The Russian-Ukraine Conflict And The Rise Of Phishing Campaigns

For months, federal officials have been warning of cyber incidents, including distributed denial-of-service attacks, related to Russia's invasion of Ukraine.

Cybersecurity professionals have seen an increase in intentional distribution of disinformation online. Large employers in particular are at risk of unintentionally spreading this misinformation and propaganda.

Experts say that employers may be unsure how to respond to the conflict, but a good place to start is ensuring a "baseline level of preparedness." Multi-factor authentication is often one of the first cybersecurity changes made following an attack, but it is best to implement it now, before an attack.

Other basic measures include creating a response plan and designating who will carry out the incident response, as well as training employees on using strong passwords for personal and work accounts and reporting mistakes when they occur.

Phishing scams may also "leverage current events to lure workers." Human resources employees may even receive "fabricated resume lures" as part of a spearfishing campaign targeting HR employees. Also, avoid responding to charity requests that are received through email, direct messages, or social media. Ryan Golden "How to train employees on the potential cybersecurity consequences of the Ukraine crisis" www.hrdive.com (Mar. 03, 2022).

Commentary

Cybercriminals frequently use trending topics to spread malware. They try to activate their targets’ emotions and curiosity to make their phishing scams more effective. Cybercriminals may make the subject and content of their phishing emails related to a major world event, such as the Russia-Ukraine conflict, hoping that targets will click on a link to learn more about what is happening.

Cybercriminals also often use excitement or fear to try to get victims to click before they think. For example, they may threaten criminal action, promise a reward, or play off emotions, like those related to the Russian-Ukraine conflict. 

In light of the rise of cyberattacks related to the Russia-Ukraine invasion, now is a good time to remind all employees about cyber best practices. Employers should remind employees to slow down when reacting to something they see online.

Cover the elements of a phishing attack and the need to always confirm that a message is legitimate before selecting links or attachments.

Finally, your opinion is important to us. Please complete the opinion survey: