After Russia’s invasion of Ukraine, it's time to hunker down
Credit to Author: Steven J. Vaughan-Nichols| Date: Thu, 03 Mar 2022 10:46:00 -0800
Chances are you don’t live in Ukraine’s capital, Kyiv, so you don’t need to worry about a missile landing on your office. But even if you’re 6,000 miles away, you could still get smacked by Russia’s or its Anonymous enemies’ cyberwar fallout.
As the war grinds on, chances will only increase that everyone will be affected by the resulting and growing cyberattacks. So, what can you do to protect yourself?
I’ve given it some thought and here are my suggestions. They may sound basic, but these recommendations could well save your business.
You’ve heard this a million times: Back up your systems. Well, here it is again and this time you’d better pay attention. Russia has released a new kind of Windows malware, HermeticWiper, which wipes the data from your computers and then makes it impossible to boot it. No backup? No computer.
Besides hitting sites in Ukraine, it’s also hit businesses in Latvia and Lithuania. I think it’s only a matter of time before it damages systems around the world — including the ones in a server room near you.
The most common way for malware to get into your computers is by way of phishing attacks. This common method of tricking one of your employees into clicking a link or opening a file that will infect your computer with ransomware or a virus still works as well as ever.
You can tell your people until you’re blue in the face not to open suspicious e-mails, but they sometimes do. So, while I suggest you continue to try to educate your people, you should also invest in anti-phishing tools or services.
Have you been holding back on updating your programs or operating system because it’s too much trouble? I get that, but now is not the time to hold back. I guarantee you there are nice, juicy zero-day exploits just waiting to be unleashed on older software. The more recent your patches, the less likely it is you’ll get mauled when they arrive.
At the same time, if you rely on, say, node.js or other external programming code repositories, it’s time to lock your code. As Alan Cox, a one-time top Linux kernel developer, explained: “Anyone pulling anything from an external repository, especially an automated one, should IMHO start full review and change control to lockdown. People are already talking about trojanning things like js modules and python modules with anti-whoever they hate protests and traps.”
He’s right.
There are many kinds of security programs and services out there. I can’t tell you what you need in particular, because every business is different and has varying needs. What I can tell you is whatever it is you do, you need to get and use security programs to protect critical systems. (CSO is a good place to start for the latest on what’s what in security software.)
A simple login and password doesn’t cut it these days. You need multifactor authentication (MFA). Even if you’ve never used MFA on a computer, you’ve used it in real life. For example, every time you gas up with a credit card at a gas pump, you must enter your zip code. Or, whenever you get cash from an ATM, you need both your bank card and your personal identification number (PIN). These transactions use both a physical factor, your card, and a knowledge factor, your ZIP code or PIN.
Everyone now pretty much supports MFA, and you should, too. It can go a long way to protecting you and your systems from harm. It’s not perfect, however. The old-school user ID/password/and text message is easily crackable.
But, if you use a FIDO Universal 2nd Factor (U2F) protocol-based device, such as a Yubico YubiKey or Google’s Titan Security Key, you’ll be as safe as anyone can be these days using MFA.
Ultimately, you want to move to a Zero-Trust security system. But that takes a lot of work. You need better security right away, and that means making the most of a quick and relatively easy security fix rather than shifting to a wholly new approach. There will be time for that once the war is over.
Let’s pray the fighting ends sooner than later, both for our own sakes and for the people caught in the middle of the real war.
Next, Read This:
Is the cyberwar coming or is it already here?
Windows is in Moscow’s crosshairs, too
Ukraine crisis: ‘Wiper’ discovered in latest cyber-attacks
The Cybersecurity Risks of an Escalating Russia-Ukraine Conflict