Stay Strong. Remain Calm. Be Ready.
Protecting the Enterprise in Times of Cyber Uncertainty
At Open Systems, we are following the events in Eastern Europe with deep regret. Our thoughts are with everyone impacted by this crisis, and we strongly hope for a speedy resolution. We’ve increased our level of preparedness to protect our customers, as well as the company. For customers who have interests in countries related to the escalation, we are especially keen to support them in managing risk as they address geopolitical, economic and cybersecurity challenges.
While we haven’t yet observed a major uptick in activity, cyber risk is moving into the “no rules” realm, so the risks and stakes for organizations continue to rise.
Open Systems focuses on the practical implementation and provisioning of robust security supporting many organizations globally. While we aren’t an intel firm or deep threat researching organization, we actively work within the industry and maintain strong membership in CERT organizations to ensure a high degree of service.
Among the threats and insights that factor into our approach:
- We are tracking threats related to the conflict using Open Source Intelligence (OSINT), the Microsoft Threat Intelligence Centre (MSTIC) and other trusted third parties to detect and respond.
- We are actively hunting for new variants of wiper malware used to target Ukrainian entities, the so-called “Hermetic Wiper.” The variant used in attacks to date is detected and mitigated by Microsoft Defender Anti-Virus.
- Microsoft has released an extensive advisory on the threat group ACTINIUM. Customers using Microsoft Defender for Endpoint have already received relevant detection and prevention capability based on the information outlined. Multiple related variants of malware are also detected by Microsoft Defender Anti-Virus.
- The joint CISA and UK NCSC have issued reports on the Cyclops Blink Malware, attributed to the Sandworm threat group. This malware is targeted toward SOHO security gateways, and in particular (but not limited to) the WatchGuard firewall series. We advise customers concerned about this threat to approach their firewall vendors for guidance.
- Guidance released by the US Cybersecurity & Infrastructure Security Agency (CISA) that addresses both executive and operational aspects related to the heightened state of alert.
Incident Response Planning
The conflict in Ukraine is a sobering reminder that enterprises must have an incident response plan to ensure that breaches are quickly and comprehensively addressed to minimize their impact.
Take a Deeper Dive with These Resources
Organizations and governments worldwide are focused on protection against cyberattacks. Below are a few of the resources that inform our thinking.
Cyclops Blink: Malware Analysis Report
National Cyber Security Centre (UK) A Part of GCHQRead the Report
Shields Up: Cybersecurity Guidance
Cybersecurity & Infrastructure Security Agency (US)Learn More
Cyber Threat Activity in Ukraine
Microsoft Security Response CenterRead The Blog
The Cyber Chapter of The Russian Playbook In Ukraine
CYERead the Blog
How We Can Help
Open Systems MDR+ provides the only Mission Control for cybersecurity to mitigate threats, reduce risk, and alleviate the burden on InfoSec teams, using Microsoft security tools customers already own. Combining an expert understanding of threats with a deep knowledge of attack surfaces and operational realities, MDR+ provides 24×7 tailored protection.
Together, we help organizations stay strong, remain calm – and be ready.