By request of President Biden for all US companies to pull out of Russia, what cyberattacks will these companies face during their rapid departure?
Global security analysts and technologies continue to monitor ongoing cyber-attacks against firms departing Russia because of the ongoing war in Ukraine. Companies attempting to leave now face a massive uptick in cyberattack activities including an increase in email phishing attacks, social engineering, and brute force attacks. Specifically, ransomware attacks are increasing against many of these departing companies. Ransomware is often spread through phishing emails that contain malicious attachments.
For organizations still in Russia, Anonymous, a global hacking consortium, threatened any companies still operating in Russia will be attacked.
“We call on all companies that continue to operate in Russia by paying taxes to the budget of the Kremlin’s criminal regime: Pull out of Russia! We give you 48 hours to reflect and withdraw from Russia or else you will be under our target!”
CISOs and CIOs with very little on their side are relocating their data, systems, and users out of Russia at a rapid rate. Many global companies have redundant data centers and backup data across the globe. However, with the rapid re-deployment of the users and systems, these elements most likely contain ransomware and other forms of malware embedded by Russian hackers or other global cybercriminals.
As companies depart Russia, organizations may redeploy their applications across various cloud providers or return to their internal data centers. Enabling Airgap Networks Zero Trust Isolation™ functionality, clients will establish multiple policy-based routing rules per user access. By centralizing the global policy rules, this will simplify the access control with real-time identity authentication for the entire enterprise regardless of location.
During the tech worker exodus out of Russia, adversaries or formal disgruntled employees may attempt to take advantage of a weakness or a known vulnerability in the Internet-facing application to cause unintended or unanticipated behavior and execute arbitrary code on the hosting machine. The weakness in the system can be a bug, a glitch, or a design vulnerability.
These applications are often websites but can also include databases and standard services like SSH or RDP, network device administration and management protocols and any other applications with Internet accessible open sockets, such as web servers and related services.
Airgap Networks’ Secure Asset Access keeps application network infrastructure hidden from the users and protects from RDP or SSH-Based protocol vulnerability. This zero-implicit-trust approach enables the organizations instant multiple layers of firewall and access control checks without disruption.
Hosts and assets in the data center and the cloud will only accept connections originating from the SAA platform. All other connections will be dropped including rogue attempts from Russian hackers.
Ransomware attacks from Russia can strike at any time. In most cases, the malware may already have been implanted months before the attack. In case of data exfiltration, protecting business crown jewels by securing data access with enforced red alert policies on all communication combining ransomware kill switch and secure asset access platform for all application isolation in case adversaries bypassing from other non-sanctioned domains.
Many components of the corporate infrastructure will face increases in attack vectors including storage and cloud instances within AWS, Google, and Azure. Within cloud instances several elements of the control plane or data planes continuous face attacks including:
Infrastructure Security: network Layer 3 segmentation, cloud network security tools, and current network security controls
Network Security: Network perimeter, VPN access services, and layer 2 private VLAN access. Perimeter security protection, including IDS/IPS, cloud assets collection.
Data Center Provisional Services: containers, Kubernetes instances, and DNS
Regardless of legacy storage architectures, hackers have successfully erased backups, impersonated a rogue host recovery server, and even took their own snapshots of data by stealing credentials from the storage admins.
Micro-segmentation and physical separation of data help ease these challenges. Isolation by compartmentalization of the storage and cloud assets is critical to stop ransomware propagation and data exfiltration.
Clients deploying Airgap Networks’ agentless micro-segmentation along with the proactive Ransomware Kill Switch™ can stop the immediate lateral threat propagation. Airgap Networks examines any existing inter- and intra-VLAN communication and cuts off all communications from Russia to any other branch domains not defined ahead of time by the autonomous policy engine.
Based in Santa Clara, Calif., Airgap Networks delivers an Agentless Zero Trust Segmentation platform that ringfences every endpoint and prevents ransomware propagation. Airgap’s unique and patented Ransomware Kill Switch™ is the most potent response against ransomware threats. And Airgap offers a scalable solution for remote access using Zero Trust principles. https://airgap.io