AVANT Analytics Alert: Russian Cyber Attacks on the Rise

43 days ago, Russia attacked Ukraine. We take this very seriously, along with our partners and the technology community. Here is an overview of the actions taking place and how you can help your customers defend their organizations from potential threats.

Proactive Measures

Technology providers like Cogent and Lumen have cut service to Russia. As this is one of the first times major telecom companies have ever proactively dropped service, this can be seen as a significant action. Lumen, as one of the largest DDoS mitigation networks, has seen an increase in attack activity from the Russian territory. As a response, Lumen specifically has said this is an effort to limit counterattacks by Russia against an organization’s infrastructure.

Threat Level

Conti, one of the world’s largest ransomware groups, pledged their support and publicly promised to retaliate against any direct actions against Russia. They have specifically singled out critical infrastructure as a target. This alone should be a reminder that it’s never been more important to help your customers secure their organizations against ransomware attacks.

Industry Risk

We are seeing increased cyber attacks against the manufacturing industry, especially the automotive industry. Bridgestone, Toyota, and Denzo have all experienced recent breaches. We anticipate more targeted attacks focusing on manufacturing, and more specifically, auto manufacturers who have historically nascent security measures.

Okta Breach

While not apparently connected to the war in Ukraine, the identity provider Okta was breached and approximately ~2.5% of its customers were potentially affected, equating to hundreds of victims. The attackers were able to abuse their access to Okta to then steal source code from Microsoft. While we don’t yet know the full extent of the impact from this case study, it does highlight the fact that attackers are getting more creative in their pursuit of financial gain. We have recently learned that some of the alleged attackers were arrested by British Police. If a handful of hackers aged 16-24 were able to breach Okta, imagine what Russia can do with thousands of professional hackers.

Safety Measures

Multi-factor authentication is now table-stakes for every organization. Simple, mundane tasks like patching systems and reviewing user accounts are key to staying safe. We believe that building a security program that focuses on real-world threats is how we and our clients will survive and continue going to market and winning. Plus, we highly recommend rehearsing incidents before they happen, as this can be key to mitigating disaster.

Government Response

President Biden and the US Administration have launched two alerts. On March 21, they launched a warning about potential Russian cyber attacks. In his statement, President Biden said, “It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyber attacks.” Additionally, the FCC put all Kaspersky security products on the “unacceptable risk to US national security” list. We recommend all partners that use Kaspersky immediately switch to other security products.

The Administration went on to further urge the private sector to harden their security practices immediately, reminding organizations, “You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely. We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.”

For questions on how to guide customers as they build secure and protective programs, reach out to the AVANT team, who can offer their expertise and experience. We are YOUR team and we’re here to help.