- The cyberthreat landscape for U.S. companies has changed irrevocably due to the military invasion of Ukraine and the new sanctions against Russia, according to a report from Forrester.
- Chief information security officers need to prepare for increased cyberattacks against Ukraine-based military targets, government agencies and critical infrastructure, particularly in countries supporting the Ukraine war effort.
- The FBI and Cybersecurity and Infrastructure Security Agency on Thursday said they are aware of possible threats to satellite communications networks in the U.S. and abroad. The agencies are urging organizations to check for insecure remote access tools and urging companies report any suspicious network activity.
Cyberthreats against U.S. and allied companies will come from a variety of sources, ranging from state-sponsored actors and others sympathetic to Russia, according to Forrester.
Major energy companies like Shell, Exxon and BP have left billions of dollars on the table after withdrawing from business in Russia. Mastercard and Visa also pulled out and iconic brands like Coca-Cola and McDonald's suspended new business amid mounting consumer pressure to cease operations.
Attacks may come from sympathetic ransomware groups like Conti, ransomware as a service operators or even insiders sympathetic to Russian interests, according to Forrester.
"There's no such thing as neutral in something like this," Jeff Pollard, VP, principal analyst at Forrester, said via email, adding that companies really don't have a choice to stay on the sidelines.
"The stance your company takes does come with risks — and your cybersecurity team needs to be ready for the choices your company takes, because any stance marks you as a target for some set of threat actors," he said.
Forrester is urging corporate CISOs to help prepare a communications plan to the board of directors and top executives. Businesses should update plans constantly to prevent being surprised by events.
Executives should even prepare a list of frequently asked questions, so senior executives can properly communicate any security risk questions to the public, the research firm said.
Multiple threats have already been identified directly targeting organizations in Ukraine as well as more widespread threats facing Europe and U.S. organizations. Earlier this week, ESET researchers released information about a third data wiping malware, called CaddyWiper, which destroyed user data and partition information.
Prior research uncovered HermeticWiper and IsaacWiper. Russian state-sponsored actors have also targeted organizations by exploiting the PrintNightmare vulnerability and misconfigured MFA settings.
Critical infrastructure providers have been on high alert regarding the potential for retaliatory threats against U.S. or other western organizations.
"CISA remains concerned about the threat to U.S. and allied satellite communications networks," Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a statement, while urging organizations to immediately implement the steps in the advisory.
The FBI/CISA warning comes weeks after German authorities were notified about a suspicious outage involving Germany's Enercon, which knocked more than 5,000 wind turbines out of service across Europe.