Download the Arabian Reseller GITEX 2023 Special Edition: https://arabianreseller.com/oct2023

If you liked the video, please like, share, and comment below.

Follow us on social media:
✓ Linkedin – https://www.linkedin.com/company/28160369/
✓ Twitter – https://twitter.com/arabianreseller
✓ Facebook – https://www.facebook.com/arabianreseller
✓ Website – http://www.arabianreseller.com/
✓ Future Tech Podcast – https://open.spotify.com/show/6ZT8KdXdzlmRaaRNQeZei8

For more videos, please subscribe to our channel. Also, hit the bell icon to join our Notification Squad!

Tell us about your participation at GITEX 2023. Which products and solutions will you be showcasing at the event?
Mandiant, part of Google Cloud, will be participating at GITEX to guide businesses and individuals on their cloud transformation journeys. Leveraging state-of-the-art AI technologies and insights gained from frontline incident response engagements, Mandiant aims to advance cybersecurity postures for organizations, whether they operate on-premises or transition to the cloud.

Mandiant will focus on the pressing cybersecurity issues of today, including supply chain vulnerabilities, ransomware, and geopolitical threats. The company will showcase its Mandiant Advantage platform, an integrated solution covering Threat Intelligence, Attack Surface Management, Security Validation, and Breach Analytics.

What will be your theme of participation at GITEX 2023?
The UAE, like many other regions of the world, is a desirable target for cyber threat actors because of its dominant position in the Middle East and its advanced economy. Local or regional disputes are a source of cyberattacks on the global stage, particularly when they have either a political or financial goal.

This year at GITEX, we are committed to assisting enterprises in acquiring a thorough grasp of their current and emerging threat actors, the efficient security measures they have in place, as well as the knowledge and intelligence supporting them. The key takeaway Mandiant aims to impart is the importance of being prepared: do not test the preparedness of your security team in a security incident. Leverage Mandiant to help you detect, investigate, and respond to cyber threats more efficiently.

Do you plan to run any online engagements such as webinars and offline engagements such as tech talks, demos, keynotes, and so on, alongside GITEX 2023?
We will be hosting live demos of our Mandiant Advantage platform at the Google Cloud stand, situated in Hall 7, stand G30.

Mandiant’s participation in GITEX 2023 aligns with Google Cloud’s ongoing investment in the Middle East and Africa, following the launch of Google Cloud instances in Qatar and upcoming launches in Saudi Arabia and South Africa. Mandiant plays a crucial role in securing customers’ cloud journeys, making its presence at GITEX 2023 a strategic move for both Mandiant/Google Cloud.

Jamil Abu Aqel, Head of Mandiant systems engineering for MEA and Emerging region, Google Cloud

At the exhibition, Mandiant will focus on the pressing cybersecurity issues of today, including supply chain vulnerabilities, ransomware, and geopolitical threats. The company will showcase its Mandiant Advantage platform, an integrated solution covering Threat Intelligence, Attack Surface Management, Security Validation, and Breach Analytics.

Visitors to GITEX 2023 can engage with Mandiant consultants and experience the Mandiant Advantage platform firsthand. The company has been involved in mitigating some of the world’s most high-profile cyber-attacks. Mandiant aims to address key challenges such as the shortage of skilled resources, the increasing sophistication of threat actors, and the complexity of managing security controls.

As companies navigate through the lasting impact of what Mandiant terms a ‘Zero-Day Summer,’ the cybersecurity landscape is becoming increasingly complex. This year has already seen 62 zero-day vulnerabilities, up from 55 last year. A significant portion of these zero-day vulnerabilities are targeted at governments and sectors like technology and telecommunications, which are typical targets for cyber espionage by nation-state actors. Cybercriminals, on the other hand, are leveraging zero days in financially motivated attacks like ransomware, as they typically don’t target governments where there’s no money to be made. The threats are evolving; social engineering attacks are becoming more sophisticated due to the adoption of Generative AI, and there’s a rising trend in the theft and sale of valid credentials.

“The UAE, like many other regions of the world, is a desirable target for cyber threat actors because of its dominant position in the Middle East and its advanced economy. Local or regional disputes are a source of cyberattacks on the global stage, particularly when they have either a political or financial goal. This year at GITEX, we are committed to assisting enterprises in acquiring a thorough grasp of their current and emerging threat actors, the efficient security measures they have in place, as well as the knowledge and intelligence supporting them. The key takeaway Mandiant aims to impart is the importance of being prepared: do not test the preparedness of your security team in a security incident. Leverage Mandiant to help you detect, investigate, and respond to cyber threats more efficiently,” commented Jamil Abu Aqel, Head of Mandiant systems engineering for MEA and Emerging region, Google Cloud.

