Recent U.S. intelligence indicates that, as its military engagement in Ukraine escalates, Russia has initiated cyberwarfare techniques against its Eastern European neighbor. And given the potential for similar attacks on U.S.-based targets, we at FTC would like to provide area businesses with an update on what we know about Russia’s cyberattacks so far, along with the steps we are taking to ensure the ongoing fidelity of the cybersecurity services we deliver to our customers for the protection of their businesses.
What we know so far: cyberattacks targeting Ukraine
The cyberattacks that Russia has so far initiated in its 2022 assault on Ukraine include:
- Malware — Initially launched in the lead-up to Russia’s February military invasion of Ukraine, a new malware dubbed WhisperGate has been used to target a number of Ukrainian organizations. Designed to render the devices it targets inoperable, the malware requests ransom payment, then destroys files even if the ransom is paid. Another type of malware dubbed HermeticWiper has also been employed against organizations in Ukraine, and it renders Windows devices unusable by targeting their master boot record to cause boot failures.
- Website Defacement — More than 70 attempts have been made to deface Ukrainian government websites, with at least 10 being successful.
- Distributed Denial-of-Service (DDoS) attacks — Targets of recent DDoS attacks include Ukraine’s armed forces, defense ministry, public radio and two large Ukrainian banks. Several vital services were turned offline, and many Ukrainian residents were rendered unable to access their bank accounts, use mobile apps or issue online payments.
In addition, Ukraine has been targeted by a number of cyberattacks that preceded the current Russian invasion. Among them, many experts suspect a potential attack on the Ukrainian power grid was executed during the 2014 Russian invasion and annexation of the Southern Ukrainian region of Crimea.
Actions to ensure the protection of customers’ businesses
Here at FTC, we are in active communication with all of our technology partners to exchange real-time intelligence on any cyberthreats that could impact our operations. We are also conducting ongoing audits of our infrastructure and processes to ensure a strong defense against possible exploitation from Russian state-sponsored threat actors. The protection of your business is our number one priority, and we will update and advise you as circumstances necessitate.
In the short term, we recommend that all businesses do the following to protect themselves:
- Remind employees of the role they play in keeping your business secure. For example, employees should actively look out for indicators of a potential business email compromise attack.
- Be skeptical—Any last-minute changes in wiring instructions or recipient account information must be verified.
- Double-check that URL—Before clicking, ensure that any URLs in received emails are actually associated with the business the email claims to be from.
- Spelling counts—Be alert to misspelled hyperlinks in the actual domain name.
- Be sure users have updated their systems and applications to the latest software releases, which typically include the latest security enhancements.
FTC’s robust cybersecurity solutions
At FTC, we have a highly effective cybersecurity portfolio and have positioned our customers to be able to defend themselves in the best way possible against the latest and most sophisticated attacks. Our approach includes industry-leading, next-generation antivirus protections via SentinelOne. Coupling that with Duo, our multi-factor authentication service, ThreatLocker, our application whitelisting and ringfencing solution, and sandboxing for your data at the edge creates a multi-layered approach that delivers much-needed protections in today’s threat-filled cyber landscape. Lastly, businesses can fortify their first line of defense by training their employees with KnowBe4, the world’s largest integrated platform for security awareness and training combined with simulated phishing attacks.
If your business is not currently using all the layers of protection offered, do not hesitate to reach out to us to discuss how all of these cybersecurity layers work together and how we can easily add them to your defense.
Seeking professional-grade cybersecurity services like a managed firewall, advance threat protection, and hosted antivirus & spyware for your business? Visit ftc.net/business to explore all of FTC’s cybersecurity offerings, as well as other business-critical services such as Internet, Wireless, Voice and Security. And when you need local, expert IT assistance for your business, help is nearby and easy to reach, without the expense of a full-time IT staff. Visit FTC IT Solutions for professional IT help in a number of tech-related areas, including Managed IT, Cybersecurity, Hosted Services, Point-of-Sale and Hardware Sales.