Russian Ukraine - Protecting Boundaries During a Cyber Conflict

Managing and Protecting Boundaries During a Cyber Conflict

Summary In today’s digital age, conflicts between nations extend beyond traditional domains to the cyber front. This new battleground involves disrupting information flow and compromising critical infrastructures. PacketViper offers a comprehensive strategy to monitor not only the countries directly involved in such conflicts but also their neighboring or allied nations, which might indirectly participate in cyber warfare. Cyber Front Strategy Application This strategy should be implemented across all external boundary devices to effectively monitor, detect, and counter potential cyber threats from identified conflict zones. It is equally crucial to apply these measures within both IT and OT environments internally, to scrutinize connections to these regions and, where necessary, limit traffic to and from them.




Dashboard Creation for Enhanced Monitoring To assist in the surveillance of countries potentially involved in the cyber conflict within Europe, we recommend creating a dedicated dashboard. PacketViper has developed a dashboard template specifically designed for this purpose, available for download and easy integration into your monitoring system.

You can download the Cyber Front Dashboard from our Help Desk Portal  (Also attached to this KB)


Cyber Front Dashboard


  1. Create New Dashboard

  2. Rename to: Cyber Conflict Risk

  3. Create Current Traffic Widgets for;


Sensors Widgets

  • Conflict Countries Sensor

  • Conflict Business Sensor


Country Widgets

  • Russia

  • China

  • Belarus

  • Iran

  • North Korea

  • Armenia

  • Kazakhstan

  • Azerbaijan

  • Kyrgyzstan

  • Tajikistan

  • Seychelles

  • Isle of Man

  • Venezuela


Context Groups for Targeted Defense

PacketViper has established various context groups that encapsulate both the countries and businesses within the potential cyber conflict zones. These groups can be seamlessly integrated with Sensors and Custom Rules for alerting or traffic control measures. We recommend that a Sensor is created to log only and a disabled Custom Rule to block in the event of an emergency.


You can download these Context Groups from our Help Desk Portal  (Also attached to this KB)


Countries

These countries have been identified as potential actors or contributors to the cyber conflict.


  1. Create New Country Context Group

  2. Add The following Countries


  • Russia

  • China

  • Belarus

  • Iran

  • North Korea

  • Armenia

  • Kazakhstan

  • Azerbaijan

  • Kyrgyzstan

  • Tajikistan

  • Seychelles

  • Venezuela

  • Isle of Man



Context Groups: Businesses


We have identified 245 businesses that have registered network spaces within the conflict areas.  While these businesses may not be willing participants in the cyber conflict. Because these networks are within the conflict areas they may be used unwillingly and therefore should be considered as high risk during this conflict. We have created a context group with the following businesses.
  1. We recommend that a Sensor is created to log only and a disabled Custom Rule to block in the event of an emergency.

3M Company

3NT Solutions LLP

Aceville Pte.Ltd.

Adman LLC

Advanced Micro Devices Inc

Akamai Tech Inc

Alexander Valerevich Mokhonko

Alibaba

Alibaba Advertising

Aliyun Computing

Alterway Makers

Amateur Radio Digital Communications

Amazon China

Amazon Inc

American Airlines

Anexia

ANS comms inc

Apple Computer

Aptum Technologies

Arbatek

Arkada LLC

ARKADA-X Ltd.

Art Invest Ltd

Arvato Systems

AT&T Russia

ATOMOHOST LLC

Auction LLC

Avast Software

Avnet Tech Services Australia Ltd

Barracuda Networks Inc

Beijing Baidu Netcom Science and Tech Co Ltd

Beijing NewsGuide Science and Tech Dev Co Ltd

BellSouth Corp

Biznet Networks

Blazing Fast

Bloomberg L.P.

BP Petro

Ningbo Telecom Co.ltd

NTT Comm Corp

Nvidia Corp

SSC-Verizon

Symantec

Taboola Ltd

Tata Communications Ltd

Teamviewer

Telenet LLC

Telstra

Tencent Cloud Computing

The Carphone Warehouse Ltd

The Nielsen Company

Ticketmaster

TOV Host VDS

Transaction Network Services Inc.

Trend Micro Inc.

TReutersCorp

Udovikhin Evgenii

Unicom Zhejiang Province Network

Unified Layer Inc.

Unilever

BT Public Internet Service

BullGuard

CANTV

CDN77

CenturyLink Inc

Charter Comm Inc

Chevron

China Beijing Kuanjienet Tech Co Ltd

China Cloudvsp inc

China Henan Medical University

China Mobile Communications Corp

China Science and Technology Network

China Telecom Corp

China Tietong Telecom Corp

China Unicom

ChinaCache

Choopa

Chunghwa Telecom Co Ltd

Cisco Systems

Citrix Systems Inc

Cloud Innovation Ltd

CloudFlare

ColoCrossing

Conoco Phillips

Cox Communications Inc

Criteo

Daimler AG

Data Camp S.R.O

DataWeb Global Group B.V.

Dell Inc.

Deloitte Services

Denis Pavlovich Semenyuk

Deutsche Telekom AG

Digital Energy Tech Ltd

Disney Worldwide Services Inc.

Easynet Group Ltd

Ebay Inc

EDIS GmbH

EGIHosting

Elisa Oyj

Elsevier B.V

Embarq Corp

EMC Corp

Energia Communications Inc.

