Future cyberattacks on Ukraine may seek to destabilise the country, disrupt information flow, or undermine the population’s will to fight. Several noteworthy cyberattacks have already occurred in Ukraine.
Summary:
-
On January 15th 2022, Microsoft released information about a destructive malware called Whispergate that had hit several Ukraine-based government, nonprofit and IT organisations. Hackers had also targeted Canada’s diplomatic and external affairs agency.
-
The malware has similarities with the 2017 malware NotPetya, which was also destructive malware disguised as ransomware.
-
Accenture identified three state-sponsored hacker groups that are most active in Ukraine: Sandfish (responsible for the NotPetya attacks), Winterflounder (targeted the Ukraine government), and Walleye (targeting intelligence missions against state institutions).
-
How can companies mitigate the cyber threat stemming from geopolitical tensions?
-
Current guidance and commentary suggest that companies should be more alert to anomalies in their networks. Beyond that, Accenture suggests a few high-priority tactical mitigations:
-
Patching externally-facing infrastructure
-
Audit domain controllers for specific logging requests
-
Having an incident response retainer in place
-
Treating malware detections with high-priority
-
Test and conduct backup procedures
-
-
In addition, the article provides strategic mitigations, such as monitoring administrator accounts or segmentation of IT and OT networks.
Why does this matter for businesses?
-
Although these threat actors mainly target organisations in Ukraine, spillover from the attacks could affect organisations outside of the initial target sets.
-
Companies are encouraged to operate on high alert. State-sponsored cyberattacks will likely be visible in private companies first.
