Practical Steps for Responding to the CISA Warning on Russian Cyber Attacks

On February 25, 2022, two days after Russia began its military invasion of Ukraine, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a rare ‘Shields Up’ warning for U.S.-based organizations, stating: “Every organization—large and small—must be prepared to respond to disruptive cyber activity.”

The Shields Up warning is in direct response to increased Russian cyber aggression against Ukrainian and other targets in the region, including recent distributed denial-of-service (DDoS) and malware attacks. In addition to the possibility of disruptive nation-state activities affecting U.S. targets, CISA also warned of an increase in cyber attack activity against U.S. organizations from Russia or hackers acting on Russia’s behalf.

The need for this warning was amplified by recent events, including the hacking of over twenty U.S.-based natural gas companies by Russian Intelligence two weeks before the Russian Army invaded Ukraine. With the CISA warning, this recent evidence, and what we know from past attacks against Ukraine it would be irresponsible for organizations to ignore CISA’s warning.

Download ExtraHop’s guide to responding to CISA’s Shields Up warning.

To help organizations prepare for a possible attack, it’s important to first, understand the types of attacks organizations should be watching for.

Russian Cyber Attacks and To Watch For:

Given the speed at which the war against Ukraine is progressing, in the immediate future, attacks are likely to be fast, hard-hitting, and focused on disruption and destruction. Here are some of the attacks to monitor closely.

Distributed Denial of Service (DDoS)

DDoS attacks aren’t new or particularly sophisticated, but they’re still effective at stopping work at government agencies and commercial enterprises in its tracks. Russia has used these attacks before. For example, in 2008, during the country’s conflict with Georgia, Russia or another party closely affiliated with the Russian government launched DDoS attacks against the Georgian government and Georgian news agencies.

It’s not surprising, then, that on February 15, 2022, DDoS attacks were launched against two of the largest Ukrainian banks…