* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Russia-Ukraine Cyber Acti...

# Russia-Ukraine Cyber Activity Makes Security Best Practices Imperative

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F03%2Frussia-ukraine-cyber-activity-best-practices%2F)  
[](https://twitter.com/share?text=Russia-Ukraine+Cyber+Activity+Makes+Security+Best+Practices+Imperative&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F03%2Frussia-ukraine-cyber-activity-best-practices%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F03%2Frussia-ukraine-cyber-activity-best-practices%2F&title=Russia-Ukraine+Cyber+Activity+Makes+Security+Best+Practices+Imperative&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2022/03/russia-ukraine-cyber-activity-best-practices/&ts=markdown)  
\[\](mailto:?subject=Russia-Ukraine Cyber Activity Makes Security Best Practices Imperative)  
Link copied  
By [Unit 42](https://www.paloaltonetworks.com/blog/author/unit-42/?ts=markdown "Posts by Unit 42")  
Mar 29, 2022  
5 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)  
[best practices](https://www.paloaltonetworks.com/blog/tag/best-practices/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[Incident Response](https://www.paloaltonetworks.com/blog/tag/incident-response/?ts=markdown)  
[Phishing](https://www.paloaltonetworks.com/blog/tag/phishing/?ts=markdown)  
[Russia](https://www.paloaltonetworks.com/blog/tag/russia/?ts=markdown)  
[Spear Phishing](https://www.paloaltonetworks.com/blog/tag/spear-phishing/?ts=markdown)  
[threat prevention](https://www.paloaltonetworks.com/blog/tag/threat-prevention/?ts=markdown)  
[Ukraine](https://www.paloaltonetworks.com/blog/tag/ukraine/?ts=markdown)  
[Unit 42](https://www.paloaltonetworks.com/blog/tag/unit-42/?ts=markdown)  
[URL filtering](https://www.paloaltonetworks.com/blog/tag/url-filtering/?ts=markdown)  
[WildFire](https://www.paloaltonetworks.com/blog/tag/wildfire/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2022/03/russia-ukraine-cyber-activity-best-practices/?lang=ja "Switch to Japanese(日本語)")

The [White House](https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/) and[U.S. Cybersecurity and Infrastructure Security Agency](https://www.cisa.gov/news/2022/03/24/cisa-fbi-and-doe-publish-advisory-historical-cyber-activity-used-indicted-russian) (CISA) have recently warned that Russia could launch disruptive cyberattacks against organizations in the U.S., NATO member countries and allies that support Ukraine.

Unit 42 [has documented](https://unit42.paloaltonetworks.com/tag/ukraine/) related cyberattacks in Ukraine over the past month. Given that U.S. officials note that [evolving intelligence](https://www.cisa.gov/news/2022/03/22/readout-cisa-call-critical-infrastructure-partners-potential-russian-cyberattacks) points to potentially destructive cyberattacks, we feel it is essential to encourage all organizations, as soon as possible, to review your cybersecurity policies and incident response plans, as well as to enhance your security posture.

Below are recommendations that organizations can quickly employ to put protections in place now, as well as some long-term ongoing cyber hygiene best practices.

You should consider how best to balance the needs of your organization with the potential cyber risk. It's important to avoid interruptions to your business while also implementing security tools and practices to improve your organization's vigilance and resilience. This can help head off the possibility of retaliatory cyberattacks, as well as help prevent any other attack activity that may be taking place.

## Phishing Attacks

It's very common that [newsworthy events](https://unit42.paloaltonetworks.com/phishing-attacks/) are leveraged by threat actors as topics and lures in phishing and spear-phishing attacks. Leading up to the military action commencing in Ukraine, Unit 42 saw [spear-phishing attacks against Ukraine](https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/) organizations to deliver malware.

