Over the last week, we have seen Russia use a combination of tactics in warfare that has not been seen before. From the use of cellular telephone networks for distribution of information that was designed to incite panic among the general population to manipulation of enterprise networks and computers to disrupt critical government departments and private industry. Vladimir Putin has proven that there are no boundaries that he is unwilling to cross when it comes to promoting his self-serving view of the world.
At Vectra AI, our founding vision has been to make the world a safer and fairer place. And a time like this requires all of us to respond to a higher calling. Specifically, we want to make our expertise in defending networks, hybrid clouds, cloud identity systems, and SaaS applications from sophisticated attacks readily accessible to the cyber security community. To provide immediate assistance during this emergency, we will offer for free our tools, systems, experts, and advice to organizations who believe they may be targeted because of this crisis.
Monitoring of Microsoft Azure Active Directory and Microsoft 365
In working with some of our customers globally, both private and government entities, and as indicated in last week's DHS Advisory, we know that the Russians have firmly turned their focus to the Enterprise Cloud to disrupt operations and gain access to critical information. Vectra's recent acquisition of Siriux gives us a unique capability to offer immediate discovery of malicious Microsoft Azure Active Directory activity that could lead to the compromise of Exchange Online mailboxes. Vectra will provide a free Siriux scan to any organization that believes they could be targeted by this M365 attack.
Beyond a one-time scan of your AAD and M365 environments, Vectra also has the ability to monitor those environments for signs of active attack. We are offering at no charge this SaaS-delivered service to provide you with visibility into the attack methods utilized by Russian state actors and criminal gangs.
Vectra complements the Amazon GuardDuty's alerting features
We also have seen artefacts that could be associated with Identity Service Provider attacks which use identity federation to pivot into Amazon Web Services (AWS) tenants. Vectra has developed unique capabilities which complement Amazon GuardDuty's alerting features that will help organizations defend their AWS infrastructure from cross-cloud attacks. For organizations with significant threat exposure on AWS, we are offering to provide detection and response capabilities for both the network and the control plane of their AWS accounts.
Active tracking of new indicators like file hashes, C2 domains, and IPs
We are actively tracking any new indicators of compromise which may arise in the coming days and weeks. Specific IOCs such as file hashes, C2 domains and IPs will always be trailing indicators and while we will make those available as they are identified, our guidance has been to focus on classes of attack behavior consistent with the threat actors who are aligned with or part of the Russian state. For organizations that have at-risk on-premises infrastructure, we are offering to help deploy Vectra sensors in their networks to help detect and root out network-visible attacks.
At Vectra AI, we want to be part of the solution as the war in Ukraine escalates and continues to spillover into cyberspace. We believe that together we can significantly reduce the risks associated with nation-state cyber-attacks and by offering our products and services free-of-charge to the community, we hope that we can help any organization respond appropriately to protect themselves.
Please contact us here for further information on our offer. Additional technical information is available in the blog from our CTO Oliver Tavakoli “Russian Wiper Malware is Novel – Protecting Against it Need Not Be”.