What the DDoS attack on Finland means for enterprises

Late last week, Finland’s Ministry of Defense and Foreign Ministry websites were put out of action by a series of distributed denial-of-service (DDoS) attacks. The attacks occurred while President of Ukraine, Volodymyr Zelenskyy addressed parliament and just hours after the Ministry of Defense had reported a Russian state aircraft had entrained into Finland’s airspace. 

With Finland weeks away from applying for North Atlantic Treaty Organization (NATO) membership, many commentators are suggesting that Russia is behind the attack. If correct, this means Russia’s war on Ukraine is beginning to create cyberthreats that even impact countries that are not physically involved in the war.

Given the impact of the 2017 NotPetya global ransomware attack — which caused billions of dollars in damage and has been attributed to Russian-state actors targeting Ukraine — there is widespread concern that any threats emerging from the war between Russia and Ukraine could have worldwide repercussions.   

As a result, enterprises must be prepared for emerging threats from the cyberwar and proactively implement robust security controls to confront the threats, unless they want to fall victim to the next generation of state-sponsored threats. 

Cyberwarfare turns hot 

Ever since Russia’s unprovoked attack on Ukraine began, many nations have warned of an impending cyberwar between Russia and NATO countries. 

Last month, President Biden warned of a potential cyberattack from Russia and highlighted that the U.S. government has been “working closely” with the private sector “to sharpen our ability to respond to Russian cyberattacks,” and noted it would respond if Russia pursued cyberattacks against American companies. 

Likewise, the U.K. government recently announced its concerns over the worldwide impact of a cyberwar between Russia and Ukraine, with a recent NCSC briefing saying “there has been an historical pattern of cyberattacks on Ukraine with international consequences.” 

If the attack on Finland was perpetrated by Russian actors as many commentators suggest, then this would signal that the cyberwar is heating up with active malicious campaigns.  

The international consequences of the Finland attack 

Currently, it’s unclear if the DDoS attacks on Finland will usher in international consequences, but Gartner analyst, Peter Firstbrook, recommends caution to enterprises who could be collateral damage in future attacks. 

“The data wiping NotPetya attack, in 2017, started as a Russian attack on Ukraine and then spread globally. Enterprises should anticipate that they could be collateral damage from a similar directive attack, or that their infrastructure could be used to attack other organizations,” said Firstbrook. 

In addition, “organizations that are directly involved in supporting Ukraine should be [on] heightened alert for data theft. We anticipate that Ransomware attacks will increase,” Firstbrook said. 

Given the heightened risk of international fallout from a cyberwar, enterprises need to be prepared to mitigate potential state-sponsored attacks so they can maintain the integrity of their critical infrastructure. 

Firstbrook recommends that organizations take the same steps they would to protect against all malware attacks; filtering emails, expanding the use of multifactor authentication, deploying endpoint detection and remediation solutions on servers, regularly backing up critical data and monitoring it for abnormal usage. 

At the same, he suggests that enterprises should make sure they’re monitoring user accounts for signs of takeover and proactively educating employees on how to detect social engineering and credential attacks that hackers rely on to obtain privileged access to key resources.