On February 17, the Justice Department urged companies – U.S. and abroad – to increase their cybersecurity posture immediately due to heightened risk in response to Russia’s Ukraine invasion.
At the Munich Cybersecurity Conference, Deputy Attorney General Lisa Monaco said: “Given the very high tensions that we are experiencing, companies of any size and of all sizes would be foolish not to be preparing right now as we speak — to increase their defenses, to do things like patching, to heighten their alert systems, to be monitoring in real-time their cybersecurity. They need to be as we say, ‘shields up’ and to be really on the most heightened level of alert that they can be and taking all necessary precautions.”
To preface her remarks, she referred to the NotPetya cyberattack in 2017 that targeted Ukraine but spread globally causing billions of dollars in damages. And earlier this week, the Department of Homeland Security (DHS) and the FBI warned state and local officials of the increased risk of Russia initiating a cyberattack on the U.S. that could be timed simultaneously with a Ukraine invasion.
Defense Prime and Subcontractors
On Wednesday, February 16, the FBI, CISA and NSA all warned defense contractors to be especially vigilant for Russian cyberattacks as they have increased targeting the defense and intelligence sectors of the industry, including weapons, missile development and software development. In some past attacks, access to networks was gained through Microsoft 365. Hackers acquired log-in credentials to a network and then sent malware to devices unbeknownst to the user. Other methods known to have been used by Russian state-sponsored hackers are:
- Spear phishing
- Credential harvesting
- Brute force/ password spraying
… in addition to previously known vulnerability exploitation methods targeted toward networks with weak cybersecurity. Continued intrusion using these methods and others have resulted in access to sensitive unclassified information, as well a proprietary and export-controlled technology.
New Threat – QR Codes
Because of the pandemic, many businesses implemented the use of QR codes as part of their touchless payment systems. However, as an alert for companies using Quick Response (QR) codes, there are reported cases of the codes being tampered with resulting in personal and financial information stolen.
One recent example is in the city of San Antonio, TX. Police there found fake QR codes on the city’s parking meters that when clicked using a smartphone, the user was taken to a fraudulent site to enter their payment information. This good example how hackers can target a simple, daily and often thought of as innocuous activity as paying for a parking meter spot to steal information. Cybersecurity threats aren’t just on a grand scale by only targeting big businesses and government agencies. Smaller businesses are often easier targets because their cyber defenses are not as robust as their larger sister networks. This can be particularly true for smaller defense contractors.
During these times of heightened cybersecurity threats, due in part to the unstable geopolitical landscape especially in the Ukraine, all of us – businesses and personal – should be especially vigilant of our online activities and take all precautions necessary to protect our business and personal information.