Experts have warned that the Russia-Ukraine conflict poses an unprecedented cyber risk for U.S. organizations as well as State and local governments and municipalities. At the end of January, the Department of Homeland Security issued an intelligence bulletin warning that Russia has the capability to carry out a range of attacks, from denial-of-service attacks on websites to disrupting critical infrastructure like power grids.
With the conflict in Ukraine continuing, all enterprises – big and small – should be on high alert for an increased effort of cyberattacks from foreign nation states.
The Cybersecurity and Infrastructure Security Agency (CISA) Shields Up campaign further emphasizes precautionary measures in a recent warning saying, “Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies. Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
The Precedent of Russian Cyberattacks
If recent history bears any indication, there are many ways Russia could take to cyberspace as a retaliatory effort against recent U.S. sanctions.
Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy. Some of the biggest cyberattacks against US infrastructure in the past two years have been linked to suspected adversarial nation states, like Russia. The list includes:
- The SolarWinds hack that infiltrated several government agencies in 2020
- The Colonial Pipeline ransomware attack in May 2021 that interrupted fuel supplies across several southern U.S. states
- The ransomware attack on meat giant JBS in May 2021
CNN clarified that while many online attacks can’t directly be linked to the Russian state, there’s a widespread belief that hackers operate with Russia’s blessing.
However, The Russian government understands that disabling or destroying critical infrastructure — including power and communications — can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives, CISA says. (Security Magazine)
Earlier this year the White House backed Ukrainian claims that Russia was responsible for the distributed denial of service (DDoS) attacks in Ukraine, which affected two state-owned banks and the country’s ministry of defense.
Take Steps to Quickly Detect a Potential Intrusion
CISA’s Shields Up site recommends a number of actions that all organizations, municipalities, and cities should take to adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. These include:
- Reduce the likelihood of a damaging cyber intrusion
- Take steps to quickly detect a potential intrusion
- Ensure that the organization is prepared to respond if an intrusion occurs
- Maximize the organization’s resilience to a destructive cyber incident
No tool can entirely prevent ransomware or novel cyberattacks from foreign nation states but MixMode can be a powerful weapon in the enterprise Cybersecurity arsenal. The platform employs advanced, third-wave AI to analyze data streams within and across every network entry point, establishing a generative baseline of expected network behavior as it evolves. City government and municipality SOCs equipped with MixMode gain insight into granular details like what users are clicking on, whether firewalls are performing adequately, and the effectiveness of newly installed security fixes.
MixMode vs. Foreign Nation State Cyber Threats
Unlike legacy platforms, MixMode examines intercommunication and incorporates these behaviors into its continually evolving understanding, allowing it to identify attacks as soon as a deviation of observed behavior occurs.
In a conversation with MixMode’s Head of Sales and Alliances, Geoff Coulehan, discusses how MixMode did in fact help a large U.S. municipality detect bad actors from foreign nation states.
“We were approached by one of the nation’s largest municipalities who had spent the last three years deploying what they described as best of breed technologies,” said Coulehan. “This particular municipality was approached by the Federal Government because the Federal Government had gone to reach out to large municipalities to communicate that there was intelligence about a significant uptick in exfiltration activities coming from foreign nation states.”
Coulehan further describes that on the first review of their network, the AI had surfaced so many high level threats and anomalies with supporting context that it warranted an immediate Incident Response (IR) for the municipality. MixMode’s self-supervised AI was able to quickly identify these threats quickly without any human operator, without any tuning, training or maintenance, and without any historic data.
Watch the video here:
In real-time, MixMode can detect even small deviations from expected network behavior th. Retroactive log-based solutions like SIEM are no match for emboldened foreign nation bad actors and ransomware attackers. Instead of waiting for an infection to be spread far enough to be detected and alerted on — a process that can take days or weeks — MixMode delivers alerts within minutes.