Check Point, Sophos, Trend Micro Among Cybersecurity Providers Responding to Ukraine Crisis
More cybersecurity vendors and providers need to step up and help.
![Russia-Ukraine Conflict Russia-Ukraine Conflict](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blteb0b4ac7e18483f7/6524345e3219a2a7b181b265/Russia-Ukraine-Conflict.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Gil Messing is Check Point’s chief of staff.
“Check Point, like the rest of the world, closely monitors the saddening situation in Ukraine and Eastern Europe,” he said. “As of now, our supply chain processes are not directly linked to the conflict zone, but supplies to the conflict zone may be subject to regulatory restrictions and couriers’ policies. We always adhere to local and international laws and guidance.”
Check Point operates on a global level, Messing said. Therefore, it maintains regular contact with national and international regulators, law enforcement, the Community Emergency Response Team (CERT) and other relevant authorities. It works proactively to coordinate compliance with an array of regulatory frameworks, including those associated with international trade, sanctions and import-export controls.
“Check Point’s threat intelligence teams and internal security practitioners operate continuously to monitor and update protections to align with changing global cyber threat levels,” he said. “This is certainly true for the current situation for our customers and partners in Ukraine and globally. The company raised its cyber threat intelligence activity prior to the outbreak of hostilities in and around Ukraine. And we continue to operate at heightened levels ever since the violent conflict began.”
Check Point publishes daily updates on a special website that includes research on evolving threats and recommendations for partners and customers to shore up their cyber defenses, Messing said.
“Check Point’s support teams and corporate functions are available to our global community of customers and partners, as are our threat intelligence and incident response teams,” he said. “These functions operate around the world and leverage Check Point’s global IT systems. As a part of its regular operations, Check Point maintains a formal information security program, which includes defined business continuity and disaster recovery guidelines. We will continue to closely monitor the situation, prepare for different kinds of scenarios and work tirelessly to ensure the well being of our employees in this conflict zone while providing the highest levels of security to our partners and customers.”
Tony Jennings is KnowBe4‘s executive vice president of international and global channel sales. He said KnowBe4 has operations, customers and partners in Ukraine.
“They have been impacted by shutting down their business operations,” he said. “From surrounding countries, we have been seeing a massive focus on supporting Ukraine as a top priority and business second.”
KnowBe4 is working with its partners and nonprofits in the region to see “how we can best assist,” Jennings said.
Chester Wisniewski is Sophos‘ principal research scientist.
“We are monitoring the situation around the clock to be sure our customers have the protection they need and so we can alert them if there are any changes they should be aware of to improve their defenses,” he said. “I posted an article just before the ground war began highlighting the historic cyberattacks Russia had used during previous conflicts. And we have been updating it daily with any confirmed or noteworthy events. Additionally, we delivered a webinar … with a Q&A for attendees to ask questions of our experts. If the war continues, I imagine we may offer additional seminars to keep folks up to date with the latest advice and to address their concerns.”
Jon Clay is Trend Micro‘s vice president of threat intelligence. He said like so many other leading tech companies, Trend Micro is “desperately making humanitarian efforts to support citizens, customers and partners in Ukraine.”
“We do have employees located within Ukraine and are doing everything we can to support them,” he said. “Our solution/protection operations are cloud-based and not located within this country. And so these are not being affected by the current situation.”
Trend Micro research and threat hunters continue to monitor the company’s global threat intelligence for any indications of new attacks or threats that are associated with this situation, Clay said.
“We are protecting against all the known threats that have been shared publicly,” he said. “And we also look to include any early warning malware or tools used by malicious actors in their attacks to help improve our customers’ ability to detect an attack early in the infection chain. This also includes recent scams (i.e. bogus charities) and misinformation campaigns targeting consumers. We will continue to collect, analyze, identify and protect any new threats or attacks which are found.”
Trend Micro offers incident response services and support help for any partners/customers who are affected, and will continue to ensure its customers are protected against the known threats and any new threats that are identified, Clay said.
“Additionally, our team of experts is constantly updating our resource center on our website, with everything from existing indicators of compromise (IoCs), insights into recent cyberattacks and tips for improving cyber-resilience to keeping your organization and family safe during this crisis,” he said. “This is available to anyone looking for guidance, and is available here.”
Palo Alto Networks is sharing its information on the crisis on its Unit 42 Ukraine threat brief, which it frequently updates.
“Consistent with our previous reporting on the topic, several Western governments have issued recommendations for their populations to prepare for cyberattacks that could disrupt, disable or destroy critical infrastructure,” it said. “We have already observed an increase in Russian cyber activity, which we reported on in our initial threat brief published last month and our recent report on the Gamaredon group. Future attacks may target U.S. and Western European organizations in retaliation for increased sanctions or other political measures against the Russian government. We recommend that all organizations proactively prepare to defend against this potential threat.”
