Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Cybersecurity Preparedness in Face of Global Conflict

February 28, 2022

  • Blog
  • Archive

The invasion of Ukraine is a harrowing ordeal for anyone impacted by the conflict. While we hope the situation can be resolved without further harm to the impacted population, it is a time of heightened risk and uncertainty, with implications that are rippling across the world.

One area of increasing concern is the elevated risk of cyberattacks. As part of the greater cybersecurity community, we aim to share information that is helpful to those who are dealing with, or having to respond to, questions about increased cyberthreats.

The Fast-Evolving Threat Landscape – Nation-State Attacks & Opportunistic Threat Actors

Over the course of at least months, cyber strikes on Ukraine have escalated. Attacks in recent days have knocked government and corporate systems and websites offline, and defaced Ukrainian websites. A new data wiping malware, dubbed HermeticWiper (AKA KillDisk.NCV), has also been leveraged to infect hundreds of machines across Ukraine, Latvia, and Lithuania. Security researchers have reported that HermeticWiper corrupts the Master Boot Record (MBR), resulting in failure to boot. This new malware family comes close on the heels of the discovery of WhisperGate malware, which was used to attack Ukrainian systems in early January. As with NotPetya, these new malware families seem intended to incapacitate the assets they infect. The rapid emergence of these debilitating, novel malware families also reinforces the need for proactive, preventative security that goes beyond signature-based recognition.

However, the cybersecurity fallout of the geopolitical conflict extends far beyond Ukraine’s borders. Cyber threat activity is picking up around the world. A joint advisory, by CISA, the FBI and the National Security Agency (NSA), outlined activities and tactics used by state-sponsored cybercriminals. These activities include brute-forcing, spear phishing emails with malicious links, using harvested credentials to gain access, and maintaining persistent access. CISA also issued a “SHIELDS UP” advisory. In the advisory, “CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.” The advisory also provides steps organizations should take to help prevent or mitigate a cyber intrusion.

While nation-state threat actors may be increasing activity to disrupt the operations and supply chains of adversaries, and to increase their spheres of power, the usual cast of non-affiliated, opportunistic threat actors, such as ransomware operators and phishing scammers, could also be looking to cash in on global instability, like they did during the early stages of the coronavirus pandemic. Over the past couple of years, we’ve gotten some ugly glimpses (e.g. Colonial Pipeline attack, Oldsmar Water Treatment attack, etc.) of how the lives or livelihoods of innocent people can be jeopardized as part of cyberattacks, whether those attacks were motivated by financial or other objectives.

Blended, Preventative Protection against the Top Threats

Over the last year, nations across the world, including the U.S. with its issuance of the Executive Order (EO) 14028 on “Improving the Nation's Cybersecurity”, have made strides in ramping up their cyber defenses and in fostering better cross-country collaboration. Recent geopolitical events underscore the importance of maturing zero trust security controls across all organizations—from small businesses to critical infrastructure and operational technology (OT).

Right now, it is important for everyone to reassess their cyber risk and look closely at where they can mature their security controls. The specific security priorities—whether it be accelerating the patching of vulnerabilities, vaulting and automating management of credentials, applying least privilege, or better securing remote access pathways—should be directed by the findings of their assessment.

As you reassess your security posture, consider the following security strategies and capabilities that can help you better withstand increasing cyber threats in this environment:

  • Identify and prioritize the patching and remediation of vulnerabilities. While the current geopolitical strife may give rise to an increase in zero-day threats, addressing known vulnerabilities is a best practice that contributes to strong baseline security and a reduction of the threat surface.
  • Maintain updates – ensure endpoints and software are updated, and if not operating on the latest version, are at least operating on a version that is still supported. End-of-life-software with vulnerabilities and security weaknesses can be an easy target for attackers to gain a foothold within your environment.
  • Harden your IT systems by removing unnecessary software, applications, and privileges, and by closing unneeded ports.
  • Remove admin rights and apply least privilege across all access. Limit all access to the minimum necessary amount and duration to minimize the threat surface and protect against lateral movement and privilege escalation attacks
  • Use password managers to ensure credential security best practices are consistently enforced. In particular, privileged credentials and secrets for humans, machines, employees, and vendors are of the utmost importance to manage and protect. Rotation of privileged credentials, and creation of unique and complex passwords provide effective defense against brute-forcing, credential re-use attacks, and more.
  • Ensure all access is ephemeral and authentication happens continuously, and is only given when the proper context is met
  • Lock down remote connections through a single access pathway and ensure all access adheres to the principle of least privilege. It’s important to reduce port exposure to protect against entry points exploited by the top vectors for ransomware and other threats.
  • Apply advanced application control and protection techniques to defend against the tricky fileless and living off the land threats that are often used in multi-step attack chains (APTs), and as part of nation-state attacks.
  • Implement segmentation and microsegmentation to isolate systems, resources, and users, providing further resistance against lateral movement.
  • Monitor, manage, and audit every privileged session that touches the enterprise whether by human, machine, employee or vendor. The ability to instantly zero in on and stop suspicious session activities is particularly important.
  • Verify that your incident response plans and critical contact information for employees and law enforcement is up-to-date.

In addition to helping our customers protect their environments, BeyondTrust remains diligent in monitoring for activity against our own environment. Our organization complies with applicable U.S. sanctions programs and trade regulations in the sale and delivery of our products, as well as other regions where we operate. As developments arise, we will react quickly in accordance with any newly imposed sanctions to ensure we maintain compliance with such programs. We stand ready to support our customers, partners, and those new to BeyondTrust.

Please contact us to get in touch.

Whitepapers

The Executive Order on Improving the Nation’s Cybersecurity

Whitepapers

Cybersecurity Survival Guide, 2022 Edition

Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

From February 22, 2022:
Privilege Management for Windows & Mac 22.1 Integrates Azure Active Directory to BeyondInsight to Enhance Endpoint Security
From March 2, 2022:
Celebrating Black History Month at BeyondTrust!

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.