War in Ukraine Increases Cyber Risk: Social Engineering Red Flags

Cyberattacks on businesses and government agencies have increased following the Russian invasion of Ukraine, with the risk of spillover cyberattacks against non-primary targets becoming much more widespread.

The U.S. Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security (DHS), urged corporate leaders to prepare for attacks and adapt their C-suites accordingly.

“We assess that Russia would consider initiating a cyberattack against the Homeland if it perceived a U.S. or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security,” according to a bulletin from the DHS Intelligence and Analysis bulletin.

Some immediate actions that can be taken to strengthen cyber posture include:    

Enable multifactor authentication
Set antivirus and antimalware programs to conduct regular scans
Enable strong spam filters to prevent phishing emails from reaching end users
Update software
Filter network traffic

Experts also expect an increase in sophisticated social engineering schemes centered around the war. Avanan, an email cybersecurity firm, reported an 800% increase in phishing attacks since February 27.

“We are seeing cybercriminals use Russia and Ukraine-centric social engineering efforts, like phishing emails, leveraging current events to solicit an emotional response to the war,” says Ros Smothers, former CIA cyber threat analyst and technical intelligence officer, now at KnowBe4. “In other words, people are less likely to think before they click.”

Here are some social engineering red flags to help protect yourself and your company:

Additional information

How Social Engineering and Phishing Can Affect You and Your Business
Will Your Company’s Insurance Cover Losses Due to Phishing and Social Engineering Fraud?