Security experts are warning businesses large and small to take extra steps to protect information systems from possible cyber attacks in the wake of the Russian invasion of the Ukraine. 

Michael D. Moore, CEO of M3 Networks, a Southlake-based IT services and cybersecurity firm, puts it bluntly.  

“Now is the time to be vigilant at your highest level. If a rogue nation is empowering its criminal element to unleash its worst actions on you, you need to be prepared,” he said. 

Moore said cyber attacks were the precursor to the actual invasion. 

“The Ukraine, before they got hit with bombs, Russia hit it with DDoS (Denial of Service) attacks and malware that crippled their infrastructure and their communications prior to sending the first tank across the border,” he said. 

Federal officials are warning of possible cyber attacks by Russian-backed groups against U.S. targets in the wake of the Ukraine invasion with the U.S. Cybersecurity & Infrastructure Security Agency warning organizations to be prepared for cyber attacks. 

Businesses, particularly high-tech and financial institutions, should be on high alert, said  Dr. Murat Kantarcioglu, professor of computer science at UT Dallas.

“Those are the organizations that should be hypervigilant because those are areas where the U.S. has imposed sanctions against Russia,” he said. Other organizations should also be on high alert, he added. 

“Now is the time to take stock of your computer security position,” he said. “Defense is your best plan, but you also should know how to recover if you do come under attack.” 

Although it has not been linked to the tensions brought on by the Russian invasion, Seattle-based Expeditors International of Washington Inc. announced Feb. 20 it was the subject of a cyberattack that impacted operations around the globe. In Ukraine, Moore said, officials there have reported a wave of various highly coordinated cyber attacks around the county. 

Moore’s company is reaching out to their clients and asking them to take three steps. No. 1 and No. 2 relate to a company’s cyber-liability policy, he said.

“I’m asking them to audit their cyber liability policy and make sure they adhere to the language,” he said. That language may call for a consistent third-party cybersecurity assessment.

“What consistent means in insurance language is every 90 days or every six months. So if you say, ‘I’ve got an IT company, I’m good here,’ but you don’t do this third-party cybersecurity audit, you’re not in compliance with your insurance policy.”

Item No. 2 is for companies to perform a cybersecurity audit to remain in compliance, while No. 3 calls for companies to engage with a cybersecurity specialist attorney.

Moore also noted that while many companies experience ransomware from individuals looking for monetary gain, these attacks from Russian actors may simply be destructive in nature.

“Ransomware, it tries to get you to pay a fee and the hacker gets some money in the process,” he said. “This malware that Russia has created, that they put publicly out there for hackers to use, to do destruction to folks, it actually just deletes everything. It just does destruction. It doesn’t even ask you for money. It doesn’t try to help benefit the Russian economy or underground crime. It just literally destroys everything.”

That is a different mindset to be aware of, Moore said. “They’ve enabled other countries and other people that are friendly to them, or want to do damage to American interest, they’ve enabled them to have access to that malware to do damage to us. That’s bad.”

“It’s not a matter of if your company or you as a person are going to be individually harmed by a cyber attack, it’s a matter of when,” said Moore. 

7 tips for cybersecurity 

1. Use passphrases instead of passwords. Example: I love the beach for Amazon.
2. Use encryption and multi-factor authentication whenever it is available.
3. Watch for phishing scams – the paid ad that asks, “What does Mary Ann from Gilligan’s Island look like now?”
4. Stop reusing passwords – using the same password for everything makes you extremely vulnerable.
5. Sign up for a third-party password manager such as 1Password, Dashlane, Roboform.
6. Watch out for public WiFi.
7. Improve your offboarding process – departing employees have your passwords unless you change as they leave.

Source: M3 Networks 

Unusual incidents or reports of cyber crimes can be reported to the FBI  at ic3.gov. 

Bob Francis is business editor for the Fort Worth Report. Contact him at bob.francis@fortworthreport.org. At the Fort Worth Report, news decisions are made independently of our board members and financial supporters. Read more about our editorial independence policy here.

