Officials Warn of Increased Cyberattack Threat From Russia-Backed Hackers

Promo products companies are not top on the list of potential targets, but should still be on alert and taking steps to improve their cybersecurity and business continuity positions.

Cybersecurity experts and U.S. government officials, including the FBI, are warning private sector companies in the United States to be on increased alert for cyberattacks from Russia-backed hackers.

Officials say companies, along with entities that range from state governments to important utility/infrastructure institutions, can expect likely increased hacking attempts as Western countries, including the U.S., implement sanctions against Russia over that nation’s military invasion of Ukraine.

“Conflict in Ukraine presents perhaps the most acute cyber risk U.S. and western corporations have ever faced,” wrote leading cybersecurity experts in an article for the Harvard Business Review.

computer hacker

Newsweek this week shared details of an FBI report that warns American private sector firms of state-sponsored cyberattacks from Russia.

“The FBI Cyber Division, in coordination with the FBI’s Office of Private Sector (OPS), prepared this (Liaison Information Report) to inform the private sector about the threat of Russian state-sponsored advanced persistent threat (APT) cyber activities, while tensions with Russia are heightened,” the report said.

It continued: “Historically, Russian state-sponsored APT cyber activities increase when tensions are high with Russia. … The United States, along with its allies and partners, has underscored its readiness to impose significant costs on Russia if it takes further military action against Ukraine, potentially further increasing the volume/severity of Russian APT cyber activities.”

Kremlin-backed hackers have already executed spear phishing and brute force cyber network attacks, the FBI said. Targets have included entities in the U.S. and international defense industrial base, healthcare, public health, energy, telecommunications and government facilities sector.

In recent years, cyberattacks against promotional products firms have increased. Top 40 companies that include Bag Makers (asi/37940) and alphabroder (asi/34063) have been victimized by ransomware attacks, for instance.

Promo companies may not be top on the list of targets during the current rising tensions with Russia, but that doesn’t mean they shouldn’t be taking every possible step to improve their cybersecurity position.

“Given the very high tensions that we are experiencing, companies of any size and of all sizes would be foolish not to be preparing right now as we speak to increase their defenses, to do things like patching, to heighten their alert, to be monitoring in real time, their cybersecurity,” said U.S. Deputy Attorney General Lisa Monaco during the Munich Security Conference. 

President Joe Biden’s administration has blamed Russia for recent cyberattacks against Ukrainian political, military and banking institutions. The White House also says the Kremlin was behind the so-called SolarWinds cyberattack in 2020, which included breaches of the U.S. federal government.

Russia denies that it sponsors cyberattacks, calling the U.S. government’s claims “purely anti-Russian.”

“We categorically reject the groundless claims of the U.S. administration and we state that Russia has no relation to the mentioned events, and has never carried out any ‘malignant’ operations in cyberspace,” the Russian embassy in Washington said in a statement.

Nonetheless, the Harvard Business Review had advice for companies concerned about potential digital attacks. “The primary step firms should be taking right now is pulling out, dusting off, and exercising business continuity plans,” HBR wrote. “What would it mean to work in an analog world, or a pencil-and-paper world, for days, weeks, or months?”

Companies should also be “enabling multifactor authentication (which, according to CISA Director Jen Easterly makes you 99% less likely to get hacked), patching those old vulnerabilities, ensuring passwords are strong, and remembering that phishing is still the number one attack vector, even for sophisticated adversaries — all of these can contribute to better overall security,” the Harvard Business Review said.

An article on cybersecurity from ASI Media additionally recommends that promo products companies regularly provide employees with up-to-date education. “Enroll them in continuous cybersecurity training that’s dynamic and interactive to help them understand the latest security risks and keep security top of mind,” the article said.

Furthermore, companies should back up their systems and data daily and keep a clean copy of the data so that it can be easily restored if a threat arises. Be sure to test your backups for recovery.