As the world watches the events unfolding in the conflict between Russia and Ukraine, the cybersecurity community has been keeping a close eye on the effect it’s having on cyberattacks and the current threat landscape.
We recently sat down with Barracuda CTO Fleming Shi to get his insights on the impact our analysts and researchers have seen so far on the volume and types of cyberattacks in recent weeks and what organizations can do to stay prepared.
Q&A with CTO Fleming Shi
Have we seen an increase in threats since the conflict started?
At this point, we have not seen an increase in terms of the volume of attacks. I’ve been monitoring our Threat Index, which measures the number of weaponized links and attachments, and the overall volume of attacks hasn’t changed. I was expecting more, but that hasn’t been the case so far. Our security operations center (SOC) team has seen a spike specifically in DDoS attacks from Russia, though, and that’s something we’re actively monitoring.
Are there certain types of threats you’re keeping an eye on?
Yes, we’ve been tracking the different types of destructive malware that have emerged over the past several weeks. I think these destructive malware attacks will become more common for the time being because in the current atmosphere, attackers want to cause as much disruption as possible without being traceable. Ransomware attacks are associated to a digital wallet or some type of collection mechanism, which is absolutely traceable. So, a lot of the attacks happening right now are destructive malware attacks.
For example, the one indicator of compromise (IOC) that Microsoft has been talking about, we have been tracking since mid-January when it started proliferating on the internet. As soon as we got the signals, our solutions were informed immediately because they’re connected to our threat intelligence platform so we could protect customers from the attacks as soon as possible.
With this type of malware, there's two stages. The first stage is getting into the system. Then, it basically constructs the rest of the malware, slowly bringing in different parts. During that initial phase, it's very invasive. Once it has all the pieces it needs, it will destroy your boot record and your capability of loading the file system. If it gets to that degree, where it's deploying and detonated in your environment, unfortunately there's no way to get your data back.
What should businesses do to prepare for an attack?
I think the key here is the level of urgency organizations apply to security awareness training and ensuring the level of protection they have in place across multiple threat vectors, from email security to application infrastructure. Backup and the ability to restore your files and your system if you’re hit with destructive malware is also important. It's all about being able to recover.
It's important to continue to pay attention to the attacks that are happening, so you can stay prepared and watch for warning signs. What I'm most concerned about is that in many cases attackers have been in the system for a while, either through supply chain attacks or stolen credentials, and they’re just waiting to take the next step. But, they don't have to take the next step in a very noticeable manner. They can be slowly taking data from you and causing problems, so it's important to cover your bases, just like you would to protect against ransomware.
Where can people go to learn about steps to take to protect against the heightened risk of cyberthreats?
Anne Campbell is the public relations manager for Barracuda. She's been with the organization since 2014, working on content and public relations for Barracuda MSP, the MSP-dedicated business unit of Barracuda. She started her career in newspaper and magazine journalism, and she brings that editorial point of view to the work she does, using it to help craft compelling stories.