Aqua Blog

The Russia-Ukraine Cyber Attacks: A CISO’s Advice

The Russia-Ukraine Cyber Attacks: A CISO’s Advice

The devastating events in Ukraine have already affected millions of lives and organizations, with profound consequences extending far beyond the region. As the conflict continues to unfold, companies in the US and around the world are facing the growing risk of aggressive Russian cyberattacks. In the face of these threats, CISOs and CIOs must ramp up their cybersecurity strategies and defenses to prepare for whatever may come next.

What cyber threats to expect

The Russian government’s invasion of Ukraine has spurred a massive surge in distributed-denial-of-service (DDoS) attacks targeting the Ukrainian government and critical infrastructure. In the days and weeks ahead, Russia might carry out retaliatory cyberattacks on organizations outside Ukraine, particularly in the wake of sanctions imposed by the United States and European Union.

Potential threats could range from widely used distributed denial-of-service, ransomware, and phishing attacks to hacktivist campaigns and the spread of sophisticated, destructive malware as part of the state-sponsored cyber activity. It’s impossible to predict how much disruption, including damage to critical infrastructure, these attacks might cause.

Apart from the risks of being a direct target of Russia, organizations must be prepared for increased levels of cybercrime in general. Adversaries are always taking advantage of current news events to adjust their tactics. A major geopolitical conflict provides a perfect opportunity to capitalize on people’s fears, concerns, and general uncertainty.

In light of the escalating Russia-Ukraine conflict, a strong cybersecurity defense has become more critical than ever. CISOs and CIOs of the world’s financial institutions, critical industries, government organizations, and businesses must evaluate their security posture to make sure they’re prepared to defend against potential cyberattacks.

What actions you should take

The first question to ask is, “Is my organization ready for this?” Although the Russia-Ukraine conflict is an extraordinary event, it only highlights the daily cyber activities that are occurring in modern cloud environments. Any robust enterprise security strategy, by default, needs to include plans and mitigation steps for withstanding these levels of cyber threats.

However, there are some proactive measures that organizations can take to strengthen their security capabilities and reduce the chances of being compromised.

General recommendations:

  • Ensure that you have proper business continuity and disaster recovery plans in place, along with a well-tested incident response process to respond quickly and effectively to any cyber incidents. As DDoS attacks are already happening and will increase moving forward, be ready to invoke those plans at any moment. Put your incident response teams on high alert.
  • Back up critical business systems regularly and consistently to avoid data loss.
  • Apply the least-privilege access principle throughout your environment.
  • Follow basic cybersecurity hygiene, which is fundamental to avoiding security gaps that employees might accidentally leave — for example, missing patches and default passwords.
  • Make sure your IT and security staff are staying vigilant and keeping watch, and that they’re prepared to work diligently to protect customers, processes, and systems.

Recommendations for cloud native environments:

  • Identify exposures, vulnerabilities, and misconfigurations that can provide entry points for attackers to gain access and compromise networks.
  • Scan all your running workloads for critical vulnerabilities with known exploits to conduct focused patching and mitigation. You can use trusted open source scanners such as Trivy.
  • Scan for vulnerabilities in CI/CD pipelines to ensure that no new vulnerabilities are introduced.
  • Scan for misconfigurations in cloud resources and infrastructure-as-code (IaC) templates. Like any other business-critical asset, cloud is the target and must be considered as part of the broader defense strategy, in which visibility and protection are key.
  • Minimize the attack surface by hardening your cloud and Kubernetes infrastructure.


Over the past decade, the Russian government has often used its significant cyber capabilities to achieve its political goals. As the Russia-Ukraine conflict escalates on both the battlefield and in cyberspace, companies need to stay ahead of potential cyberattacks. Ensuring that you have effective security defenses is important at any time, but even more so in times of uncertainty and global crises.

As we continue to closely follow the events in Ukraine, we’re committed to providing strong security capabilities that can help our customers protect their most critical assets and business processes.

Paul Calatayud
Paul was the Chief Information Security & Privacy Officer (CISO/CPO) at Aqua. He is a cybersecurity industry veteran with more than 20 years of experience ranging from Fortune 500 companies to startups. Prior to joining Aqua, Paul served as Chief Security Officer at Palo Alto Networks and Chief Technology Officer for Firemon. Before that, he held CISO roles at Surescripts, Vesta, and executive roles at UnitedHealth Group and BestBuy. Paul holds multiple certifications, including CISSP, CISA, CISM, and GCIH, and has a B.S. in information technology, an M.S. in information security, and a Ph.D. in leadership. Outside of work, he enjoys snowmobiling and home construction.