Western governments jointly warned about a potential threat of increased malicious cyber activity by Russia against critical infrastructure as a response to sanctions imposed as punishment for its invasion of Ukraine.
The cybersecurity agencies of the United States, Britain, Australia, Canada, and New Zealand – which together form the Five Eyes intelligence-sharing alliance – said the war could expose organizations everywhere to cybercrime.
Russia’s invasion of Ukraine involved cyber-attacks as well as military bombardment. Initial cyber-attacks hit Ukraine’s government and important infrastructure organizations shortly before bombs and bullets started hitting targets on the ground. As the fighting continues, cyber-attacks continue – on both sides of the war.
The targets aren’t necessarily close to the fighting.
As countries continue sanctions against Russia’s actions in Ukraine, we may see Russian-based or supported hackers ramping up online attacks on businesses operating in countries imposing the restrictions.
Russia might try to disrupt financial systems and crucial infrastructure such as the power grid or oil production to put pressure on the U.S. to relent on sanctions, said Saryu Nayyar, CEO of security firm Gurucul.
Cyber-attacks are an unfortunate and dangerous reality. Recognizing that one could happen to you or your credit union is crucial. And it is the important first step to protecting yourself and your members.
Just as you should with your personal accounts, business accounts need monitoring regularly for unauthorized access and charges. Aside from data breaches which can give the bad guys access to member files, credit unions and other financial institutions are attractive targets for more significant coordinated attacks.
Cyberattacks happen every day to companies large and small. The bad guys’ technology doesn’t change much based on the size of the business they are attacking. If you haven’t taken measures to secure your credit union, your members and your business are in very real danger.
Monetary losses to cybercrime are estimated at $6 trillion worldwide, and that number is growing at an astounding rate. Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years. Cybercriminals operate wherever and whenever they want. Making matters worse, they take advantage of online commerce, shopping, web-based payment systems, and supply chains.
This article will address items to keep in mind for staying safe online. Of course, your IT team and network administrators are vital to providing and maintaining your computer networks. Everyone who uses a computer at your credit union is part of your computer security’s “front line.” As such, they should be trained (and reminded!) on how they can keep your credit union, its data, and that of its members safe.
One of the most common ways for cybercriminals to gain access to business networks is through employee emails. What appears to be an email coming from a trusted source offering information on everything from COVID-19 updates or weather to shopping can be malware creating an opening for criminals seeking to infiltrate your computer systems. Anyone who logs in to your secure server with a compromised devise (even a cell phone) can unknowingly unleash this malware, giving criminals access to sensitive data.
The FBI offers these tips for basic ways to keep your computer system safe:
- Require password/passphrase updates frequently.
- Activate two-factor authentication.
- Make sure all data is encrypted.
- Ensure every computer accessing your system has antivirus and antispyware installed and updated.
- Ensure the computer operating system, browser, software, and applications are current. Set them to update automatically.
- Keep your firewall on at all times.
- Be careful what you download.
- Turn off your computer.
Many of us tend to leave our computers on so that we can immediately begin work at the start of a day or after a break. The FBI warns explicitly against this. “Turning the computer off severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.”
A very basic step to protect your important information is to back it up – to a cloud, to a server, to a hard drive not connected to the network, or even a flash drive. If you need it in an emergency or rely on it every day – back it up!
Third-party vendors aren’t immune to the actions of cyber-criminals. Many are attacked or compromised to gain access to larger businesses. Most businesses rely on vendors for assistance in day-to-day operations, for everything from cloud backups or storage to software providers. So it is essential that their security measures are also up to date. Make sure your operating agreement with each obligates them to notify you of any security or data breach immediately.
The most significant cyber threat to your credit union and all other businesses is ransomware. Ransomware is exactly what the name implies – a cybercriminal essentially gains access to your computer system, encrypts it, and holds it for ransom. They demand payment before releasing an encryption code to allow you to regain access and control of the system. While this threat is far from new, it has been in the news recently due to attacks on high-visibility targets, including meat supplier JBS USA, and for shutting down the Colonial Pipeline, which resulted in skyrocketing gas prices across the country.
The U.S. Department of Homeland Cybersecurity and Infrastructure Security Agency (CISA) says cyber-attacks are surging and increasingly targeting smaller businesses. The head of CISA says the country should be prepared for “an uptick in ransomware” as the Russian invasion of Ukraine continues.
Ransomware attacks halt business operations, hurt reputations, endanger customers, and are costly in hardware and software needed for businesses to rebuild their networks. They are also expensive in huge ransom payments. CNA Financial, the seventh-largest commercial insurer in the US, paid $40 million to ransomware attackers. The FBI estimates ransomware attacks accounted for at least $144.35 million in Bitcoin ransoms from 2013 to 2019.
