Current events in Ukraine have created heightened cybersecurity concerns. For this reason, CISA (Cybersecurity and Infrastructure Security Agency) issued a rare “Shields Up” alert for all organizations to be prepared to respond to disruptive cyberactivity. Notably, CISA is recommending the following actions for all corporate leaders, including CEOs (Chief Executive Officers):
-
- Empower Chief Information Security Officers (CISO)
- Lower reporting thresholds
- Participate in a test of response plans
- Focus on continuity
- Plan for the worst
For details regarding each CISA recommendation, please refer to the Shields Up alert, 5 Urgent Cybersecurity Actions for Executives.
The following news stories show how threat actors are targeting infrastructure, services, and government in Ukraine:
Phishing emails target Ukrainian infrastructure
As reported by Avast, attackers targeted local communication infrastructures, network providers and other services. According to Avast, emails with malicious attachments were sent to accounting departments. These attachments, either .pdf or .docx, contained password-stealer malware, such as FormBook or AgentTesla and RATs (Remote Access Tools). The phishing emails had subject lines related to payments and invoices such as:
-
-
- SWIFT payment
- Invoice Payment: MT103_Swift Copy
- Wire transfer to your company account
- RE: Purchase Order
- RE: Transfer Confirmation
-
Image: Avast
Proofpoint identifies phishing campaign targeting European government personnel
Attackers are possibly using a compromised Ukrainian armed service member’s email account to target government personnel tasked with collecting refugee movement information in Europe According to Proofpoint, the malicious emails included a macro attachment which used social engineering themes pertaining to the Emergency Meeting of the NATO Security Council.
In this heightened cybersecurity environment, security awareness and training are even more important. In view of this, CISA recommends that “all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
The Social-Engineer Risk Assessment Can Help You Protect Your Organization
The Social-Engineer Risk Assessment (SERA) helps organizations evaluate their unique attack surface for social engineering attacks. With SERA, you have the option of an Open Source Intelligence (OSINT) investigation of your company, and high-value internal personnel. We collect data from publicly-available sources such as social media platforms, public records, interest, and hobby sites, as well as other online databases. From the data we collect, we then search for information that would enable a threat actor to perform targeted attacks against your employees. We also seek out vulnerabilities that would give an attacker access to your facilities, accounts, or other sensitive information. We can perform a Social Engineering Risk Assessment against your company as a whole or against a single individual. Our sources range from open-source Clearnet all the way to DarkWeb resources and tools. 
After we complete OSINT, you have the option for us to perform both phishing and vishing attack vectors on the target. We can gear these attacks toward testing your infrastructure as we do in an adversary simulation, or informational only. In fact, this service is completely customizable by you and for your organization.
Please contact our team today for a quote.
