News

CISA warns organizations to isolate Ukranian traffic

Security agency tells IT staff to be on alert following cyber attacks on Ukraine

20 Jan 2022

.polaris__post-meta--date { display: none; } .polaris__post-meta--date.no-script { display: block; padding-left: 45px } 20 Jan 2022

A zoomed in photo of a world map showing Ukraine

The Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations working with Ukranian counterparts to isolate and inspect traffic from the region following this month's attacks on government networks there.

The Department of Homeland Security's cyber security unit made the recommendation in a CISA Insights document published earlier this week.

"If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic," the document said.

IT personnel should be on the lookout for unusual network behavior, and organizations should have crisis response teams at the ready to handle cyber security incidents, CISA advised.

It has also urged companies to conduct tabletop exercises so that all team members understand how to quickly carry out their roles during an incident. It's also important to test backup procedures, it said.

CISA warned companies to patch software, introduce multi-factor authentication for all privileged systems, and disable non-essential ports and protocols. IT departments should review CISA's controls for securing cloud services, it added.

The agency warned about destructive malware in the Ukraine last week after Microsoft blogged about the use of Master Boot Record (MBR) wipers targeting government agencies there. The malware executes when victims power down the device and destroys all files, it said, leaving a ransomware note that serves as a ruse rather than a real demand.

This followed an earlier advisory in which CISA explained how Russian state-sponsored cyber threats were targeting US critical infrastructure.

Ukrainian officials believe the cyber attacks against the Ukraine to be of Russian origin. Microsoft also warned late last week that the full scope of the attacks might not yet be known. Embassies in the UK, the US, and Sweden were also targeted.

Tensions in the area have grown considerably in the last few days as the US warns that a Russian invasion of Ukraine is probable. This is not the first time that the country would have attacked the Ukranian cyber infrastructure. It is also believed to be the culprit in an attack on the region's electrical grid in 2015.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1646933598/itpro/Whitepaper%20covers/build_a_hybrid_workplace_that_works_thumb.png { display: none !important; }

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1649690248/itpro/Whitepaper%20covers/digitalavertisingoraclethumbnail.png { display: none !important; }

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1649081528/itpro/Whitepaper%20covers/Ransomware_and_Microsoft_365_For_Business.png { display: none !important; }

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1651142968/itpro/Whitepaper%20covers/Building_A_Modern_Strategy_Thumbnail.jpg { display: none !important; }

Free Download