According to Cybersecurity Ventures, ransomware attacks are the fastest-growing cyber threat. They estimate a business is hit by a ransomware attack every 11 seconds. And what’s worse, the frequency of ransomware attacks on governments, businesses, consumers, and devices is expected to continue to rise over the next five years and reach an attack frequency of every two seconds by 2031.
The FBI relies on businesses to contact them when they have experienced cyberattacks, especially if it involves ransomware. No state is immune, although the number of victims in some areas is higher. These areas experience more ransomware losses as a result.
According to security software maker PC Matic the top five states experiencing major ransomware attacks:
While these heavily populated states are also home to major corporations, not all ransomware attacks are targeting large cities. Montana, Connecticut, and Alaska have been hit by ransomware attacks that impacted even more people on a per-capita basis. The reason? Smaller communities and businesses often are underfunded and not as likely to have extensive security in place to protect from hackers.
The FBI’s Internet Crime Complaint Center tracks all types of internet crime, scams, and attacks, including those that involve ransomware. The FBI recommends against paying a ransom and suggest reporting ALL cyberattacks to local law enforcement and the FBI’s cybercrime unit.
Should you fall victim to a cyberattack, here are the steps you should take immediately, courtesy of CISA:
Determine which systems were impacted and immediately isolate them.
- If several systems or subnets appear impacted, take the network offline at the switch level. It may not be feasible to disconnect individual systems during an incident.
- If taking the network temporarily offline is not immediately possible, locate the network (e.g., Ethernet) cable and unplug affected devices from the network or remove them from Wi-Fi to contain the infection.
- After an initial compromise, malicious actors may monitor your organization’s activity or communication to learn when their actions are detected. Be sure to isolate systems in a coordinated manner and use out-of-band communication methods such as phone calls or other means to avoid tipping off actors that they have been discovered and that mitigation actions are underway. Not doing so could cause actors to move laterally to preserve their access—already a common tactic—or deploy ransomware more widely before networks go offline.
Only if you are unable to disconnect devices from the network, power them down to avoid further spread of the ransomware infection.
- Please Note: This action will prevent you from maintaining ransomware infection artifacts and potential evidence stored in volatile memory. It should be done only if it is not possible to temporarily shut down the network or disconnect affected hosts using other means.
Triage impacted systems for restoration and recovery.
- Identify and prioritize critical systems for restoration and confirm the nature of data housed on impacted systems.
- Prioritize restoration and recovery based on a predefined critical asset list that includes information systems essential for health and safety, revenue generation, or other vital services, as well as systems on which they depend.
- Keep track of systems and devices that are not impacted. Deprioritize these systems and devises for restoration and recovery. This will enable your credit union to get back to business in a more efficient manner.
Consult with your incident response team to develop and document an initial understanding of what has occurred based on the initial analysis.
Engage your internal and external teams and stakeholders to understand what they can provide to help you mitigate, respond to, and recover from the incident.
- Share the information you have at your disposal to receive the most timely and relevant assistance. Keep management and senior leaders informed via regular updates as the situation develops.
Once the attack is contained, it is imperative that you follow your crisis plan for notifying your members of
- what has happened,
- how your credit union addressed it,
- what the credit union is doing to prohibit another attack, and
- what (if any) next steps they should take.
Following a data breach last year, one Oklahoma financial institution offered its account holders a free year of credit monitoring to watch for any unauthorized use of their accounts. Showing members that you are proactively looking out for their security while protecting the credit union will reassure them that you protect them and their financial futures.
As we watch daily developments in the Russian/Ukraine fighting, one way we can all protect ourselves is through being aware of possible cyber-attacks and knowing what to do should a cyber-criminal gain access to your credit union.
John Deveney, ABC, APR, Fellow PRSA, IABC Fellow is recognized internationally for crisis and issue management across a variety of industries.
In 2006, John was honored as “Agency Executive of the Year” by PRNews after he served as the first responder managing media during hurricanes Katrina and Rita — from the evacuation of the city to a military blockade and the aftermath — for both the tourism industry for New Orleans and the Louisiana Office of Tourism. He led the only on-site communication operation and media center that managed more than $400 million in media scrutiny in war-like conditions.
In 2010, John and his team created the strategy and led the team that managed the state Department of Culture, Recreation and Tourism’s response to the BP oil spill. That effort reshaped public perception and preserved Louisiana’s $9.4 billion tourism industry.
DEVENEY has been named PR News’ Firm of the Year and PRWeek’s Top 5 Boutique PR Firms in the country. John is in the PRNews’ Hall of Fame and is the only professional ever to merit the lifetime achievement recognition of being inducted into both the PRSA College of Fellows and IABC Fellows. To learn more, visit us at www.deveney.com.