The Russian invasion of Ukraine has led to a tense relationship between the Russian and US governments. Some experts fear that Russia may retaliate against the US using cyberattacks, as they have in the past. In this blog, we are going to explore why Russia would want to use cyberattacks against the US, the severity of the potential threats, and most importantly, how to protect yourself and/or your business.
What is the context?
As the conflict between Russia and Ukraine rages on, the US government has held strong on its position to not send US troops into Ukraine. Top leadership fears that a direct fight between two world superpowers (Russia and the United States) would mean WWIII. Due to that, US leadership has been extremely cautious in their current actions. With that being said, the US has decided to place strict sanctions on Russia, as a way to hinder them in their war against Ukraine. This has crippled Russia’s economy and led to the value of the Ruble dropping almost 50%. With many other countries placing similar sanctions, Russia is looking for a way to strike back. This is where the fear of Russian cyberattacks comes in.
Russia has become widely known for its hackers starting over the past 15 years, it has orchestrated a vast number of coordinated and uncompromising cyberattacks across governmental and private organizations. Many Americans became aware of this during the 2016 US elections where hackers penetrated Democratic party computers and gained access to the personal emails of Democratic officials. With that knowledge, many of the world’s leaders fear the worst.
Who else is talking about the possible Russian cyberattacks?
FastCompany wrote a great article at the start of the invasion. This article discussed what would happen if Russia decided to launch cyberattacks against the US. They stated “U.S. banks are a potential target, especially in light of banking-related sanctions against various Russian entities, and CNN reports that some experts have said it might not be a bad idea to have some cash on hand in case banking systems get disrupted.
It’s also a good idea for both individuals and businesses to make sure they’re taking basic cybersecurity steps with their own accounts, like using secure passwords, keeping systems updated with the latest security patches, and turning on two-factor authentication where it’s available, DHS officials are saying.”
Many top news channels have started covering this topic. CNN had reported last month that the FBI warned local governments and companies to be on the watch for ransomware. Ransomware attacks, like the one that crippled the Colonial Pipeline last year.
Overall ransomware groups typically operate with some tacit approval from the regime of Vladimir Putin. Sources show that the Russian government may be more tolerant of hacks on major Western targets if tensions continue to ramp up.
Preparing for potential attacks
The Cybersecurity & Infrastructure Security Agency (CISA) is the nation’s top cyber defense agency. They recently released a document titled, “Shields Up.” This document highlights the potential for disruptive Russian cyber-attacks against both small and large US businesses alike. ‘Shields Up’ even offers cybersecurity suggestions for US individuals, as they believe the Russian cyberattacks may not focus exclusively on businesses. This document lists 4 primary tips for protecting yourself and your business from any potential Russian cyber threats.
Tip #1 Implement multi factor authentication on your accounts.
A password isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, or a fingerprint or Face ID, you’re giving your bank, email provider, or any other site you’re logging into the confidence that it really is you. Multi-factor authentication can make you 99% less likely to get hacked. So enable multi-factor authentication on your email, social media, online shopping, financial services accounts. And don’t forget your gaming and streaming entertainment services!
Tip #2 Update your software.
In fact, turn on automatic updates. Bad actors will exploit flaws in the system. Update the operating system on your mobile phones, tablets, and laptops. And update your applications – especially the web browsers – on all your devices too. Leverage automatic updates for all devices, applications, and operating systems.
Tip #3 Think before you click.
More than 90% of successful cyber-attacks start with phishing emails. A phishing scheme is when a link or webpage looks legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware. If it’s a link you don’t recognize, trust your instincts, and think before you click.
Tip #4 Use strong passwords
In fact, you would ideally use a password manager to generate and store unique passwords. Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it’s going to take all of us to really protect the systems we all rely on.
Now, these are only a small handful of tips listed by the CISA document. However, after sitting down with Aspis founder and CEO Jeff Wagner, he told me that these 4 tips are enough to completely protect most average people. If you would like to read all the tips listed in the ‘Shield’s Up’ document, you can find them here. https://www.cisa.gov/shields-up
If you want to go a step further in protecting your business against Russian cyberattacks, Aspis offers vulnerability scanning services that can detect any weak points in your business. These scans can show you exactly where you need to fix or improve your cybersecurity to avoid potential malicious attacks in the future.
Who is Aspis Consulting?
Aspis is an IT professional services firm headquartered in Kansas City, Missouri specializing in cybersecurity and management consulting. Aspis strives to make enterprise cybersecurity solutions and professional services accessible to all sizes of organizations from small to medium-sized businesses to large Fortune 500 enterprises; non-profits; and municipal, state, and federal government agencies. Our values are Integrity, Community, Diversity.
Aspis’ vision is to democratize cybersecurity. This means that through our mission we strive to make enterprise cybersecurity solutions, IT professional services, and administrative and management consulting services accessible to all sizes of organizations from small and medium-sized businesses to large Fortune 500 enterprises; non-profits; and to local, state, and federal government agencies. We right-size our enterprise products and services for the SMB market so they are affordable.
With the additional locations of Duluth, Minnesota, and Washington, DC Aspis has grown to become a national brand and has helped businesses of all sizes with their cybersecurity needs. Our team offers a full suite of services including cybersecurity management consulting; compliance assessments; security awareness training; and darkweb monitoring to both our commercial and government clients. Our organization has been featured in publications including Forbes, IBM, and the US Chamber of Commerce. Additionally, Aspis is a Certified HUBZone Small Business, Certified LGBTBE, and Certified Virginia Values Veterans company. https://aspis.consulting
Worried about your business and Russian cyberattacks? Learn more about how Aspis can help you with your cybersecurity or administrative needs check out our website. Also, follow us on LinkedIn, Facebook, and Instagram. We post things to stay up to date on cybersecurity news, company updates, and need-to-know tips.