack Predictive Index (CAPI), a tool created by Johns Hopkins Information Security Institute, with a score of 25. As this situation progresses, new vulnerabilities and attacks may appear in the wild, so it is important to be watchful for any emerging threats. MCP’s cybersecurity team will continue to monitor for any suspicious activity.

What Are the Recommendations?

MCP recommends watching for any news that pertains to this situation, particularly regarding the types of cyberattacks that might be launched. If a product that your organization uses has any vulnerabilities exposed, be sure to apply updates so that patches are applied. Additionally, keep an eye on any suspicious traffic that may be coming to you organization from outside of the United States. As always, MCP will continue to closely monitor the situation and share information pertaining to any potential threats that it might pose.

References

For more in-depth information about the recommendations, please visit the following links:

• https://hub.jhu.edu/2022/02/15/russia-ukraine-maxes-out-cyber-attack-predictive-index/
• https://fortune.com/2022/02/16/ukraine-russia-cyberattack-banks-crisis/
• https://fortune.com/2022/02/15/markets-rally-russia-troops-ukraine-ruble-bitcoin-stocks/
• https://cyberheatmap.isi.jhu.edu/

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

Mike Beagles is MCP's director of IT and cybersecurity services. He can be reached here.