The war situation in Ukraine and cyber threats

by Array

On February 24, we sent out a security update on the cybersecurity implications of Russia’s invasion of Ukraine. In this new bulletin, we give you a status update on the most recent developments.

General

As we reported in our first bulletin, from our SOC/CERT perspective, the current situation is not (yet) specifically different from other threats, and we are operating with the usual high state of alert. We are also noticing, of course, through our customers’ inquiries, that the ongoing conflict is leading to more unrest and uncertainty. News media present a report of the (also for experts) uncertain threat picture and current attacks that are not always easy to interpret.

What you can do: advice from national cybersecurity centers and vendors

At the time of our last bulletin, there was no specific Ukraine advice from the Dutch National Cyber Security Center (NCSC). The Dutch NCSC now has a separate section on its website with advisories (only in Dutch). Like ON2IT’s earlier advice, the Dutch NCSC emphasizes getting general digital resilience in order through known basic measures, especially update discipline for systems that have a direct internet connection.

The Dutch NCSC places a lot of emphasis on how to deal with an incident. That means going through your incident-response plans, making sure they are up to date, and providing adequate crisis communication in the event of digital incidents. The Dutch NCSC also continues to monitor the situation closely and will continue to share relevant information and advice. The timeline and advisories are updated regularly.

Most updates and briefings given by cybersecurity technology vendors in recent days also focused on getting general resilience and measures in place, without mentioning specific measures related to previously unknown threats. When it came to specific threats, for example, Russian ransomware or wiper campaigns, they mainly related to organizations operating in Ukraine or Russia.

Another striking recurring point in many briefings was the advice to intensively monitor social media accounts of one’s organization for suspicious activity or intrusion attempts.

What does the ON2IT SOC do for its managed clients?

Of course, the ON2IT SOC is intensively working on possible new threats. In general, threat intelligence about new vulnerabilities and the associated detection and mitigation techniques is immediately processed and operationalized 24/7 in the technology and measures we manage for our clients.

This is certainly also the case for threats with a direct link to state actors involved in this conflict. In addition, we continuously support our clients in increasing their resilience, especially now. In addition, we respond directly to imminent threats that manifest themselves.

What else can ON2IT do?

We know from experience that just having all the known basic measures in place for many organizations requires a major and continuous effort, for which the right people, the right technology, and the right policies must be in place. Validating your existing cybersecurity measures can help to find and fix weak spots. ON2IT can help you with automated attack simulations and with second-opinion advice from our technical consultants.

The importance of the Zero Trust architecture is reflected in the Ukraine-related advice of various national cybersecurity organizations. Based on our years of experience, we know which steps in the implementation of Zero Trust can be made operational in a very short period of time and immediately provide more prevention. We always parallel our strategic Zero Trust Assessments with hands-on operational advice.

If you want to know how Zero Trust actually provides better security in the very short term, we recommend you to attend the webinar Zero Trust Strategy to Operations, in which we will specifically address “quick wins”.

Incident response support

ON2IT offers its managed clients no-cost cyber incident response support through our SOC/CERT. In response to the current global threat, we are also extending this service to other organizations facing a successful cyber attack.

When we have to make choices due to an excessive number of requests, we apply the following priorities:

  1. Managed customers of ON2IT
  2. Organizations working in the vital infrastructure and healthcare sectors
  3. Other organizations

In the coming period, we will continue to keep you informed of relevant developments regarding cybersecurity as a result of the war between Ukraine and Russia.

The NCSC information page can be found here. (geen Engelse versie beschikbaar)