A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Russia-Ukraine Cyber Warfare Updates + Advisories Actionable Intel on Russian-Based Cyberattacks and Operations Overview gTIC Recommendations Vulnerabilities & TTPs Timeline What We're Doing Contact Us International Conflict and Cybersecurity Plenty of cyber implications arise when international conflict breaks out in a hyperconnected world. Deploying cyber operations in tandem with kinetic military operations, Russia’s ongoing invasion of its neighbor is case in point between coordinated cyberattacks on Ukrainian infrastructure by state-sponsored groups, and ransomware outfits threatening action against any interfering nation on the Kremlin’s behalf. The new reality of globally entwined commerce puts every modern organization at risk. In light of the current geopolitical conflict, Optiv’s security operations centers (SOCs) and Global Threat Intelligence Center (gTIC) are operating with heightened awareness and will continue updating our clients and solutions through advisories and emerging intelligence. Optiv’s Latest Russia-Ukraine Advisories 12.05.2023 Russia/Ukraine Update - December 2023 08.25.2023 Russia/Ukraine Update - August 2023 05.30.2023 Russia/Ukraine Update - May 2023 03.02.2023 Russia/Ukraine Update - February 2023 12.20.22 Russia/Ukraine Update - December 2022 11.29.22 Russia/Ukraine Update - November 2022 10.31.22 Russia/Ukraine Update - October 2022 9.29.22 Russia/Ukraine Update - September 2022 8.25.22 Russia/Ukraine Update - August 2022 6.30.22 Russia/Ukraine Update - June 2022 2.25.22 Optiv gTIC: Ransomware Outfits Announcing Support for Russia in the Event of Cyberattacks 2.24.22 Optiv gTIC: Russian Operations Against Ukraine 2.22.22 Source Zero: Russian Cyber Operations Supplementing Kinetic Military and Shaping Operations 2.10.22 Source Zero: Cyber Operations Augmenting Russian Military Operations Mitigation Recommendations for Operations and Assets in Eastern Europe Ukraine, Poland and Romania are key global hubs for information technology and information security outsourcing, which increases the risk of linked Western companies being targeted through employees, satellite offices or supply chain attacks. If you have operations in or near Ukraine, consider: Ensuring you have updated backups of intellectual property in a remote, secure location. Verifying the physical safety of any employees working in, or traveling to, that region. Sharing regular updates on employee safety and protocols. Following credible news sources and strategic security partners for updates and recommendations. All other organizations are encouraged to: Practice defense-in-depth and defensive strategies to mitigate threats from all potential adversaries. Cybercriminal malware, business email compromise (BEC) and ransomware remain the most relevant, likely and dangerous threats to all organizations. Optiv’s gTIC makes the following recommendations on mitigation: Require multi-factor authentication (MFA) to remotely access all network and administrative resources. Establish a vulnerability management program that prioritizes patching based on the severity and prominence of a vulnerability, as well as the number of systems and devices affected. Confirm all nonessential ports and protocols are disabled and not internet-facing. Implement network monitoring tools to scan for traffic indicative of command and control (C2) activity, lateral movement and similar motion. Deploy endpoint security controls to monitor for behavioral indicators of compromise (IOCs) and deny unwanted code execution. Hold all vendors and partners in the supply chain to the same security standards and ensure these organizations’ traffic is isolated and closely reviewed. Create and implement an incident response plan that includes a designated incident response team. Conduct penetration testing to identify points of weakness; combine with tabletop exercises to ensure the incident response plan is effective and all members of the incident response team understand their roles in the event of a cyberattack. Ensure offline backups are available, updated and can be used effectively in the event of an incident. Review the guidance available at the CISA Shields-Up website: https://www.cisa.gov/shields-up Industries at Highest Risk for Disruptive Cyberattack Image Financials Image Government Image Utilities Image Energy Image Telecommunications Image Transportation Vulnerabilities and Adversarial Tactics, Techniques and Procedures At-Risk Software and TTPs CISA’s Known Exploited Vulnerabilities Catalog At-Risk Software and TTPs Optiv’s gTIC advisory covers current software, vulnerabilities and TTPs that we estimate may likely be leveraged by Russian state-sponsored groups and other cyber adversaries over the next 12 months. Download gTIC Advisory CISA’s Known Exploited Vulnerabilities Catalog Updated often, the Cybersecurity & Infrastructure Security Agency’s running list publishes vulnerabilities being actively exploited across common software and products. See the Current List Russia–Ukraine Invasion and Kinetic Warfare Timeline October – December 2021 Russia masses troops along its Ukraine border. January 13, 2022 A destructive malware campaign targets several Ukrainian public and private organizations. While the attack was disguised as ransomware, evidence suggests it was destructive in nature rather than financially motivated. The malware, dubbed “WhisperGate,” is a Master Boot Record (MBR) wiper malware and is believed to have been active since October 2021. February 15, 2022 A large DDoS attack targets Ukrainian government and financial organizations. The distributed denial of service attack temporarily crashed multiple websites and was later attributed to the Russian Military Intelligence Group (GRU) by the U.S. and U.K. based on overlapping technical indicators. February 24, 2022 Russia invades Ukraine. Despite repeated denials in preceding months, Russian troops launched a full-scale assault into Eastern Ukraine while bombarding cities across the country with missile attacks. Download gTIC Advisory February 25, 2022 Ransomware groups announce their support of Russia. Outfits including Conti, RedBandit and CoomingProject announced preparations to attack any country threatening action against Russia during its ongoing military invasion. Download gTIC Advisory April 12, 2022 A malware attack on a major Ukrainian power grid is thwarted. CERT-UA, with the assistance of ESET, revealed an attempted deployment of Industroyer 2, a malware likely associated with the Sandworm threat actor group that’s designed to manipulate electrical utility equipment. Learn More Optiv’s Proactive Approach to Russian Cyber Threats Here’s what we’re doing right now to protect our people, systems and clients: Researching Following proven news sources and strategic security partners for updates and recommendations Reviewing threat intel providers for relevant alerts Hardening the “Perimeter” Analyzing third-party risk management reports on our public-facing posture to identify any items that need to be addressed Scanning for any critical/high/medium vulnerabilities and other pressing issues Ensuring geo-blocking is properly in place wherever possible Communicating Reaching out to potential high-target clients proactively Sending emails to employees to be on high alert for social engineering, phishing, fake news and fraudulent humanitarian aid attempts Strengthening Internal Controls Increasing level of diligence around event monitoring Reviewing security controls on high-value assets to ensure proper functioning Ingesting and hunting for IOCs as they become available Evaluating Supply Chain Identifying any strategic partners with connectivity into our environment who may have higher risks due to operations in Ukraine Speak to an Expert