Mandiant emphasizes the need for a layered defence strategy. The first layer focuses on identifying and protecting assets, while the second layer is geared towards detecting, responding to, and containing breaches. Given the evolving threats, organizations should operate under the assumption that breaches are inevitable, preparing accordingly.

In this challenging cyber landscape, Mandiant is pioneering the use of AI, particularly generative AI (genAI), to augment defences. Mandiant is committed to harnessing gen AI to stop threats, reduce toil, and scale cybersecurity talent. It enables quicker threat detection and response, reduces the burden on security specialists, and bridges the talent gap in the cybersecurity industry. By leveraging genAI, Mandiant aims to give defenders a significant edge, allowing them to stay ahead of evolving threats and respond more effectively,” commented Renze Jongman, Threat Intelligence Advisor, MEA at Mandiant.

Are you participating in GITEX Global 2022? If yes, which products and solutions will you be showcasing at the event? 
GITEX is one of the key events on our calendar in the region. This year, we’ll be showcasing Mandiant Advantage, our multi-vendor XDR platform that delivers Mandiant’s expertise and frontline intelligence to security teams of all sizes.

One of the modules within Mandiant Advantage is Attack Surface Management which allows organisations to see themselves through the eyes of the attacker. This has rapidly become a top priority given the sharp uptick in adoption of cloud, SaaS, and mobile across a distributed workforce which leads to an expanding, evolving, and changing attack surface subject to an increasing number of sophisticated threats. Organisations can use the insights from Attack Surface Management to continuously discover and monitor their exposures and enable intelligence and red teams to operationalise and inform risk management.

What are your expectations from the event this year? What will be your theme of participation at GITEX? 
GITEX provides a great opportunity to engage our customers and partners, as well as other organisations looking for ways to improve their cyber security posture. One thing we can always count on in the cyber realm is the level of uncertainty. Attackers regularly change their approach to evade detection, leaving defenders struggling to keep up, so we’ll be talking to organisations about taking a country/industry/company-specific intelligence-led approach to strengthening their defenses.

How have your regional strategies changed in recent months? 
Across the MEA and emerging region, we have a strong local presence, with a team based across the UAE, KSA, Qatar, Egypt, Morocco, South Africa, Turkey, Poland, Romania, and serving the whole region. Approximately half of the team is part of our consulting business, and as a business, we help organisations and government entities to develop more effective and efficient cyber security programs and instill confidence in their readiness to defend against and respond to cyber threats.

Digitalisation is on the rise in the region and although it holds immense potential for huge rewards, it also brings with it significant risks that organisations need to ensure they’re well-prepared to tackle. Mandiant’s latest M-Trends 2022 report confirms that professional and financial services, healthcare, retail, high tech, and government were the most frequent targets of cyber attackers throughout 2021, but no matter what the industry or size, every organisation should be working to strengthen and test their defenses.

We continue to initiate more dialogue with executive management in the region around cyber risk and the impacts proactive and reactive measures have on an organisation’s risk profile. Our approach, derived from numerous program transformations helps organisations identify, map, and drive down risks in a meaningful and methodical way.

Mandiant, which is known for delivering unparalleled frontline expertise and industry-leading threat intelligence, is a proven first responder to the world’s largest cybersecurity incidents. Mandiant’s services, delivered by their team of security and intelligence individuals spread across 22 countries, are widely recognized for helping top enterprises and organizations prepare for and react to cybersecurity incidents.

With this acquisition, Google Cloud and Mandiant will deliver an end-to-end security operations suite with even greater capabilities to support customers across their cloud and on-premise environments. “The completion of this acquisition will enable us to deliver a comprehensive and best-in-class cybersecurity solution,” said Thomas Kurian, CEO of Google Cloud. “We believe this acquisition creates incredible value for our customers and the security industry at large. Together, Google Cloud and Mandiant will help reinvent how organizations protect themselves, as well as detect and respond to threats.”

Organizations today are facing cybersecurity challenges that have accelerated in frequency, severity and diversity, creating a global security imperative. Enterprises need to be able to detect and respond to malicious actors quickly, with actionable threat intelligence to continually protect their organizations against new attacks.