Epern Telecom Co Ltd

EuroByte LLC

Exxon Mobil Corp

Facebook Inc

FDCServers.net, LLC

FiServ

Ford Motor Company

Fujitsu Limited


GE Company

GHOSTnet GmbH

Global Crossing Ltd

GM Company

Google Inc

GTT Communications

Heficed Dedicated Servers

Hetzner Online GmbH

Hewlett Packard Company

Hilton Hotels

Home Box Office (HBO)

HopOne Internet Corp.

Host Universal Pty Ltd

Hostinger International Limited

HostRoyale Technologies Pvt Ltd

Hostway Services, Inc.

Hughes Network Systems LLC

Hurricane Electric Inc.

i3d.net

IBM Corp

IFX Networks

Incapsula

Infolink LLC

Infosys Ltd

Ingram Micro Inc.

InMotion Hosting, Inc.

Intel Corp

Intel Security Group (McAfee)

Intelsat

Internet Systems Consortium inc

IT House Ltd

IT Mbuechele UG (Haftungsbeschraenkt)

ITL LLC

Joint Stock Company TransTeleCom

JSC IOT

Kaspersky Lab

KDDI Corporation

Klayer LLC

Koehler Internet Services UG (haftungsbeschraenkt)

Konica Minolta

KPMG LLP

KT Corp

Lan-Optic Ltd

Lenovo Group Ltd

Level 3 Comm, LLC

LG Electronics Inc.

LIR LLC

LLC Baxet

LLC Globalnet

LLC LIR Ukraine

LogicWeb Inc.

M247

Marriott Hotels



Mastercom LLC

MB Teorita

Mediacom Communications Corp

Meraki LLC

Microsoft Corp

Microsoft do Brasil Imp. E Com. Software E Video G

Nanjing Cuiping Shan Primary School

NCR Corp

Neptune Networks

NetByNet Holding LLC

Netflix Inc.

Netrouting Inc.

Netstart

Network Solutions, LLC

Neustar

New Skies Satellites Inc.

NFOrce Entertainment BV

OOO EkaComp

OOO Network of Data-Centers Selectel

OpenDNS

Oracle Corp

Overoptic Systems Ltd

OVH Inc.

Panq B.V

Panzhihua University

Paul Boissel Dombreval

Paypal Holdings Inc.

PCCW Global

PE Skurykhin Mukola Volodumurovuch

Pearson PLC

Petersburg Internet Network Ltd.

PJSC MegaFon

PJSC Vimpelcom

PQ Hosting S.r.l.

Prestige Network Limited

Privax

PS Internet Co

PSINet Cogent

Psychz Networks

QuadraNet Inc.

Qwest Comm Internat Inc

RCN Corp

Red Hat, Inc.

River City Internet Group

Samsung

Schaeffler Group

Secure Data Systems SRL

Serverel

Servers.com B.V.

Shanghai Blue Cloud Technology Co. Ltd

Shanghai Ruisu Network Technology Co. Ltd

Sheraton Hotels

Shutterstock Inc

Siemens

Southwest Airlines Co.

Spacenet Inc.

Sprint Corp

SSC-ADP

SSC-IBM

SSC-Microsoft-Office

SSC-SalesForce

SSC-ServiceNow

United Network LLC

Unus Inc.

UPC Broadband

USA Net Inc

Verizon Business Global

Verizon Inc

Virgin Media Limited

Virtual Systems LLC

Vodafone Group plc

Voxility S.R.L.

Wal-Mart

WeChat

Wi-Manx Limited

Windstream Comm Inc.

Yahoo Inc

Yandex

Zenlayer Inc

Zhejiang Taobao Network

Zscaler, Inc.


Once you have download and imported the Cyber Front Dashboard and Conflict Country and Conflict Business Context Groups from our Help desk portal (Both attached to this KB).  Create the following Sensor


Creating Conflict Country Sensor


  1. Go to Traffic Control

  2. Add New Sensor

  3. Name the Sensor: Conflict Country

  4. In the Source Geo IP/ Context

    1. Select Context group

    2. Select Conflict Country 

  5. Click Save


Creating Conflict Business Sensor


  1. Go to Traffic Control

  2. Add New Sensor

  3. Name the Sensor: Conflict Business

  4. In the Source Geo IP/ Context

    1. Select Context group

    2. Select Conflict Country 

  5. Click Save


Once you have created the Sensor, go to your new Cyber Front dashboard and edit the Conflict Country and Conflict Business widget to ensure it is displaying the correct sensor details;


  1. Go to the Conflict Widget

  2. Click gear

  3. Under sensor make sure the correct Sensor is selected.


Strategic Monitoring and Blocking

  1. For countries potentially involved in cyber conflicts, we advise setting up a Sensor configured for logging purposes and a Custom Rule, initially disabled, ready to block traffic in emergency situations.

  3. Regarding businesses within conflict areas, PacketViper has identified 245 entities with registered network spaces that, albeit unintentionally, may become vectors in cyber warfare. A context group encompassing these businesses has been created to facilitate monitoring. Similar to the country-based strategy, we recommend configuring a Sensor for logging and preparing a Custom Rule for potential blocking.

Implementing the Cyber Front Strategy

To ensure your organization's resilience against the backdrop of cyber warfare, it is imperative to:
  1. Deploy the dedicated dashboard to maintain visibility over potentially compromised regions and entities.
  2. Utilize the context groups with Sensors and Custom Rules to proactively manage traffic from these areas, providing a balanced approach between awareness and readiness for immediate action if necessary.
  3. Stay informed and agile, as the landscape of cyber conflict is ever-evolving. PacketViper's solutions offer the flexibility to quickly adapt to new threats, ensuring your defenses remain robust against both current and emerging cyber challenges.You can also download the Cyber Front Template and Context Groups below.