The ongoing conflict in Ukraine has posed a grave danger to lives and businesses and will have profound consequences extending far beyond the region. CISOs and CIOs across organisations globally and in Asia face the growing spectre of aggressive Russian cyberattacks and need to ramp up their cybersecurity strategies and defences to prepare for whatever may come next.
Why Asia is at risk
In recent years Russia has launched cyber attacks against Georgia and in 2015 brought down Ukraine’s power grids to disrupt the government and businesses.
Russia is claimed to be behind the NotPetya malware attack in 2017, first designed to target the Ukrainian financial, energy and government sector and the self-replicating virus spread rapidly to organisations globally. NotPetya wiped networks and caused billions of dollars in damages as users across Asia, Europe and America were hit by a cyberattack that spread beyond its intended targets.
Why should Asia-Pacific be on high alert? The region is home to four of the five most populous nations in the world and many countries represent high-value targets in a low-security environment. Companies in the Asia Pacific region are particularly vulnerable as digital progress has been uneven and many countries are still grappling with the COVID-19 pandemic.
Across many Asia-Pacific countries, there remains a disproportionately low level of investment in cybersecurity and risk management. The speed of digital transformation has also left many governments playing catch up.
Cyber security firm Mandiant believes advanced persistent threat (APT) groups linked to Russia and its allies will conduct further cyber intrusions, as the stand-off with Ukraine continues
The Russian government’s invasion of Ukraine has since spurred a massive surge in distributed-denial-of-service (DDoS) attacks targeting the Ukrainian government and critical infrastructure. In the weeks ahead, the danger to APAC countries is that Russia might carry out retaliatory cyberattacks on organisations outside Ukraine in retaliation of sanctions being imposed.
Potential threats could range from widely used DDOS ransomware, and phishing attacks to hacktivist campaigns and the spread of sophisticated, destructive malware as part of the state-sponsored cyber activity. It’s impossible to predict how much disruption, including damage to critical infrastructure, these attacks might cause.
Apart from the risks of being a direct target of Russia, organisations must be prepared for increased levels of cybercrime in general. Adversaries are always taking advantage of current news events to adjust their tactics. A major geopolitical conflict provides a perfect opportunity to capitalize on people’s fears, concerns, and general uncertainty.
In light of the escalating Russia-Ukraine conflict, a strong cybersecurity defence has become more critical than ever. CISOs and CIOs in the region’s financial institutions, critical industries, government organisations, and businesses must evaluate their security posture to make sure they’re prepared to defend against potential cyberattacks.
What actions you should take
The first step is to understand if your organisation is prepared. Although the Russia-Ukraine conflict is an extraordinary event, it only highlights the daily cyber activities that are occurring in modern cloud environments. Any robust enterprise security strategy, by default, needs to include plans and mitigation steps for withstanding these levels of cyber threats.
However, there are proactive measures that an organisation can take to strengthen its security capabilities and reduce the chances of being compromised.
General best practices & advice
- Ensure proper business continuity and disaster recovery plans are set. This includes a well-tested incident response process to respond quickly and effectively to any cyber incidents. DDoS attacks are already happening and will increase moving forward, so organisations must be ready to invoke those plans at any moment.
- Back up critical business systems regularly and consistently to avoid data loss.
- Apply the least-privilege access principle throughout your environment.
- Implement basic cybersecurity hygiene. This is fundamental to avoid security gaps (e.g., missing patches and default passwords).
- Ensure IT and security staff are vigilant and prepared to work diligently to protect customers, processes and systems.
Cloud-native security recommendations
- Identify exposures, vulnerabilities, and misconfigurations that can provide entry points for attackers to gain access.
- Scan all running workloads for critical vulnerabilities with known exploits to conduct focused patching and mitigation and use trusted open-source scanners (e.g., Trivy).
- Scan for vulnerabilities in CI/CD pipelines to ensure no new vulnerabilities can be introduced.
- Scan for misconfigurations in cloud resources and infrastructure-as-code (IaC) templates. The cloud is the target and must be considered as part of the broader defence strategy, in which visibility and protection are key.
- Minimise the attack surface and harden cloud and Kubernetes infrastructure.
Conclusion
The ongoing situation in Ukraine means organisations in APAC should be prepared to defend their networks against cyberattacks originating from Russia
As the conflict escalates on both the battlefield and in cyberspace, companies need to stay ahead of potential cyberattacks. By ensuring that networks are as well-defended against attacks as possible, the damage done by attacks can be minimised.
It is important to make sure you have effective security defences is important at any time, but even more so in times of uncertainty and global crises.
As we continue to closely follow the events in Ukraine, we’re committed to providing strong security capabilities that can help our customers protect their most critical assets and business processes.
