How to protect your organization from the latest Ukraine-related cyberattacks

Cyberattacks zeroing in on Ukraine are on the rise. Even if not directly targeted, organizations can face risks from this activity. Symantec continues to monitor and update protection against present and future attacks for customers. Refer to this page often for our published research on these recent threats.

Blogs

From the latest details on the Ukraine-focused wiper malware to the Shuckworm espionage attack, you can get it all in Symantec’s Threat Intelligence blog. Read more here:

Protection Bulletins

The Symantec Threat Research team is working overtime to bring the latest information on how to protect against Ukraine-related cyber threats. Check back here to get up-to-date guidance on how to protect yourself against these ongoing threats. Find your current bulletins here:

Best Practices

Take advantage of publicly available resources that detail recommendations specific to each conflict:

Establish strong security controls in your organization:

Implement multi-factor authentication (MFA)
Secure Active Directory. Read the Microsoft guidelines to learn more
Evaluate and enable Symantec Threat Defense for Active Directory (TDAD), a feature of SES Complete. Learn more about TDAD

Maximize Protection from Symantec Enterprise Security Complete

Ensure all proactive protection technologies are enabled
Enable the IPS, SONAR and Insight features, even on servers
Ensure the SEPM is hardened and accounts accessing each machine use multi-factor authentication (MFA)
Protect your SEP client by enabling password protection to prevent configuration changes
Evaluate and enable Adaptive Protection
Ask your Symantec Sales Engineer for a custom heat map showing risky “Living off the Land” behavior in your network

News Coverage: Read All About It

Major news outlets look to Symantec for cyber threat research and protection insights that can help businesses across the world.

IDG Connect: Security and tech pros are finding ways to help people in Ukraine
Reuters: Ukraine computers hit by data-wiping software as Russia launched invasion
AP News: Cyberattacks accompany Russian military assault in Ukraine
Bloomberg: Digital Sleuths Track Clues in Hacks on Ukrainian Government, Banks
CNN: Key Ukrainian government websites hit by series of cyberattacks
The Wall Street Journal: Malware Detected in Ukraine as Invasion Threat Looms

How Symantec Solutions Can Help

As Advanced Persistent Threats (APTs) continue to proliferate and pose serious damage, the Symantec Enterprise Business provides a comprehensive portfolio of security solutions to address today’s security challenges and protect data and digital infrastructure from multifaceted threats. These solutions include core capabilities designed to help organizations prevent and detect advanced attacks like those that have been launched against the Ukrainian government and those countries that provide services to it.

Symantec Endpoint Security Complete Symantec Endpoint Security Complete (SESC) was specifically created to help protect against this type of attack. While many vendors offer EDR to help find intrusions, as does Symantec, there are gaps. We call these gaps blind spots and there are technologies in SESC to eliminate them. Learn More

Privileged Access Management (PAM) PAM is designed to prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies and monitoring and recording privileged user activity. Learn More

Symantec Web Isolation Symantec Web Isolation eliminates web threats and solves the challenge of providing access to unknown, uncategorized and potentially risky web by creating a remote execution environment between an agency’s enterprise systems and content servers on the web. Learn More

Symantec Secure Web Gateway (SWG) SWG delivers high-performance on-premises or cloud secure web gateway that organizations can leverage to control or block access to unknown, uncategorized, or high-risk websites. Learn More

Symantec Threat Intelligence Symantec’s Global Threat Intelligence Network continuously gathers and analyzes the data from all of Symantec's products. Advanced ML and AI processes performed on the data produce deep insights that are fed back into Symantec’s security solutions, making them smarter and quicker to respond to threats, attackers and developments in the threat environment. Learn More

Symantec Content Analysis with Advanced Sandboxing Within the Symantec Content Analysis platform, zero-day threats are automatically escalated and brokered to Symantec Malware Analysis with dynamic sandboxing for deep inspection and behavioral analysis of potential APT files and toolkits. Learn More

Symantec Security Analytics Symantec Security Analytics delivers enriched, full-packet capture for full network traffic analysis, advanced network forensics, anomaly detection, and real-time content inspection for all network traffic to arm incident responders for quick resolution. Learn More