Security professionals are urging Americans to take immediate steps to protect themselves from a higher risk of Russian cyberattacks after the invasion of Ukraine.
Historically, Russian state-sponsored advanced persistent threat (APT) actors have used common but effective tactics—including spear phishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security to gain initial access to target networks.
“We are seeing more and more nation-state activity due to the conflict in the Ukraine,” said Ryan Wright, a professor specializing in cybersecurity at the University of Virginia. “With U.S. sanctions setting in, it is only a matter of time until the U.S. is targeted more directly.”
So, Americans need to be prepared, says Doug Jacobson, professor of electrical and computer engineering at Iowa State University. What he has been advising friends: Protect yourself by practicing “cyber hygiene.”
Turn on multifactor authentication
Use multifactor authentication on all your accounts, including email, social media, shopping, and financial services, for extra protection. When you sign in, you will be asked to confirm your identity through a text message, email, or code.
Update everything, including software
Update antivirus and malware software, operating systems, and applications, especially web browsers, on all devices including cell phones, tablets, desktop computers and laptops.
Think before you click
Before clicking or tapping on links or attachments or downloading files, take a beat. Most cyberattacks start with a phishing email, which looks legitimate but isn’t and can be used to steal your passwords, Social Security number, credit card numbers and other sensitive information or to run malicious software known as malware.
Don’t believe everything online
“All sides in any conflict will also be working to use information streams to their advantage. People should be very cautious about the information they share,” said Jessica Beyer, principal research scientist and lecturer at the University of Washington.
Look for behavioral evidence or network and host-based artifacts
To detect password spray activity, review authentication logs for system and application login failures of valid accounts. Look for multiple, failed authentication attempts across multiple accounts.
Look for suspicious “impossible logins,” such as logins with changing username, user agent strings, and IP address combinations or logins where IP addresses do not align to the expected user’s geographic location.
Look for one IP used for multiple accounts, excluding expected logins.
Look for “impossible travel.” Impossible travel occurs when a user logs in from multiple IP addresses that are a significant geographic distance apart
Look for processes and program execution command-line arguments that may indicate credential dumping.
Look for suspicious privileged account use after resetting passwords or applying user account mitigations.
Look for unusual activity in typically dormant accounts.
Look for unusual user agent strings, such as strings not typically associated with normal user activity, which may indicate bot activity.
CBM Technology can help with your cyber hygiene through services such as SecurityCare and SecurityCare+. CBM Technology’s team of security experts are constantly testing and reviewing new threats against the security stack to help keep Louisiana safe.