CISA warns organizations to isolate Ukranian traffic

The Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations working with Ukranian counterparts to isolate and inspect traffic from the region following this month's attacks on government networks there.

The Department of Homeland Security's cyber security unit made the recommendation in a CISA Insights document published earlier this week.

"If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic," the document said.

IT personnel should be on the lookout for unusual network behavior, and organizations should have crisis response teams at the ready to handle cyber security incidents, CISA advised.

It has also urged companies to conduct tabletop exercises so that all team members understand how to quickly carry out their roles during an incident. It's also important to test backup procedures, it said.

CISA warned companies to patch software, introduce multi-factor authentication for all privileged systems, and disable non-essential ports and protocols. IT departments should review CISA's controls for securing cloud services, it added.

The agency warned about destructive malware in the Ukraine last week after Microsoft blogged about the use of Master Boot Record (MBR) wipers targeting government agencies there. The malware executes when victims power down the device and destroys all files, it said, leaving a ransomware note that serves as a ruse rather than a real demand.

This followed an earlier advisory in which CISA explained how Russian state-sponsored cyber threats were targeting US critical infrastructure.

Ukrainian officials believe the cyber attacks against the Ukraine to be of Russian origin. Microsoft also warned late last week that the full scope of the attacks might not yet be known. Embassies in the UK, the US, and Sweden were also targeted.

Tensions in the area have grown considerably in the last few days as the US warns that a Russian invasion of Ukraine is probable. This is not the first time that the country would have attacked the Ukranian cyber infrastructure. It is also believed to be the culprit in an attack on the region's electrical grid in 2015.

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download