Strengthening Your Cybersecurity Posture Amidst Developments in the Russia-Ukraine Conflict

Published on 27 Feb 2022

Updated on 16 Mar 2022

There have been warnings of increased cyber threats globally arising from the recent cyber-attacks on Ukraine and the developments in the Russia-Ukraine conflict.

While there have not been reports of any threats to Singapore organisations in relation to the events in and around Ukraine, organisations are advised to take active steps to strengthen your cybersecurity posture, heighten vigilance, and bolster your online defences to protect your organisation against possible cyber-attacks, such as web defacement, distributed denial of service (DDoS), and ransomware.

Secure Your Systems and Network Infrastructure

  • Ensure that multi-factor authentication is required for all remote/privileged/administrative access to the organisation's network
  • Update systems, applications and software to the latest version and download the latest security patches
  • Disable all ports and protocols that are not essential for business purposes
  • Install anti-virus software and keep the software (and its virus definition files) updated. Perform a scan of the systems and networks at least once a week and scan all received files
  • Implement strong access controls if using cloud services

 

Monitor Network Connections and Review System Logs to Quickly Detect a Potential Intrusion

  • Enable logging of system events to facilitate investigation of suspicious events or issues
  • Enable user access logging and consider using a Security Information and Event Management appliance (SIEM) for aggregation and monitoring of logs to maintain visibility even after logging periods
  • Actively review both Active Directory sign-in logs and unified audit logs for unusual activity
  • Closely monitor inbound and outbound network traffic for suspicious communications or data transmissions 

 

Prepare for Ransomware Attacks 
Organisations should be on the lookout for potential ransomware attacks which are one of the most common attacks conducted by threat actors. Falling victim to such attacks will adversely impact the operations and business continuity of any organisation. To find out more about ransomware and how you can protect your organisation’s systems and data from the threat, read our full advisory here 

 

Prepare Incident Response and Business Continuity Plans

  • Back up data regularly and ensure that backups are isolated from network connections
  • Establish and validate an incident response and management plan
  • Ensure that critical business functions remain operable if the network becomes unavailable

 

Reporting a Compromise

Singapore organisations who are affected by a cyber-attack or have evidence of any suspicious compromise of your networks should report to SingCERT. A report can be made via our Incident Reporting Form at https://go.gov.sg/singcert-incident-reporting-form

References

https://www.channelnewsasia.com/world/russian-forces-invade-ukraine-strikes-major-cities-2516296?cid=internal_app-web-view_app_24022022_cna
https://www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences
https://www.ncsc.govt.nz/newsroom/gsa-2022-2940/
https://www.cisa.gov/shields-up