“Mandiant is driven by a mission to make every organization secure from cyber threats and confident in their readiness,” said Kevin Mandia, CEO, Mandiant. “Combining our 18 years of threat intelligence and incident response experience with Google Cloud’s security expertise presents an incredible opportunity to deliver with the speed and scale that the security industry needs.”

Since 2004, Mandiant has been at the forefront of cyber security, enabling a deep understanding of both existing and emerging threat actors, as well as their rapidly changing tactics, techniques, and procedures (TTPs). With the stance that effective security is not only based on the controls deployed, but also on the expertise and intelligence behind them, Mandiant takes an intelligence-led, multi-vendor approach to its platform, Mandiant Advantage.

The Mandiant Cyber Alliance Program––open to cyber security technology partners across sectors such as endpoint, network, identity and authentication, security information and event management, and cloud security––powers market-leading technologies with nation-grade intelligence, innovative integrated solutions, and expert managed services. With the shared mission focus to put customer needs first, Mandiant and its partners can help organizations in critical times of need. Flagship partners include Cloudflare, CrowdStrike, Google Cloud, InnerActiv, Interos, IronNet, Microsoft, Netskope, Nozomi Networks, Nucleus Security, SentinelOne, SimSpace, SnapAttack, and Trellix, among others.

Partnership benefits of the Mandiant Cyber Alliance Program include:

• Access to the latest nation-grade threat intelligence from Mandiant researchers, reverse engineers, intelligence analysts, and incident responders who have been defending organizations of all sizes from the front lines of the cyber conflict since 2004.
• Technical integration into the Mandiant Advantage platform, as well as access to Mandiant’s incident response services and extended threat detection and response capabilities.
• Collaboration at leading industry events as well as exclusive sponsorship and partner opportunities at Mandiant mWISE events.
• Access to unique and creative ways to go to market. Solutions and services powered by Mandiant frontline intelligence and expertise accelerate marketing and industry expansion.
• Ability to leverage Mandiant product, engineering, and sales experts for thought leadership and ability to craft joint solutions spanning enterprise and mid-market organizations.

“As an organization that has been on the front lines of cyber security for more than 18 years, we recognize that the battle against today’s most challenging threats cannot be won alone,” said Marshall Heilman, Chief Technology Officer at Mandiant. “Joining forces with other mission-oriented security organizations enables us to better defend our shared customers. I am proud of the progress this alliance program has made to date and excited about the program’s strength to significantly impact customer security and threat actor operations.”

According to the M-Trends 2022 report, the global median dwell time––which is calculated as the median number of days an attacker is present in a target’s environment before being detected––decreased from 24 days in 2020 to 21 days in 2021. Digging deeper, the report notes that the APAC region saw the biggest decline in median dwell time, dropping to just 21 days in 2021 compared to 76 days in 2020. Median dwell time also fell in EMEA, down to 48 days in 2021 compared to 66 days the year before. In the Americas, median dwell time stayed steady at 17 days.

When comparing how threats were detected across different regions, the report found that in EMEA and APAC, the majority of intrusions in 2021 were identified by external third parties (62% and 76%, respectively), a reversal of what was observed in 2020. In the Americas, the detection by source remained constant with most intrusions detected internally by organizations themselves (60%).

Organizations’ improved threat visibility and response as well as the pervasiveness of ransomware––which has a significantly lower median dwell time than non-ransomware intrusions––are likely driving factors behind reduced median dwell time, per the report.

New Threats Emerge as China Ramps Up Espionage Activity
Mandiant continues to expand its extensive threat knowledge base through frontline investigations, access to the criminal marketplace, security telemetry and the use of proprietary research methods and datasets, analyzed by more than 300 intelligence professionals across 26 countries. As a result of relentless information gathering and analysis, Mandiant experts began tracking 1,100+ new threat groups during this M-Trends reporting period. Mandiant also began tracking 733 new malware families, of which 86% were not publicly available, continuing the trend of availability of new malware families being restricted or likely privately developed, according to the report.

M-Trends 2022 also notes a realignment and retooling of China cyber espionage operations to align with the implementation of China’s 14^th Five-Year Plan in 2021. The report warns that the national-level priorities included in the plan “signal an upcoming increase in China-nexus actors conducting intrusion attempts against intellectual property or other strategically important economic concerns, as well as defense industry products and other dual-use technologies over the next few years.” 

Strengthening Security Posture
Mandiant remains committed to helping organizations remain secure from cyber threats and build confidence in their cyber defense readiness. To support this mission, Mandiant provides risk reduction tips throughout the M-Trends report, including mitigating common misconfigurations when using on-premises Active Directory, certificate services, virtualization platforms and cloud-based infrastructure. The report also reinforces considerations to support proactive security programs, reiterating the importance of long-standing security initiatives such as asset management, log retention policies and vulnerability and patching management.

To further support community and industry efforts, Mandiant continuously maps its findings to the MITRE ATT&CK framework, mapping an additional 300+ Mandiant techniques to the framework in 2021. The M-Trends report notes that organizations should prioritize which security measures to implement based on the likelihood of specific techniques being used during an intrusion. According to the report, by examining the prevalence of technique usage during recent intrusions, organizations are better equipped to make intelligent security decisions.

Additional takeaways from M-Trends 2022 Report include:

• Infection Vector: For the second year in a row, exploits remained the most frequently identified initial infection vector. In fact, of the incidents that Mandiant responded to during the reporting period, 37% started with the exploitation of a security vulnerability, as opposed to phishing, which accounted for only 11%. Supply chain compromises increased dramatically, from less than 1% in 2020 to 17% in 2021.
• Target industries impacted: Business and professional services and financial were the top two industries targeted by adversaries (14%, respectively), followed by healthcare (11%), retail and hospitality (10%) and tech and government (both at 9%).
• New Multifaceted Extortion and Ransomware TTPs: Mandiant observed multifaceted extortion and ransomware attackers using new tactics, techniques and procedures (TTPs) to deploy ransomware rapidly and efficiently throughout business environments, noting that the pervasive usage of virtualization infrastructure in corporate environments has made it a prime target for ransomware attackers. 

“This year’s M-Trends report reveals fresh insight into how threat actors are evolving and using new techniques to gain access into target environments. While exploits continue to gain traction and remain the most frequently identified infection vector, the report notes a significant increase in supply chain attacks. Conversely, there was a noticeable drop in phishing this year, reflecting organizations’ improved awareness and ability to better detect and block these attempts. In light of the continued increased use of exploits as an initial compromise vector, organizations need to maintain focus on executing on security fundamentals––such as asset, risk and patch management,” said Jurgen Kutscher, Executive Vice President, Service Delivery, Mandiant.  

The metrics reported in M-Trends 2022 are based on Mandiant investigations of targeted attack activity conducted between October 1, 2020 and December 31, 2021. The information gleaned has been sanitized to protect the identities of targets and their data.

“Today, organizations are facing cybersecurity challenges that have accelerated in frequency, severity, and diversity, creating a global security imperative. To address these risks, enterprises need to be able to detect and respond to adversaries quickly; analyze and automate threat intelligence to scale threat detection across organizations; orchestrate and automate remediation; validate their protection against known threats, and visualize their IT environment in order to identify and simulate new threats. The cloud represents a new way to change the security paradigm by helping organizations address and protect themselves against entire classes of cyber threats, while also rapidly accelerating digital transformation,” the company said in a press statement.

The acquisition of Mandiant will complement Google Cloud’s existing strengths in security. Google Cloud offers customers a robust set of services including pioneering capabilities such as BeyondCorp Enterprise for Zero Trust and VirusTotal for malicious content and software vulnerabilities; Chronicle’s planet-scale security analytics and automation coupled with services such as Security Command Center to help organizations detect and protect themselves from cyber threats; as well as expertise from Google Cloud’s Cybersecurity Action Team. With the addition of Mandiant, Google Cloud will enhance these offerings to deliver an end-to-end security operations suite with even greater capabilities to support customers across their cloud and on-premise environments.

As a recognized leader in a strategic security advisory and incident response services, Mandiant brings real-time and in-depth threat intelligence gained on the frontlines of cybersecurity with the largest organizations in the world. Combined with Google Cloud’s cloud-native security offerings, the acquisition will help enterprises globally stay protected at every stage of the security lifecycle:

• Advisory Services: Mandiant’s proven global expertise in providing a comprehensive incident response, strategic readiness, and technical assurance helps customers mitigate threats and reduce business risk before, during, and after an incident.
• Threat Detection and Intelligence: Mandiant’s experience detecting and responding to advanced adversaries offers customers actionable insights into the threats that matter right now.
• Automation and Response Tools: Security operations tools within Google Cloud’s Chronicle, Siemplify solutions, and Mandiant’s Automated Defense help customers analyze, prioritize and streamline threat response and leverage Mandiant’s expertise as a virtual extension of their teams.
• Testing and Validation: Mandiant Security Validation helps customers continuously validate and measure the effectiveness of cybersecurity controls across cloud and on-premise environments, and complements Google Cloud’s Security Command Center to help ensure strong risk management.
• Managed Defense: Mandiant’s managed detection and response service acts as a seamless extension of customers’ security teams, delivering continuous monitoring, event triage and threat hunting that’s agnostic to customers’ endpoint and network tooling.

“Organizations around the world are facing unprecedented cybersecurity challenges as the sophistication and severity of attacks that were previously used to target major governments are now being used to target companies in every industry,” said Thomas Kurian, CEO, Google Cloud. “We look forward to welcoming Mandiant to Google Cloud to further enhance our security operations suite and advisory services, and help customers address their most important security challenges.”

“There has never been a more critical time in cybersecurity. Since our founding in 2004, Mandiant’s mission has been to combat cyber attacks and protect our customers from the latest threats,” said Kevin Mandia, CEO, Mandiant. “To that end, we are thrilled to be joining forces with Google Cloud. Together, we will deliver expertise and intelligence at scale, changing the security industry.”

“As a pioneer in offering multi-cloud technology, Google Cloud’s security operations suite will continue to provide a central point of intelligence, analysis, and operations across on-premise environments, Google Cloud, and other cloud providers. In addition, Google Cloud is deeply committed to supporting the technology partners of both companies, including the endpoint ecosystem. This acquisition will enable system integrators, resellers, and managed security service providers to offer broader solutions to customers,” Google said.

The acquisition of Mandiant is subject to customary closing conditions, including the receipt of Mandiant stockholder and regulatory approvals, and is expected to close later this year.

“To address this rapidly evolving issue, Mandiant Advantage Ransomware Defense Validation leverages Mandiant’s industry-leading threat intelligence, ransomware re-configuration capabilities, and automated validation infrastructure to provide security leaders with evidence whether their organizations are able to prevent specific ransomware attacks,” the company said in a statement.

“The frequency and proliferation of ransomware are accelerating, and without the right resources in place, organizations of all sizes and industries are struggling to know whether they are prepared for a ransomware attack,” said Mike Armistead, Senior Vice President, Mandiant Advantage Products at Mandiant. “Ransomware Defense Validation enables organizations to quickly understand and measure whether their security controls can prevent specific ransomware attacks and multifaceted extortion campaigns.”

Daily headlines highlight victims of increasingly frequent and widespread ransomware attacks as threat actors continue to evolve tactics to make their operations more efficient and effective. And even with the arrests, Russian officials made last month of a group of high-profile cybercriminals in an effort to take action against the ransomware problem, Mandiant has not observed a subsequent decline in these operations overall.

Ransomware Defense Validation counters this reality by curating the most critical ransomware threats Mandiant’s experts are seeing on the frontlines and repurposing them so that organizations can automatically, continuously and safely test their defenses against ransomware families like CONTI, a group that publicized the theft of data from more than 500 organizations in 2021, along with other prolific threats like MOUNTLOCKER, RYUK and SODINOKIBI.

Collectively, these families accounted for some of the most active ransomware at incidents that Mandiant responded to in 2021. Information on ransomware families is updated on a regular basis to stay current with the attacks most prevalent in the industry. Further, not only are organizations able to test their ability to prevent these ransomware attacks, but they are also able to see in a quantifiable, live dashboard the stages in which the ransomware would have failed or succeeded.

The ongoing stand-off between Russia and Ukraine has rattled global political and business leaders, who fear that an invasion could inflict damage the world over. Earlier this year, multiple Ukrainian websites were hit by a cyber strike that left a warning to “be afraid and expect the worst”, as Russia had amassed troops near Ukraine’s borders.

Now, according to Reuters, “the European Central Bank is preparing banks for a possible Russian-sponsored cyber attack as tensions with Ukraine mount, as the region braces for the financial fallout of any conflict.” While the regulator had been focused on ordinary scams that boomed during the pandemic, the Ukraine crisis has diverted its attention to cyber attacks launched from Russia, with the ECB questioning banks about their defenses.

In addition, according to Thomson Reuters’ Regulatory Intelligence, the New York Department of Financial Services had issued an alert to financial institutions in late January, warning of retaliatory cyberattacks should Russia invade Ukraine and trigger U.S. sanctions.

Cyber Threats Expected

Morey Haber, the Chief Security Officer at BeyondTrust

While we are now coming to terms with the idea of a new conflict in a sensitive region of the world, tanks, troops, planes, bullets, and bombs are not the only weapons of war. Cyber attacks are more than just an annoyance. “When weaponized, cyber-attacks can cost lives as well, and maybe uncontrollable when unleashed in mass during an armed conflict. They can devastate a target and allies, but have the unfortunate consequence of affecting civilians as well, even if they are not within the theater of conflict,” explains Morey Haber, the Chief Security Officer at BeyondTrust.

“An escalation in attacks on critical infrastructure providers and government agencies and suppliers are likely to increase. Expect an increase in RansomOps, where the execution of the ransomware itself is just the initial piece of a much longer attack chain,” says Sam Curry, the Chief Security Officer at Cybereason. “RansomOps take a low and slow approach, infiltrating the network and spending time moving laterally and conducting reconnaissance to identify and exfiltrate valuable data. Threat actors might be in a network for days or even weeks.”

In addition, says Curry, supply chain attacks will be leveraged and adopted by more cybercriminal groups in the months ahead. “Companies that act as suppliers or providers need to be more vigilant and overall organizations need to be aware of the potential risk posed throughout the supply chain,” he adds.

According to Kiran Zachariah – VP -Digital Security at Sectrio, his company has seen a significant rise in the number of cyberattacks logged by their global honeypot network in the past few weeks. “Further, we have also seen a 77 percent rise in attacks on manufacturing and oil and gas. We have also seen an increase in the activity levels of certain state-backed hacker groups in Eastern Europe. The quality of phishing kits that we are intercepting now has improved remarkably in 2022 indicating a significant R&D push from the hackers. Even if these trends are not linked to the Ukraine crisis, there is still a significant deterioration in the global threat environment and that is a clear cause of concern,” adds Zachariah.

Kiran Zachariah – VP -Digital Security, Sectrio

John Hultquist, VP of Intelligence Analysis at Mandiant, is of the opinion that information operations are a regular feature of Russian and Belarusian cyber activity. “Such actors leverage a variety of tactics to achieve their aims, including but not limited to the use of social media campaigns involving coordinated and inauthentic activity, as well as the compromise of entities in hack-and-leak operations or for use in disseminating fabricated content to promote desired narratives,” adds Hultquist. “Disruptive and destructive cyberattacks take many forms, from distributed denial-of-service attacks to complex attacks on critical infrastructure. Like its peers, Russia leverages this capability in times of crisis.”

Regional Impact
Cybersecurity experts say the attacks could be a precursor to more serious cyber assaults on Ukraine and its allies. Russia is determined to prevent Ukraine from joining the NATO security alliance. Russia has amassed about 100,000 troops on Ukraine’s border, raising concerns Moscow may be preparing for an invasion of its neighbor. Russia annexed a portion of Ukraine in 2014.

“The crisis in Ukraine has already proven to be a catalyst for the additional aggressive cyber activity that will likely increase as the situation deteriorates. At Mandiant, we have been anticipating this activity, and we are concerned that, unlike the recent defacements and destructive attacks, future activity will not be restricted to Ukrainian targets or the public sector,” says Hultquist.

“Time will tell on how far the threats expand beyond Ukraine, but we can assume that Russian, Chinese, North Korean, and Iranian state-sponsored hackers are regularly testing the resiliency of their enemies and that includes the U.S., countries in the Middle East and the Asia Pacific,” adds Curry. “Overall, there is always a trade-off in hacking other nations — certainly some benefits, but some drawbacks as well, and a whole lot of risk.”

Zachariah adds, “In the Middle East, we have traditionally seen sectors such as oil and gas, manufacturing and utilities bear the brunt of cyberattacks from sophisticated hackers. Some of the attacks on these sectors were copycat attacks wherein hackers imitated the tactics and breach methods used by hackers in Eastern Europe.”

Sam Curry, CSO, Cybereason

He further says, whether you are an ally of Ukraine or not, you will still face cyber threats from a range of actors who have various objectives to achieve such as ransom, customer data, or simply revenge. “Even if a spillover of attacks is likely or otherwise, there are enough groups targeting the region. So we have enough reasons to be vigilant and stand guard. From the global trends we are analyzing, it is clear that hackers are continuing to use the widespread disruption caused by the pandemic to exploit weakness and gaps in the overall cybersecurity posture of businesses here as well,” Zachariah explains.

According to Curry, looking back to last year and the Colonial Pipeline attack in the United States, what had probably seemed logical to DarkSide became a nasty surprise. “Waking the lion is not a good idea. This is, however, the game of nations; and it now has a cyber component to go along with diplomacy, intelligence, military, and economic measures,” he explains.

Identifying the Attackers
According to Zachariah, the groups have already been exposed. “But what is interesting is the level of obfuscation that is at play which is again a part of their much-used playbook. At least one APT group, in this case, managed to use the infrastructure of another country to target a third country,” he says.

“Early indications suggest that both sides are ramping up their attack strategies for some form of cyber warfare during this conflict,” explains Haber. “The question becomes, based on modern commercial attacks, what do weaponized versions really look like and how much potential damage could they really do versus just holding a computer hostage with ransomware. From this author’s perspective, the damage could be just as bad as physical bombs, all initiated based on a piece of malicious software. Now that is one prediction I hope doesn’t come true.”

John Hultquist, VP of Intelligence Analysis at Mandiant

Meanwhile, Hultquist says that Russian cyber espionage actors such as UNC2452, Turla, and APT28, which are tied to the Russian intelligence services, have almost certainly already received tasking to provide intelligence around the crisis. “These actors already frequently target government, military, diplomatic, and related targets worldwide for intelligence that benefits Russia’s foreign policy decision making,” he says. Ultimately, cyber capabilities are a means for states to compete for political, economic, and military advantage without the violence and irreversible damage that is likely to escalate to open conflict. While information operations and cyberattacks such as the 2016 US election operations and the NotPetya incident can have serious political and economic consequences, Russia may favour them because they can reasonably expect that these operations will not lead to a major escalation in the conflict.”

Keeping Threats at Bay
To reduce risk and improve its resiliency against cyber threats, every organization should regularly test its infrastructure for weak points by conducting threat assessments and deploying appropriate incident response plans. “In addition, follow security hygiene best practices that include timely patch management, offsite data backups, and security awareness training,” adds Curry.

Companies should investigate and verify remote and on-site access modes, mechanisms and confirm that passwords are not shared (within or outside the organization) and that all passwords used are unique. In addition, they also need to ensure that all systems are patched and updated. “Furthermore, examine your infrastructure for inherent or acquired vulnerabilities. Conduct a deep vulnerability scan. Gather visibility into the footprint of your operations and supply chain and request all stakeholders to conduct self-assessment checks as per the NIST CSF to ensure that all systems are hardened and secure,” says Zachariah.

“Organisations should also deploy multi-layer prevention capabilities on all enterprise endpoints across their networks. Organisations should also implement extended detection and remediation solutions across their environments, for visibility, to end advanced attacks before they can gain a footing in their networks,” explains Curry.

“In addition, you need to ensure that all perimeter and non-perimeter-based defenses are working well. Stress-test your incident response plan and reexamine your roles and responsibilities matrix to ensure all roles and individuals are well aligned. Communicate the need for heightened security across the organization,” asserts Zachariah.

“We would recommend practical and scalable methods that can help protect organizations from not only destructive attacks, but potential incidents where a threat actor is attempting to perform reconnaissance, escalate privileges, laterally move, maintain access, and achieve their mission,” says Hultquist.

According to Haber, companies, and users should also ensure that only approved applications are allowed to execute in their environments and any program that does not meet minimum security requirements is explicitly denied. “All access outside of trusted network zones should be monitored, proxied, regulated, and controlled to prevent a presence by threat actors,” says Haber.

“Any business, government, or individual that has an interest in this potential conflict — and candidly it should be everyone — there are a few things we should all do to protect against these cyber weapons of war,” says Haber. “Assess all of your assets, cloud, and on-premise, and prioritize remediation of all critical findings that can be exploited without user intervention during a cyber attack. Once vulnerabilities have been prioritized, remediate (patch) them in a timely fashion. Remove all unnecessary privileged accounts and ensure that credentials, passwords, and secrets are not shared and are unique across all assets.”