## What You Can Quickly Do Now to Harden Your Defenses

1. **Follow best practices for** [**URL Filtering**](https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/url-filtering/url-filtering-best-practices.html). Some examples:
   1. Block all malicious categories and alert or consider blocking [threat-adjacent categories](https://live.paloaltonetworks.com/t5/blogs/url-filtering-category-recommendations/ba-p/325701).
   2. Consider switching to or enabling inline Advanced URL Filtering protection against "[patient zero](https://unit42.paloaltonetworks.com/patient-zero-web-threats/)" malicious URLs.
   3. Use the DNS Security subscription.
   4. Use WildFire URL analysis as modern attacks are multi-step.
2. **If subscribing to** [**Threat Prevention**](https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/threat-prevention.html)\*\*,\*\*make sure to create a profile and enable the signatures.
3. **Strengthen phishing defenses.**
   1. Enable URL filtering on firewalls.
   2. Disable Microsoft Office macros.
   3. Train employees to spot suspicious emails, texts and fake aid websites.
   4. Follow best practices for password security, such as [CASMM](https://danielmiessler.com/blog/casmm-consumer-authentication-security-maturity-model/) with a goal to reach level 6-8, and implement multi-factor authentication (MFA).
   5. Set up [Credential Phishing Prevention](https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/url-filtering/prevent-credential-phishing/set-up-credential-phishing-prevention.html) on your firewall to prevent credentials being used where they shouldn't.
   6. Don't open, click or run suspicious emails, files, links or programs when you do not recognize the sender or the domain -- especially when you were not anticipating receiving the message. Before entering credentials, it's a good idea to pause and check that you're on the page you intended to visit. Pay close attention to random MFA popups, and when you do not recognize a login attempt, do not click "allow MFA."
4. **Keep all software up to date.** Apply patches on any internet-facing services ASAP. Attackers are opportunistic and will leverage whatever they can to gain access to your systems. It is also important to update carefully and [across the development lifecycle](https://www.paloaltonetworks.com/resources/use-case/cloud-native-security-across-th-software-development-lifecycle), i.e., test first in an isolated development environment. Doing so ensures that the updates are free from sabotage or unintended behaviors. (In one recent example, updates for the [node-ipc package](https://securityboulevard.com/2022/03/supply-chain-attack-node-ipc-sabotaged-as-anti-war-protestware/) included modules that had unintended behaviors intended to protest the Ukraine and Russia conflict.) Whenever installing updates, do so from official websites only. Perform a software audit and remove software that you no longer use or can't trust as this reduces the risk of supply-chain attacks.
5. **If you're using** [**Cortex XDR**](https://www.paloaltonetworks.com/cortex/cortex-xdr)**,** update to the latest agent version and content. Also, see our recent post on [Cortex XDR protections](https://www.paloaltonetworks.com/blog/security-operations/cortex-xdr-protections-against-malware-associated-with-ukraine-and-russia-cyber-activity/) against Russia-Ukraine cyber activity.
6. **Limit and restrict user privileges on your network.** Limit access using [least-privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access) principles to reduce any potential impact. Ensure critical systems on the network are isolated. For cloud environments, evaluate entitlements for all human and non-human [identities](https://www.paloaltonetworks.com/prisma/cloud/cloud-identity-security).
7. **Review group policy settings for your domain.** Ensure there are no suspicious or stale policies.
8. **Invest time and resources in backups now** . [Wipers](https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/) and [ransomware](https://unit42.paloaltonetworks.com/2022-ransomware-threat-report-highlights/) are on the rise and can encrypt your data even in the cloud. The only thing worse than no backup is a backup that doesn't work. Make time to test restoring your backups. Consider encrypting backups, even those in the cloud.
9. **Review** [**incident response**](https://www.paloaltonetworks.com/blog/2021/09/cyber-resilience/)\*\*and business continuity plans.\*\*Do your scenarios include those that are destructive in nature? Is your chain of command current?
10. **Have retainers in place.** Have [retainers for incident response](https://www.paloaltonetworks.com/blog/2021/11/incident-response-retainers/), outside counsel and crisis communications teams negotiated in advance, so you are not caught off guard if an incident occurs. Have them already? Check in with your retainer vendors and advise them of heightened alert status.

## Long-term Cyber Hygiene Best Practices

Here are a few suggestions to strengthen your cybersecurity posture and harden your defenses:

1. **Migrate to cloud solutions** for small businesses: Follow cybersecurity [best practices in the cloud](https://unit42.paloaltonetworks.com/cloud-threat-report-2h-2021/) and protect websites with anti-DDoS protection.
2. **Adopt a [Zero Trust](https://www.paloaltonetworks.com/zero-trust) approach** to securing your organization.
3. **Avoid using**the same laptop/smartphone for work and personal needs.
4. **Schedule** [**routine pen-testing**](https://www.paloaltonetworks.com/blog/2022/01/threat-intel-informed-cybersecurity/) (red teaming) of your networks.
5. **Test disaster contingency plans**including those involving failover sites, restoring backups, handling staff shortages, ensuring knowledge transfer, etc.
6. **Continue to update all software** and maintain logs of software versions, patches, and last updates applied.
7. **Continue to train staff**on basic security practices -- test staff with phishing emails.
8. **Embed security from the start** for any new products and projects, including [source code security](https://www.paloaltonetworks.com/prisma/cloud/cloud-code-security), data encryption, pen testing, etc.

## The Time to Follow Cybersecurity Best Practices Is Now

This isn't a time to panic, but it is a time of heightened alert and awareness of credible threats, which is exactly when we should all be reviewing security policies, exercising contingency plans and being aware of potential threats against our organizations and industries. The best we can do is to position ourselves for what might come, and this is achieved by practicing.

## Additional Resources

[Russia-Ukraine Cyberattacks: How to Protect Against Related Cyberthreats Including DDoS, Hermetic Wiper, Gamaredon and Website Defacement](https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/)

*Updated March 29, 2022, at 1 p.m. PT.*

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Learning From the Past --- Ten 2022 Cybersecurity Events to Know](https://www2.paloaltonetworks.com/blog/2022/12/unit42-cybersecurity-events-2022/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Today's Cyberthreats: Ransomware, BEC Continue to Disrupt](https://www2.paloaltonetworks.com/blog/2022/07/cyberthreats-incident-response-report/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### The Palo Alto Networks Full-Court Defense for Apache Log4j](https://www2.paloaltonetworks.com/blog/2021/12/defense-for-apache-log4j/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### The Dark Side of AI in Cybersecurity --- AI-Generated Malware](https://www2.paloaltonetworks.com/blog/2024/05/ai-generated-malware/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### More on the PAN-OS CVE-2024-3400](https://www2.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Cybersecurity Guidelines for New Governors](https://www2.paloaltonetworks.com/blog/2023/02/cybersecurity-guidelines-for-new-governors/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language