CYBERSECURITY IMPORTANT ADVISORY -
Stopping Russian Cyber Attacks with Dark Cubed
Monday, April 3, 2022
What’s with all this Russian hacking cybersecurity stuff?
I’m a small business.
Nobody wants my data…
I know it’s easy to believe this, but what I want to show you today is how you couldn’t be more wrong.
I’m going to show you this really amazing tool that runs on my firewall that shows all of the people that are potentially attacking my firewall at any given moment.
This is an app called Dark Cubed that we use, and it gets installed on our firewalls.
And what you’re actually looking at here is a map of the world that has mapped out all of these different locations that are potential threats against our network.
And you can see this is coming from all kinds of different locations all over the world.
And they’re rating it based upon the severity of each one of these potential threats.
So what I want to do is check out this one down here
When we open this part of the app, you can see that this is rated as a nine, it’s incredibly high.
And it looks like it’s coming from the Netherlands.
Now I want to make note that this was blocked, you can see it was muted, because the threat was actually blocked by the firewall.
And it was just seen, first seen back in July of last year, but it was most recently seen just today.
So that means this has been online for a long time.
And you can see here, there was about 80 bytes of traffic that was downloaded.
So what’s really fascinating about this is that this wasn’t somebody necessarily coming in and trying to attack my firewall.
This was somebody in my network, a user of mine that did something that connected to something, and it almost downloaded something that could have been malicious to my network.
Luckily, this tool stopped it. So that was fantastic.
And what I can do here is see some data about this particular location, this particular IP address, and I see this name of the organization, which kind of makes me a little bit nervous.
So I’m going to use one of these external links and go over into the Alien Vaults OTX database.
And now that I see that, and I’ve got some more information, it looks like this is actually coming from the Russian Federation.
Which, really kind of scares the hell out of me, and underpins what I’m saying about how, regardless of what’s going on, I’m a small business that Russia doesn’t really care about.
But I am still a potential attack.
I’m still something that I’m still somebody who can be completely taken advantage of by these types of cyber attacks that are going on.
As you can see here by the related tags, it’s potentially scanning my ports.
It’s potentially setting up honey pots that a user of mine might try to might click on or might go to and get duped, which would then bring a threat into my network and potentially deploy ransomware or some other kind of hack that could take control of my network.
So I think this really underscores the importance of why you do need to care that just because you’re a small business doesn’t mean that you are not at risk of being attacked by what’s going on today in Russia and the Ukraine.
These cyber attacks are only going to increase.
I strongly recommend having a tool like Dark Cubed deployed on all your firewalls because it can give you the kind of information to tell you when this is happening as well as block these threats from becoming something that could be a whole lot worse to your network.
So be mindful, be diligent and stay safe.