Hacking Concerns Rise Amid Geopolitical Tensions

by Pete Smothers, Chief Operating Officer at Xamin

---

As the conflict between Russia and the Ukraine continues to build, Xamin has monitored information from security threat feeds regarding risks from Russian sponsored cyber-attacks. These threats highlight recent incidents in Ukraine that contained destructive malware.

Background

Based on past events, tensions between Russia and Ukraine pose threats that could have a direct impact on U.S. infrastructure.

In 2017, Russia targeted Ukraine with the NotPetya virus. The aftermath of this attack was felt by the world, causing more than $10 billion in damage globally. NotPetya, a wiper attack, sent a message to users to conduct a system reboot. Once they did, the system became inaccessible with files that were unable to be decrypted.

Russian-sponsored actors have used sophisticated cyber capabilities to target a variety of U.S. critical infrastructures and have demonstrated sophisticated capabilities to compromise third-party infrastructure, third-party software, and deploy custom malware. They have also demonstrated the ability to maintain undetected, long-term access to cloud environments.

Our approach

In light of Russia’s prior attacks and current unrest, the possibility of additional attacks or exploitation of vulnerabilities is at the top of our list of possible threats. At this time, Xamin and Mowery & Schoenfeld have not observed any anomalous events, nor have our systems been compromised in any way. However, we do feel now is a time for extra vigilance for all of our partners. As the situation continues, we remain diligent in ensuring our clients are kept informed and protected against possible events.

For those who receive services from Xamin, we have established robust data backup and disaster recovery capabilities within our environments to minimize any potential service interruption. These include multiple components to reduce the risk of any single point of failure. Access and encryption controls are established to safeguard data back-ups, and all recovery plans are tested and updated regularly.

Our approach to vulnerability and security event management is multi-faceted. We utilize a layered approach to security, protecting all points or presence with advanced hardware and software tools:

• We have partnered with trusted security vendors to proactively monitor, identify, and remediate potential vulnerabilities as quickly as possible.
  
• We leverage a 24/7/365 live ‘eyes on glass’ Security Operations Center (SOC) to enhance response to identified security threats and to reduce false positives.
  
• Xamin and our security vendors are actively hunting for exploit attempts, including:
  
  • Active vulnerability scanning
    
  • Network IDS scanning
    
  • Real-time Security Log monitoring to detect security threats
    
• We conduct regular internal and external penetration testing on our internal systems.
  
• We require continuous Security Awareness Training by all employees. This training is reinforced by ongoing phishing and social engineering campaigns.
  
• We do not allow any direct vendor or 3rd party access to any Xamin systems.

The importance of cybersecurity

For 10 consecutive years, the cost of a data breach has continued to rise. Based on the 2021 IBM Data Breach Report, the average cost rose nearly 10% in 2021 to 4.24 million in just one year. Last year, the average breach took more than 200 days to fully identify and another 87 to contain. Nearly 17.5% of all breaches in 2021 were at least, in part, caused by a remote workforce. These breaches were nearly 25% more costly.

For those organizations with a strong compliance engine, the cost of a breach—if it occurred at all—was nearly 65% less than those without. As cybercriminals become more sophisticated, the ability to detect and remediate becomes more challenging. Protect your company from these potential cybersecurity impacts by making technology and cybersecurity a critical piece of your overall business strategy.

---