Palo Alto Networks will continue to provide updates with new information and recommendations as they become available.
CrowdStrike’s intelligence team is monitoring the situation to deliver its customers and partners timely, accurate and detailed information on all threat activity through several channels, including regularly updated intelligence reports and the CrowdStrike blog.
“Additionally, we continue to provide security tips and guidance for businesses of all sizes via the CrowdStrike blog, including recently sharing a new tool to decrypt PartyTicket ransomware, which has been targeting Ukrainian entities since late February,” a CrowdStrike spokesperson said. “It’s also worth noting that CrowdStrike Falcon protects against the DriveSlayer wiper used against Ukrainian entities in the Feb. 23 cyberattacks.”
CrowdStrike is offering complementary threat intelligence and assistance to its customers worldwide, including Russia-Ukraine-focused intelligence briefings that provide details to help customers better understand the tactics, techniques and procedures of specific threat actors.
Bitdefender doesn’t have offices or operations in Ukraine. However, it does serve tens of thousands of customers on the consumer side and several hundred on the business side.
“We are actively monitoring the situation through our telemetry, global honeypot network, threat intelligence and our managed detection and response (MDR) services,” a Bitdefender spokesperson said. “We are also monitoring third-party threat intelligence feeds coming from the cybersecurity community. So far, we have found cybercriminals trying to take advantage of the situation by sending mass Ukraine-theme charity scam email campaigns to capitalize on the good will of others.”
On Friday, Bitdefender also announced new research on two separate Ukraine-themed malspam campaigns designed to infect systems with Agent Tesla and Remcos, remote access trojans designed to exfiltrate data and steal user credentials.
In addition, Bitdefender and the Romania National Cyber Security Directorate announced a joint collaboration to provide cybersecurity expertise, threat intelligence and technology at no cost to any business, government institution or private citizen of Ukraine for as long as it is necessary. The program also offers NATO and EU countries cybersecurity technologies for one year if they have trust concerns and are looking to replace current cybersecurity technology.
IBM for weeks has been monitoring and implementing plans in response to the deteriorating situation involving Ukraine and Russia.
“Our top priority is ensuring the safety and well-being of IBMers and their families in all of the impacted regions,” it said. “We have been in constant touch with our local teams and have provided assistance including relocation and financial support. The full resources of our company are engaged in support of our teams, and any IBMer in need of help will get it.”
Teams are also working through the impacts of evolving international sanctions and what they mean for IBM and its business. While the situation is “dynamic, IBM says it will “always follow the law.”
IBM will continue monitoring events as they unfold and will share further updates as needed.
IBM for weeks has been monitoring and implementing plans in response to the deteriorating situation involving Ukraine and Russia.
“Our top priority is ensuring the safety and well-being of IBMers and their families in all of the impacted regions,” it said. “We have been in constant touch with our local teams and have provided assistance including relocation and financial support. The full resources of our company are engaged in support of our teams, and any IBMer in need of help will get it.”
Teams are also working through the impacts of evolving international sanctions and what they mean for IBM and its business. While the situation is “dynamic, IBM says it will “always follow the law.”
IBM will continue monitoring events as they unfold and will share further updates as needed.
Cybersecurity providers like Check Point Software Technologies, Sophos, Trend Micro and more are on high alert as the Ukraine crisis intensifies.
Russia’s invasion of Ukraine has been accompanied by a barrage of cyberattacks on computer networks and internet-based disinformation campaigns.
Eric Parizo is managing principal analyst of Omdia Cybersecurity. (Omdia and Channel Futures share a parent company, Informa.)
Omdia’s Eric Parizo
“First and foremost, customers, partners and employees located in or with ties to Ukraine have to be the priority, simply from a safety and security standpoint,” he said. “There is obviously great concern for companies like KeepSolid, which has most of its workforce based in Ukraine.”
More Cybersecurity Vendors and Providers Need to Step Up
Parizo hopes more cybersecurity vendors and providers will step up and make their products and services available to people and businesses in Ukraine for the duration of the conflict.
“This would essentially be following Elon Musk’s lead after he recently made free Starlink satellite connectivity available to Ukraine,” he said.
It’s likely demand is increasing for cybersecurity providers’ solutions and services due to the conflict and associated cyberattacks, Parizo said.
Adversaries of all kinds rarely let an opportunity go to waste, he said.
“Hence, it’s no surprise that we’re already seeing reported phishing attacks leveraging the conflict,” Parizo said. “Organizations should ensure their employees are aware that adversaries are likely to try to exploit strong emotions about the conflict to manipulate their targets.”
Generally, people don’t want to be marketed to during a crisis, Parizo said. That’s especially true when the pitch involves something about the crisis.
Organization should review their go-to-market messaging and marketing campaigns, he said. They need to take into account the right tone and level of sensitivity.
Scroll through our slideshow above for cybersecurity providers’ response to the crisis.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like