Operational Readiness and Response to the Ukraine Crisis
Over the past several weeks, the world has witnessed geopolitical tensions between Russia and Ukraine escalate. Today, those tensions have bubbled over with the Russian president announcing a military operation in Ukraine. Akamai’s thoughts are with all the Ukrainian citizens and residents, as well as everyone affected by these actions. While the physical toll of violence is the most devastating aspect, the cyberthreats escalating with this crisis have the potential to be highly disruptive to everyday life as we know it. As a company dedicated to powering and protecting life online, it is our responsibility to take on these threats on behalf of organizations worldwide and the billions of people they serve.
Akamai is closely monitoring reports of increased Russian cyber activity from threat research groups, including Unit 42. And groups like the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have advised that businesses and government agencies put their Shields Up to prepare for cyber attacks that could disrupt, disable or destroy U.S. critical infrastructure. Akamai’s security and network teams use our vast view of internet activity to closely monitor and act upon potential cyber threats, and we are taking appropriate measures to review our defensive posture and ensure the integrity of Akamai systems and the Akamai network.
In situations like these, there is no singular action any organization can take to protect themselves. Recommendations, like those published by CISA, are broad but appropriate given the variety of tactics threat actors have used in the past. It is important to understand that threats will not necessarily originate from Russia and Ukraine, but will utilize familiar attack methods and vectors.
Akamai recommends that organizations prioritize actions in the following areas:
Operational Readiness for a DDoS Attack
There are five key areas of emphasis in developing and maintaining operational readiness to mitigate DDoS attacks. These include conducting service validations, confirming authorized mitigation service contacts, reviewing and updating runbooks, performing operational readiness drills, and updating your emergency methods of communications. Businesses with a DDoS mitigation resource in place should also review and refresh processes for how to route on and off of their service. If you require immediate assistance in the face of a DDoS attack, Akamai has security operations experts standing by to help.
Blocking traffic from regions where threats are known to originate is also an option. There are a variety of tools that can be used to implement geography-based blocking rules, but a common tool is a WAF. In this case a business would implement custom WAF rules to match on certain GeoIP attributes to block a region. This method will not be 100% effective and should not be relied upon exclusively. Akamai has a WAF solution that can help implement geo-blocking.
Patch Vulnerable Systems
Regularly reviewing operating systems, software, applications, and network components for vulnerabilities that could allow a malicious user to access your system and cause damage is critical. Many servers, especially those in high-risk environments such as directly accessible to the internet, may already have been compromised before security teams detect the threat. When patching cannot be done quickly enough, a web application firewall (WAF) can buy time for an organization. Akamai continues to update our web application firewall (WAF) rules to provide protection against known exploits and their variants. While WAF protections can be highly effective for web servers, organizations must also consider alternative avenues of attack that may have led to compromise. To that end, we recommend employing microsegmentation to gain visibility to possible exposure and to reduce risk and spread.
Segment Your Network to Protect Against the Threat of Ransomware
Segmentation is one of the most important steps you can take to improve your cyber resilience and prevent the spread of ransomware. There are five phases of ransomware defense: Prepare, Prevent, Detect, Remediate, and Recover. Akamai Guardicore segmentation offers tools and expertise to help reduce the likelihood and impact of ransomware events. For businesses that might need supplementary bandwidth or expertise, Hunt services offered by Akamai’s team of security experts help businesses rapidly implement these five phases of ransomware defense.
For additional information on the steps you can take to protect your organization, these are some helpful resources:
https://www.cisa.gov/uscert/ncas/alerts/aa22-011a | Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
https://www.cisa.gov/shields-up | Steps to Reduce Cybersecurity Risk
https://www.cisa.gov/sites/default/files/publications/cisa_insight_mitigating_foreign_influence_508.pdf | CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure
https://www.cisa.gov/uscert/russia | Russia Cyber Threat Overview and Advisories
https://www.mandiant.com/resources/protect-against-destructive-attacks | Proactive Preparation and Hardening to Protect Against Destructive Attacks