Future cyberattacks on Ukraine may seek to destabilise the country, disrupt information flow, or undermine the population’s will to fight. Several noteworthy cyberattacks have already occurred in Ukraine.
- On January 15th 2022, Microsoft released information of a destructive malware, called Whispergate, that had hit several Ukraine-based government, nonprofit and IT organisations. Hackers had also targeted Canada’s diplomatic and external affairs agency.
- The malware has similarities with the 2017 malware NotPetya, which was also destructive malware disguised as ransomware.
- Accenture identified three state-sponsored hacker groups that are most active in Ukraine: Sandfish (responsible for the NotPetya attacks), Winterflounder (targeted the Ukraine government), and Walleye (targeting intelligence missions against state institutions).
- How can companies mitigate the cyber threat stemming from geopolitical tensions?
- Current guidance and commentary suggest that companies should be more alert to anomalies in their networks. Beyond that, Accenture suggests a few high-priority tactical mitigations:
- Patching externally-facing infrastructure
- Audit domain controllers for specific logging requests
- Having an incident response retainer in place
- Treating malware detections with highpriority
- Test and conduct backup procedures
- In addition, the article provides strategic mitigations, such as monitoring administrator accounts or segmentation of IT and OT networks.
Why does this matter for businesses?
- Although these threat actors mainly target organisations in Ukraine, spillover from the attacks could affect organisations outside of the initial target sets.
- Companies are encouraged to operate on high alert. State-sponsored cyberattacks will likely be visible in private companies first.