CISA warns organizations to isolate Ukranian traffic

A zoomed in photo of a world map showing Ukraine

The Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations working with Ukranian counterparts to isolate and inspect traffic from the region following this month's attacks on government networks there.

The Department of Homeland Security's cyber security unit made the recommendation in a CISA Insights document published earlier this week.

Ukraine government and embassies hit by "massive" cyber attacks Microsoft warns full scope of Ukraine cyber attacks ‘not fully realised’ Microsoft cut off entirety of Ukraine from its network during NotPetya attacks

"If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic," the document said.

IT personnel should be on the lookout for unusual network behavior, and organizations should have crisis response teams at the ready to handle cyber security incidents, CISA advised.

It has also urged companies to conduct tabletop exercises so that all team members understand how to quickly carry out their roles during an incident. It's also important to test backup procedures, it said.

CISA warned companies to patch software, introduce multi-factor authentication for all privileged systems, and disable non-essential ports and protocols. IT departments should review CISA's controls for securing cloud services, it added.

The agency warned about destructive malware in the Ukraine last week after Microsoft blogged about the use of Master Boot Record (MBR) wipers targeting government agencies there. The malware executes when victims power down the device and destroys all files, it said, leaving a ransomware note that serves as a ruse rather than a real demand.

This followed an earlier advisory in which CISA explained how Russian state-sponsored cyber threats were targeting US critical infrastructure.

Ukrainian officials believe the cyber attacks against the Ukraine to be of Russian origin. Microsoft also warned late last week that the full scope of the attacks might not yet be known. Embassies in the UK, the US, and Sweden were also targeted.

Tensions in the area have grown considerably in the last few days as the US warns that a Russian invasion of Ukraine is probable. This is not the first time that the country would have attacked the Ukranian cyber infrastructure. It is also believed to be the culprit in an attack on the region's electrical grid in 2015.

Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing.

Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.