Well, that escalated quickly.

Whilst we may seem half a world away from the events in the Ukraine, it's a timely reminder to be vigilant.   A lot of automated exploits are indiscriminate and it would be lax to think that just because we are in little old NZ in the South Pacific that we will be safe from the crossfire.

Below if from Fortinet's Weekly News letter and Threat Brief

After weeks of tension between Ukraine and Russia, the situation quickly escalated this week. Russian military forces started their offensive operation against Ukraine. FortiGuard Labs has been closely monitoring the situation. Since we can expect the cyber part of the conflict to escalate similarly, we recommend to follow Fortinet's Outbreak Alerts and Threat Signals where they first publish our findings after their first analysis.

Even if you are not directly in the line of fire, it is a timely reminder during these concerning times that we all need to be taking our cybersecurity more seriously. This is a sentiment echoed by Department of Justice (DoJ) official Deputy Attorney General Lisa Monaco in remarks at the Munich Cybersecurity Conference.

"Given the very high tensions that we are experiencing, companies of any size and of all sizes would be foolish not to be preparing right now as we speak -- to increase their defenses, to do things like patching, to heighten their alert systems, to be monitoring in real-time their cybersecurity. They need to be as we say, 'shields up' and to be really on the most heightened level of alert that they can be and taking all necessary precautions."

All of the above resonated with our own recommendations:

  • Keep your systems patched and up to date
  • Use the security features (UTM/IPS/WAF etc.) that are available to you
  • Follow best security practice
  • Invest in staff training

We are seeing attack pattens being blocked that align with the Fortinet top 5

And it is also good to be aware that most source IP addresses that these come from are not from the geo ip regions that you may expect.  Most exploits are launched from previously compromised hosts around the world.