A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

March 28, 2022 • Issue 22:03:02

Securing your organization from cyberwarfare threats

By Suresh Dakshina
Chargeback Gurus

Fears of a large-scale cyberattack on business and infrastructure by a well-equipped state actor like Russia have been in the air for years. The Russian invasion of Ukraine, broadly opposed by the United States and its allies, has made it more likely that an attack of this nature is coming sooner rather than later. While both private and public sector organizations have been dealing with overseas hackers and cybercriminals for a long time, we have yet to experience a full-scale assault on our most important networked assets. What can businesses do to protect themselves from the threat of a major cybersecurity attack?

Events in Ukraine are changing rapidly as the invasion continues, and NATO countries have been applying a wide range of economic sanctions to put pressure on Russia and limit its ability to engage in warfare. Any direct military intervention would carry a risk of severely escalating the conflict, leaving indirect actions like sanctions as the most viable option currently on the table.

Russia doesn’t have the leverage or influence to counter with meaningful economic sanctions against the countries who oppose it, leaving cyberwarfare as the most effective nonviolent means of retaliation that they have to work with. While cyberattacks do have the potential to hurt or even kill people when they target things like critical infrastructure, utilities and hospitals—things that have all happened already—their primary purpose is often to disrupt normal online activities, prevent the flow of information and cause economic harm.

The fallout from a major cyberattack could easily affect retailers and other small businesses that have nothing to do with geopolitical conflicts. While this threat pales in comparison to the dangers faced by anyone whose homeland is being invaded, it is nevertheless a real one. Merchants should keep informed about it and start taking steps to prepare themselves.

What is the scope of the threat?

Last year saw some of the most severe ransomware attacks to date (see bit.ly/3CRJvOB), targeting large, high-profile companies that provide critical infrastructure and services, and many of the groups behind those attacks were known to be operating out of Russia. The targets of these attacks, which included Colonial Pipeline, Acer, JBS Foods, and many hospitals and healthcare facilities, had their critical IT systems paralyzed by malicious software and were forced to pay millions in ransom payments to the hackers to regain access. Such attacks only hint at the damage that could be done if these hackers were to carry out a sophisticated, widespread and powerful campaign of unfettered digital sabotage.

Most cyberattacks come in phases. They start with spear phishing or brute force attacks to gain access to the target system, exploiting known software vulnerabilities whenever possible. Hackers have been known to maintain a quiet presence on compromised systems for years before launching the next phase of their assault.

Once they’re in, hackers can steal data, issue harmful software instructions or install malware programs. In a worst-case scenario, such cyberattacks could be used to cause actual physical damage to expensive and dangerous industrial equipment—much like the Stuxnet computer worm (see bit.ly/3u6mbZn) did to Iranian nuclear centrifuges in the early 2000s. Stuxnet is considered to be a highly sophisticated, narrowly targeted attack, and it’s not hard to extrapolate the consequences of a similar attack carried out on a large scale and intended to cause as much chaos as possible.

The US Cybersecurity & Infrastructure Security Agency has not warned of specific threats as of this writing, but they are directing businesses, government agencies and other organizations that could be targeted to their Shields Up website, bit.ly/3ijVgDW, for guidance and resources.

How can cyberattacks be detected?

As last year’s wave of ransomware attacks showed, it’s not just government agencies, big corporations and industrial plants that need to worry about powerful, high-tech cyberattacks. Any organization can potentially be targeted, and the initial stages of a sophisticated attack can look a lot like a regular account takeover attempt from a garden-variety cybercriminal.

The following tips can help you spot a hacker probing for weaknesses—or already laying low inside your system.

  • Collect and retain detailed system access logs.
  • Watch for repeated failed login or authorization attempts.
  • Watch for logical inconsistencies, like identical IP addresses being used for different logins.
  • Watch for unusual activity in privileged or dormant accounts.
  • Investigate any unusual records or user behavior that raises red flags.
  • Use up-to-date antivirus software.

What’s the proper response to a cyberattack?

If you believe you have detected signs of an attack, act quickly using the following steps to mitigate the damage.

  • Immediately isolate affected devices by disconnecting them from your network.
  • Make sure that your backups are offline and secure, and scan them for viruses.
  • Review all access logs and other relevant data for additional indicators.

It may also be appropriate to report incidents to CISA or the FBI.

What’s the best way to prepare for a cyberattack?

The better prepared you are for an attack, the less harm you will experience, and the quicker you can get back to normal. Here are actions to take:

  • Require multi-factor authentication for system access.
  • Require strong passwords.
  • Make sure your antivirus software is patched and updated.
  • Disable all network ports and protocols that are not essential to your operations.
  • Test your backup procedures and other response protocols.
  • Create a response plan in the event of a cyberattack incident.
  • Maintain alternative systems or manual controls that can be used if critical systems are taken offline.
  • Train your IT staff to look for unusual network activity, user behavior, and data artifacts.
  • Use email filters and employee training programs to lessen the efficacy of phishing attacks.

Businesses are used to dealing with hackers, phishers and fraudsters, but few are tested by advanced, state-sponsored attackers bent on destruction rather than personal gain. Hopefully, the world will return to peaceful footing before the war in Ukraine spills further into cyberspace, but everyone with an online presence to protect should be thinking about how they can keep their users and data safe. end of article

Suresh Dakshina is president and co-founder of Chargeback Gurus, https://www.chargebackgurus.com/en/. He holds a master’s degree from the University of Southern California and has consulted Fortune 5000 companies for over a decade on chargeback and fraud minimization. Suresh also works closely with card networks such as Visa and American Express on chargeback process optimization and compelling evidence policies.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
A Thing