Close window X

Republish this article

This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.

This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Unless otherwise noted, you may republish most of Fort Worth Report stories for free under a Creative Commons license. For digital publications:

• Look for the "Republish This Story" button underneath each story. To republish online, simply click the button, copy the html code and paste into your Content Management System (CMS). Do not copy stories straight from the front-end of our web-site.
• You are required to follow the guidelines and use the republication tool when you share our content. The republication tool generates the appropriate  html code.
• You can’t edit our stories, except to reflect relative changes in time, location and editorial style.
• You can’t sell or syndicate our stories.
• Any web site our stories appear on must include a contact for your organization.
• If you use our stories in any other medium — for example, newsletters or other email campaigns — you must make it clear that the stories are from the Fort Worth Report. In all emails, link directly to the story at fortworthreport.org and not to your website.
• If you share our stories on social media, please tag us in your posts using @FortWorthReport on Facebook and @FortWorthReport on Twitter.

For print publications:

• You have to credit Fort Worth Report. Please use “Author Name, Fort Worth Report” in the byline. If you’re not able to add the byline, please include a line at the top of the story that reads: “This story was originally published by Fort Worth Report” and include our website, fortworthreport.org.
• You can’t edit our stories, except to reflect relative changes in time, location and editorial style.
• Our stories may appear on pages with ads, but not ads specifically sold against our stories.
• You can’t sell or syndicate our stories.
• You can only publish select stories individually — not as a collection.
• Any web site our stories appear on must include a contact for your organization.
• If you share our stories on social media, please tag us in your posts using @FortWorthReport on Facebook and @FortWorthReport on Twitter.

The Fort Worth Report retains the copyright for all of its published content. If you have any other questions, contact Managing Editor Thomas Martinez.

Ukraine invasion raises possibility of additional cyber attacks in U.S. 

