We are continuing to monitor the situation in Russia and Ukraine. We will create new advisories for cyberthreats as needed. Ascend Technologies has blocked all traffic from Russia and Ukraine on firewalls managed by us. We have blocked alerted Indicators of Compromise including malicious file hashes, IP addresses, and domains used by emerging threats in our client's environments.
Additionally, we have blocked file hashes from the newly disclosed destructive malware families: WhisperGate and HermeticWiper. This will prevent the execution of these malicious files in environments managed by Ascend Technologies. Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
If any suspicious activity is detected, we will reach out to the appropriate contacts and inform them of the detected activity.
Posted Mar 01, 2022 - 11:19 CST
Update
We are continuing to monitor for any further issues.
Posted Feb 24, 2022 - 18:56 CST
Update
We are continuing to monitor for any further issues.
Posted Feb 24, 2022 - 17:30 CST
Monitoring
A fix has been implemented and we are monitoring the results.
Posted Feb 24, 2022 - 17:14 CST
Investigating
Ascend Clients,
Increased cyberattacks often coincide with military action, and Russia’s invasion of the Ukraine is a prime example of this relationship. We may see similar spikes as the China and Taiwan conflict builds.
CISA (US Cybersecurity and Infrastructure Security Agency) issued a general warning for all US businesses to enter a “higher state of vigilance” as the standoff escalated. These warnings are especially relevant for those in the Defense Industrial Base and Critical Infrastructure (linked PDF) sectors. Ascend predicts that the Finance sector may subsequently be targeted in response to sanctions against Russia.
For Ascend Cybersecurity Clients the following protections are in place (per service): Managed Firewall clients have geolocation blocking enabled for nations known to engage in state-sponsored cyberattacks such Russia, Iran, North Korea, Turkey, etc. Endpoint Detection and Response (EDR) and Next Generation Antivirus (NGAV) software vendors have informed Ascend that their internal security and development teams are on High alert.
Ascend’s Security Operation Center (SOC) is also on High alert and continuously monitoring threat intelligence feeds—adding any new Indicators of Compromise (IOCs) to our toolsets so they can be identified if they should appear in a client’s environment. Vulnerability Management clients are consistently being scanned for threats, which are correlated with attacks included in our threat feeds to ensure attackers cannot exploit these weaknesses.
What can you do to protect your business?
1. Treat email with increased suspicion, especially when the request claims to be urgent, involves money, or contains links/files. It is best to contact the sender through a known good phone number (not the one presented in the email) to verify the request.
2. Remember that cyberattacks can also be initiated in the form of text messages and phone calls, so treat them with a similar level of suspicion as email.
3. Social Media should be treated with high caution and users should refrain from accessing these sites from business systems because they are a prime vector for cyberattacks—baiting users into clicking links that may lead to malicious payloads and used in campaigns of misinformation.
4. Multi-Factor Authentication should be enabled for all users of Office 365 and VPN accounts.
5. Use long passphrases if MFA cannot be used and avoid using the same password across multiple logins.
6. Report suspicious activity to the Ascend SOC for investigation if you are a Cybersecurity client.
7. Print a hardcopy (or multiple copies) of your Incident Response Plan and keep it in a secure offsite location(s) for future reference.
8. Ensure users are participating in Security Awareness Training so they are knowledgeable about various forms of cyberattacks and do not fall victim.
9. Confirm your backups are working and stored securely offsite so they cannot be deleted during an attack.
10. Contact your Cyber Insurance provider and legal advisors to learn how to contact them should a breach occur.
No one can predict how the first modern cyberwar may play out, but rest assured that Ascend is monitoring the situation closely, we have our defenses up, we are monitoring our clients’ defenses, and we will continue to provide you with actionable information as the situation develops.