Man vs Skill: Russia’s Increased Volume Of Cyber Attacks

The world’s most potent and active cyber adversary lurking in the shadows…

2021 and 2022 have made a name for themselves in cyber-security – not only was the shift to remote working during the pandemic a major factor in increasing security risk and disruption to businesses, but there is also now the threat of the world’s most potent and active cyber adversary Russia, lurking in the shadows.

The #1 method of cyber-attack

The current conflict has seen Russia turn to purely destructive attack methods. Distributed-denial-of-service attacks (DDoS), where targeted websites are overwhelmed with fake traffic, and malware wipers, where data is erased in an irretrievable manner, are currently the preferred methods of choice.

It seems low level Russian affiliates have stepped up to perform these destructive methods, while skilled affiliates have been set aside, to focus on more strategic and targeted attacks, such as uncovering government agency plans and targeting critical infrastructure.

It’s clear that Russia is using a high number of people, regardless of skillset, to enhance power.

What are our Threat Intelligence team saying?

Ransomware is still making a mark.

In these destructive attacks, ransomware has been used as a decoy. Notorious Russian strains, such as Conti, have pledged their allegiance to Russia, despite the 1TB leakage of their internal chat logs and the potential release of a decryption key.

Undoubtedly, the most concerning change remains around the destructive attack methods and their susceptibility to spill over the borders, whether this is purposeful (due to the sanctions imposed on Russia by the UK, EU and US) or accidental. Organisations, no matter where they are located, could be at serious risk.

Stay up to date with our Threat Intelligence news and insight by subscribing to our podcast.

What action can your business take today to reduce risk?

Safety starts with vigilance, and employers must be prepared to question and evaluate what security practices are and are not working for them, whether that involves focusing on cyber security work in the short term or offering temporary protection boosts.

Key actions to take:

• Verify employee passwords – are they unique within the business?
• Implement Multi-Factor Authentication (MFA) across your group
• Review user permissions – ensure unnecessary privileged access is removed from accounts, including leavers
• Educate employees – make sure they know how to escalate suspicious activity, such as phishing emails
• Review the location of your logs – keep them for at least one month
• Prioritise patching of all users’ desktops, laptops, mobiles and key business systems
• Make regular backups – this is imperative to your group’s recovery if compromised
• Be ready – ensure your disaster recovery plans are up to date and that everyone within your group knows their role during an intrusion

“The Geo-Political position in the world is creating stress and concern for organisations and individuals alike, and it’s difficult not to let that cloud our focus. However, we must not only stay vigilant of the cyber-risks posed by Nation state threat actors like Russia, but also of the everyday struggles that weaken the strength of staff in companies. Recruiting and keeping good security staff is a huge problem that is increasing the opportunities for success by cyber criminals. This blog is a step forward in helping businesses like yours take action and ensure resiliency during these unpredictable times.”

 – Mike Brown, CEO at Talion

For more insight into how you, as a company, can make important investments to your security posture, read our article on DDoS Attacks & Malware: Remediation Guidance Is Critical.