by Bob Francis, Fort Worth Report
February 28, 2022

<h1>Ukraine invasion raises possibility of additional cyber attacks in U.S. </h1> <p class="byline">by Bob Francis, Fort Worth Report <br />February 28, 2022</p> <p>Security experts are warning businesses large and small to take extra steps to protect information systems from possible cyber attacks in the wake of the Russian invasion of the Ukraine.&nbsp;</p> <p>Michael D. Moore, CEO of <a href="https://www.m3networks.com/" target="_blank" rel="noreferrer noopener">M3 Networks</a>, a Southlake-based IT services and cybersecurity firm, puts it bluntly.&nbsp;&nbsp;</p> <p>“Now is the time to be vigilant at your highest level. If a rogue nation is empowering its criminal element to unleash its worst actions on you, you need to be prepared,” he said.&nbsp;</p> <p>Moore said cyber attacks were the precursor to the actual invasion.&nbsp;</p> <p>“The Ukraine, before they got hit with bombs, Russia hit it with DDoS (Denial of Service) attacks and malware that crippled their infrastructure and their communications prior to sending the first tank across the border,” he said.&nbsp;</p> <p>Federal officials are warning of possible cyber attacks by Russian-backed groups against U.S. targets in the wake of the Ukraine invasion with the <a href="https://www.cisa.gov/" target="_blank" rel="noreferrer noopener">U.S. Cybersecurity &amp; Infrastructure Security Agency</a> warning organizations to be prepared for cyber attacks.&nbsp;</p> <p>Businesses, particularly high-tech and financial institutions, should be on high alert, said &nbsp;<a href="https://chairs.utdallas.edu/profiles/dr-murat-kantarcioglu/" target="_blank" rel="noreferrer noopener">Dr. Murat Kantarcioglu</a>, professor of computer science at <a href="https://www.utdallas.edu/" target="_blank" rel="noreferrer noopener">UT Dallas</a>.</p> <p>“Those are the organizations that should be hypervigilant because those are areas where the U.S. has imposed sanctions against Russia,” he said. Other organizations should also be on high alert, he added.&nbsp;</p> <p>“Now is the time to take stock of your computer security position,” he said. “Defense is your best plan, but you also should know how to recover if you do come under attack.”&nbsp;</p> <p>Although it has not been linked to the tensions brought on by the Russian invasion, Seattle-based Expeditors International of Washington Inc. announced Feb. 20 it was the subject of a cyberattack that impacted operations around the globe. In Ukraine, Moore said, officials there have reported a wave of various highly coordinated cyber attacks around the county.&nbsp;</p> <p>Moore’s company is reaching out to their clients and asking them to take three steps. No. 1 and No. 2 relate to a company’s cyber-liability policy, he said.</p> <p>“I’m asking them to audit their cyber liability policy and make sure they adhere to the language,” he said. That language may call for a consistent third-party cybersecurity assessment.</p> <p>“What consistent means in insurance language is every 90 days or every six months. So if you say, ‘I've got an IT company, I'm good here,’ but you don't do this third-party cybersecurity audit, you're not in compliance with your insurance policy.”</p> <p>Item No. 2 is for companies to perform a cybersecurity audit to remain in compliance, while No. 3 calls for companies to engage with a cybersecurity specialist attorney.</p> <p>Moore also noted that while many companies experience ransomware from individuals looking for monetary gain, these attacks from Russian actors may simply be destructive in nature.</p> <p>“Ransomware, it tries to get you to pay a fee and the hacker gets some money in the process,” he said. “This malware that Russia has created, that they put publicly out there for hackers to use, to do destruction to folks, it actually just deletes everything. It just does destruction. It doesn't even ask you for money. It doesn't try to help benefit the Russian economy or underground crime. It just literally destroys everything.”</p> <p>That is a different mindset to be aware of, Moore said. “They've enabled other countries and other people that are friendly to them, or want to do damage to American interest, they've enabled them to have access to that malware to do damage to us. That's bad.”</p> <p>“It's not a matter of if your company or you as a person are going to be individually harmed by a cyber attack, it's a matter of when,” said Moore.&nbsp;</p> <p><strong>7 tips for cybersecurity</strong>&nbsp;</p> <ol> <li>Use passphrases instead of passwords. Example: I love the beach for Amazon.</li> <li>Use encryption and multi-factor authentication whenever it is available.</li> <li>Watch for phishing scams – the paid ad that asks, “What does Mary Ann from Gilligan’s Island look like now?”</li> <li>Stop reusing passwords – using the same password for everything makes you extremely vulnerable.</li> <li>Sign up for a third-party password manager such as 1Password, Dashlane, Roboform.</li> <li>Watch out for public WiFi.</li> <li>Improve your offboarding process – departing employees have your passwords unless you change as they leave.</li> </ol> <p><em>Source: M3 Networks</em>&nbsp;</p> <p>Unusual incidents or reports of cyber crimes can be reported to the FBI&nbsp; at <a href="https://www.ic3.gov/">ic3.gov.&nbsp;</a></p> <p><em>Bob Francis is business editor for the Fort Worth Report. Contact him at bob.francis@fortworthreport.org. At the Fort Worth Report, news decisions are made independently of our board members and financial supporters. Read more about our editorial independence policy </em><a href="https://fortworthreport.org/about/fort-worth-report-editorial-independence-policy/"><em>here</em></a><em>.</em></p> <p>This <a target="_blank" href="https://fortworthreport.org/2022/02/28/ukraine-invasion-raises-possibility-of-additional-cyber-attacks-in-u-s/">article</a> first appeared on <a target="_blank" href="https://fortworthreport.org">Fort Worth Report</a> and is republished here under a Creative Commons license.<img src="https://i0.wp.com/fortworthreport.org/wp-content/uploads/2021/04/cropped-favicon.png?fit=150%2C150&amp;ssl=1" style="width:1em;height:1em;margin-left:10px;"><img id="republication-tracker-tool-source" src="https://fortworthreport.org/?republication-pixel=true&post=33699&ga=UA-194640723-1" style="width:1px;height:1px;"></p> Copy to Clipboard

1