<img alt="" src="https://secure.hims1nice.com/151009.png" style="display:none;">
Skip to main content

Shields Up Security Guidance Issued | How to prepare for state-sponsored cyber threats

With the recent invasion of Ukraine by Russia, the Cybersecurity & Infrastructure Security Agency has issued ...

Cliff Embry
Posted by Cliff Embry
Shields Up Security Guidance Issued | How to prepare for state-sponsored cyber threats
image-3

In today's fast-paced business landscape, staying ahead of the competition requires efficient and effective solutions. According to Microsoft’s Work Trend Index, nearly 70% of employee report that they don’t have sufficient time in the day to focus on “work”, with more time being spent Communicating than Creating.

Microsoft 365 Copilot is designed, with Microsoft’s cloud trust platform at its core, to allow for employees to both be more productive, reduce the time spent searching for information, performing mundane tasks, and other low-value activities.

With the recent invasion of Ukraine by Russia, the Cybersecurity & Infrastructure Security Agency has issued “Shields Up” guidance for organizations and corporate leaders.

Experts suspect any state-sponsored attacks on the U.S. or NATO would most likely be designed to disrupt and destroy, rather than exploit organizations as we have seen recently. While ransomware is always a concern, these attacks typically take longer to set up and activate.

Below are a few well-known attack methods the U.S. is sure to see as retaliation for sanctions against Russia.

 

 

DDoS

Distributed denial of service attacks are already underway (mainly targeting Ukrainian websites) and are a known method of disruption used by Russia against other adversaries. This attack method overloads a network, server, or service by creating additional traffic to disrupt normal operations.

Protection against a DDoS attack takes the form of load balancers or content distribution networks. Firewalls can also be configured to drop traffic from attackers.

Cloud vendors such as Microsoft and Google have DDoS protection capabilities to monitor and mitigate this threat. While there are on-premises DDoS protection solutions, the best protection is cloud-based and can be attained by moving an app to the cloud or integrating to take advantage of cloud protection features.

 

Brute Force Attacks

This attack method hammers a system with login attempts from a bank of well-known passwords. If you are not familiar with rainbow table, you will probably be surprised to know any password less than 15 characters is available for purchase on the dark web. This means most of your organization is compromised if employees are not required to have a 15-character password.

MFA (Multi-Factor Authentication) is the best protection against these types of attacks and can stop over 99% of brute force attacks. Although there are reports of hackers circumventing MFA, it is rare and takes much more effort.

 

Website Defacement

When it comes to Russia, the term “propaganda” is front of mind. Disinformation is expected to be spread through means of website defacement in an attempt to deflect from other footage painting Russia as the “bad guy” or “weak.” This is expected not only within Ukraine, but also in the U.S, Europe, and other countries.

Weak admin passwords and overall website security make defacement possible. Other tactics such as SQL injection and utilizing vulnerable plugins can be used to circumvent security in some cases.

Start with enforcing strong passwords and removing unnecessary access and levels of access to websites. After that, have developers review the codebase and points of integration with other systems for vulnerabilities and remediations.

 

Phishing Campaigns

There is no better way to gain access to an organization than to receive an invitation.

Phishing is a means of tricking the end-user into clicking a link and providing their username and password to a fake site, essentially giving an attacker their corporate identity and access. While proactive mitigations such as MFA can certainly help prevent access, most organizations do not enforce MFA for on-premises workstation access. Once credentials have been obtained, the attacker might then look for privileged access by harvesting domain admin credentials sitting in LSASS memory, which is known as a MITRE attack.

Spam filtering is commonly thought to be the first line of defense for phishing. While it is critical, SPF, DMARC, and DKIM should be the first line of defense to lessen the load for spam filtering. URL and attachment scanning can protect users by detonating attachments and URLs in a sandboxed environment to ensure they are safe before allowing an end-user to open them.

Lastly, user education is an unavoidable defense for phishing protection. Not only should users be trained on how to handle suspect emails, but internal campaigns should be performed to track user education maturity.  This will provide valuable insight and help identify individuals that could use more training.

 

Where to start?

If you aren’t sure where to start, KiZAN can help. Azure MFA can be enabled rapidly and our Identity Security Accelerator can provide additional modernization like M365 Self-Service Password Reset and Seamless SSO, providing improved security and improving productivity as well.

Once MFA is enabled, ensure you are protected against DDoS attacks. KiZAN’s Cloud and Infrastructure team can help. DDoS basic protection is offered out-of-box with Microsoft Azure, but DDoS standard protection is recommended. KiZAN can help plan and justify for additional costs. But if you have not modernized your apps, KiZAN’s Web App Modernization offer is the place to start.

Next, start planning for email security. Contact KiZAN today for a review of SPF, DKIM, and DMARC and a demo of Microsoft Defender for Office Safe Links, Safe Attachments, Anti-phishing, and even attack simulations and campaigns.

Identity Security Accelerator

Implement Azure AD identity solutions for a more secure and productive end user experience. br>

 

KiZAN Logo Blue

 

KiZAN is a Microsoft National Solutions Provider with numerous gold and silver Microsoft competencies, including gold data analytics. Our primary offices are located in Louisville, KY, and Cincinnati, OH, with additional sales offices located in Tennessee, Indiana, Michigan, Pennsylvania, Florida, North Carolina, South Carolina, Georgia and Texas.