Russia-Ukraine Conflict: Initial Report for BreachBits Customers
On 24 February, 2022, we provided the following information to our active customer base regarding the deteriorating security situation in Russia & Ukraine as it relates to malicious cyber activity.
We will continue to keep our BreachRisk™ customers informed of "the hacker's perspective" by monitoring and communicating risk with BreachRisk™ Score and BreachRisk™ Report.
This report is based on the initial information we are receiving through open-source reporting, closed-sources, our observations and experience as military cyber warfare veterans, risk managers, and business leaders.
It is our goal to continue to keep our BreachRisk™ customers informed of "the hacker's perspective" by monitoring and communicating risk with BreachRisk™ Score and BreachRisk™ Report. Since our customers also have stakeholders, these metrics are always ready to be shared using the dashboard with those stakeholders to enable efficient risk discussions.
We are postured to incorporate new threats instantly across our entire BreachRisk™ customer base.
Although the BreachRisk™ scanning, testing, and rating calculus already includes what we believe to be the most likely threats to businesses during this situation, it is common for new attack techniques to emerge - and we are postured to incorporate new threats instantly across our entire customer base.
Date: 24 February, 2022
From: BreachBits, Inc.
To: BreachRisk™ Customers (via email)
Subj: BreachBits Update On Cyber Risks Associated With Russia-Ukraine Conflict
We are closely monitoring the worsening security situation between Ukraine and Russia, specifically the tactics and techniques used by malicious cyber actors. For our Customers: we continue to prepare you for any escalation or residual impacts.
While many U.S. companies targeted by attacks in recent months have been found in U.S. critical infrastructure sectors, such as the Defense Industrial Base, we recommend all organizations stay vigilant as the situation evolves. You should seek multiple sources of advice, and we will continue to provide you with the risk management and attacker's perspective.
What Attackers are Doing
In the past months, Russian actors have most commonly relied on three tactics to gain unauthorized access to targeted organizations. These are:
exploiting known vulnerabilities in exposed services (primarily virtual private networks and mail servers)
using brute-force tactics and exposed credentials to gain unauthorized access to exposed cloud and hosted services
spearphishing to steal legitimate credentials or deliver malicious payloads
What We are Doing
As a BreachRisk™ Customer, the good news is that we continue to scan your public-facing attack surface for some of the same threat vectors that Russian actors are leveraging to target U.S. organizations. We will continue to identify threat vectors associated with the most common vulnerabilities used by Russian actors (tactic 1 above) and where brute-force or exposed credentials could be used (tactic 2).
If you have enabled Penetration Testing in your BreachRisk™ Dashboard, we will test these threats during each BreachRisk™ assessment, just as Russian actors would if your organization were targeted. You can find a list of these threat vectors in your BreachBits Dashboard.
What You Can Do
We strongly recommend that all organizations:
Enable Penetration Testing in your BreachRisk™ Dashboard
Ensure that virtual private networks, email solutions and other exposed services remain up-to-date with the most recent security patches
Ensure multi-factor authentication and strong password policies are in place, especially on systems that could impact your business operations.
We will continue to communicate with you as the situation develops. If you have any questions or concerns, please do not hesitate to contact BreachBits Support at firstname.lastname@example.org.
The BreachBits Team
As a reminder, we cannot predict all threats. We encourage all organizations to ensure that their business can recover and continue even if affected by a service disruption, data breach, ransom, or other cyber attack.
We will continue to communicate with our customers and stakeholders. Inquiries may be directed to email@example.com.