Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave’s Action Response: Russia-Ukraine Crisis – Defending Your Organization From Geopolitical Cybersecurity Threats

Feb. 28 Update: The latest economic sanctions imposed upon Russia could inspire that nation or cyber groups working to support Russia to lash out against Western targets. With that in mind, Trustwave SpiderLabs wants to reiterate that all organizations must remain vigilant and, if they have not already done so, redouble their efforts to fortify their networks against a cyberattack due to the ongoing Russian attack on Ukraine.

Trustwave security and engineering teams are on heightened alert and are actively monitoring malicious cyber activity associated with and adjacent to the escalating military conflict between Russia and Ukraine. Trustwave is working closely with its clients around the world to enhance cyber preparedness during this time.  

Organizations that operate in high-value, critical industries such as banking, critical infrastructure (energy, oil and gas, etc.) and supply chain should especially elevate their cyber posture during this time. 

We have engaged our security teams across our global footprint to continuously harden our own cyber resilience and ensure service continuity for our clients as events unfold.  

As the situation evolves and additional threat intelligence becomes available, we will continue to proactively detect and respond to emerging threats.  

In addition to monitoring for cyberattacks and malware use during this time, the elite Trustwave SpiderLabs team is actively monitoring for phishing, social engineering techniques and Dark Web chatter associated with these events to further enhance cyber detection and response for our clients. For MSS clients that have managed solutions by Trustwave, we are validating available detective and preventative policies are deployed and are conducting historical searches for associated activity. 

Trustwave is prepared to issue a swift response and assist any organizations that fall victim to cyberattacks associated with these geopolitical events.  

Act Now: Government Agency Guidance to Prepare for Potential Threats  

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued multiple alerts associated with potential malicious nation-state cyber activity. CISA recommends all organizations – regardless of size – adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. 

Trustwave encourages all organizations to follow CISA’s “Shields Up” guidance, which can be found here

CISA has specifically provided guidance and resources for critical infrastructure organizations, which could be particularly targeted during this time:  

"The Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country's government, military and population and accelerate their acceding to Russian objectives," CISA said. 

Organizations across regions should also review the following guidance from CISA’s partner agencies:  

What Type of Organizations Are at a Higher Risk During this Time 

Organizations with business dealings with Ukrainian and Russian firms should take extra care to monitor, inspect and isolate traffic from organizations in that geography and closely review access controls for that traffic. Again, organizations that operate in high-value, critical industries such as banking, critical infrastructure (energy, oil and gas, etc.) and supply chain should especially elevate their cyber posture during this time. 

Nation-state or associated actors may have capabilities and intentions beyond those of a run-of-the-mill cybergang that are just looking to make a profit. With enough time and money, a nation-state is likely to succeed in gaining access, so it is imperative that organizations have a robust plan to detect and respond to a breach or major event. 

It is also essential to keep in mind that threat actors do not always have financial gain in mind when launching an attack. There are times when a threat actor simply wants to break something, hinder operations, and cause chaos for geopolitical or ideological reasons. 

All organizations should practice their response plans and remain vigilant. 

Stay Alert: New Malware and Malicious Tooling Emerging  

Organizations should also be aware of the new or repurposed malware tools now in the wild. The Russian-linked threat actor, dubbed Sandworm or Voodoo Bear, is using a “large-scale modular malware framework” that the cyber agencies have dubbed Cyclops Blink. Cyclops Blink has largely replaced the VPNFilter malware in Sandworm’s activities since at least June 2019. You can read the advisory from the National Cyber Security Centre here

Additionally, according to ESET Research, Ukrainian organizations have been hit by a cyberattack that involved new data-wiping malware called HermeticWiper. The malware has impacted hundreds of computers across networks.  

This malware attack followed a wide-scale distributed denial-of-service (DDoS) that took many important Ukrainian websites offline.  

Trustwave Nation-State Threat Defense Insights and Recommendations

The playbook organizations should use to keep safe from a nation-state or associated cyberattack during this time remains the same. Having the cyber fundamentals in place is critical now more than ever. Here are some of our top recommendations for organizations, in line with the guidance provided by leading government cyber agencies:   

  • Ensure that cybersecurity/IT personnel focus on identifying, detecting, assessing and responding to any unexpected or unusual network behavior.   
  • Conduct proactive threat hunting to ensure unknown threats are not lurking within your environment. 
  • Conduct an asset audit focusing on assets that have external access; eliminate stale accounts and check privileged access. 
  • Conduct a third-party vendor / supply chain assessment. Focus on those places where third parties have access to your environment. Ensure no old entry points are left open.  
  • Institute multi-factor authentication (MFA) for internal and external users. Check that passwords are strong. 
  • Bring your workers to a higher state of alert, tell them to triple check links and attachments in emails before clicking to guard against phishing attacks.
  • Deploy an effective endpoint detection and response (EDR) solution.
  • Conduct crisis simulations to ensure all parts of your organization are prepared to respond to a major cyber event, not just IT staff. 

The Long-Term Cyber Impact Trustwave is Keeping an Eye On 

There is a possibility that the malware and other techniques attackers use will eventually make their way into the hands of conventional threat actors. 

It is not uncommon for malicious code to get sold, traded, dispersed and then used for attacks against targets across industries like retail, e-commerce, etc. This activity might not take place for several months. Trustwave is actively monitoring for malicious techniques and code collaborations and sales on the Dark Web.   

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo