News:
What you can do:
- Identify Portfolio Companies in Affected Areas
- Identify Possible Targets
- Set Up Security Incident Alerts
- Reporting
News
The situation between Russia and Ukraine has been escalating since the start of January, when Russia stationed more than 100,000 troops along the Ukrainian Border. Although cyber security is not the primary concern in the current situation, there is a cyber security component that absolutely should not be overlooked.
Read more at:
Amidst significant geopolitical tension between Russia (RU) and Ukraine (UA), Microsoft detected a highly destructive form of malware affecting dozens of government and private computer networks in Ukraine, known as “WhisperGate.”
This event is considered as a single Security Incident with the Ukrainian government as the direct party to the incident. Individual companies affected by this incident are classified as indirect parties affected by a multiparty event.
Learn more about WhisperGate with Bitsight Academy.
Read more at:
- New York Times, “Microsoft Warns of Destructive Cyberattack on Ukrainian Computer Networks”
- Washington Post, “Data of several Ukrainian government agencies is wiped in cyberattack”
- Wall Street Journal, “Ukraine Hacks Signal Broad Risks of Cyberwar Even as Limited Scope Confounds Experts”
- Good Harbor, “Warning Notice: Ukraine and Your Cyber Security”
- Mandiant, “Proactive Preparation and Hardening to Protect Against Destructive Attacks”
- Microsoft, “Destructive malware targeting Ukrainian organization”
What You Can Do
Identify Portfolio Companies in Affected Areas
Identify monitored organizations with infrastructure in affected areas, such as Ukraine, to keep a close eye on them as this conflict evolves.
- From the Continuous Monitoring application, navigate to the Companies List page.
- Select Ukraine from the Country filter. This will show you companies that have at least one IP in Ukraine.
- We recommend moving these companies into a new folder for ease of access and analysis.
Identify Possible Targets
Bad actors may target vulnerabilities that are known to be exploited in the wild, according to CISA.[1]
Select the “CISA Known Exploited Vulnerabilities” tab in the Portfolio Vulnerabilities report to identify third parties for outreach. The Portfolio Vulnerabilities report is available in the Findings and Infrastructure Details section of the Reports page.
Set Up Security Incident Alerts
Any resulting Security Incidents are available in the Bitsight platform, accompanied with Security Incident Alerts for your monitored third parties or fourth parties. Go to your Alert Settings page to enable alerts.
Reporting
Use the 3rd Party Security Incidents report within the Findings and Infrastructure Details section of the Reports page and filter by the new folder to review the Security Incidents affecting companies in your portfolio.