U.S. cybersecurity companies are offering products and services for free to help cyberdefenders at home and abroad during Russia’s invasion of Ukraine. As of Monday, a crowdsourced list on GitHub listed more than a dozen experts, nonprofits and companies available for security assistance.
Among the firms is GreyNoise, which announced Thursday it had upgraded all Ukrainian email accounts to include full enterprise access to its products.
“In terms of our offer to support defenders in Ukraine, we’ve been in contact with dozens of different groups to help them get set up on our tools and leverage our data, as well as connect them with others in the InfoSec community doing the same,” Dan Maier, head of marketing at GreyNoise told CyberScoop in an email. The company is also offering the public free data on IP addresses that the firm has observed targeting Ukraine.
Ukraine and Russia meet on Monday for the first day of peace talks, but the threat of cyberattacks related to the conflict remains high. Ransomware gangs have vowed to retaliate on behalf of the Russian government, and U.S. cybersecurity officials have preached vigilance to organizations of all sizes.
“If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond,” President Biden said in a speech on Thursday. “For months, we’ve been working closely with the private sector to harden our cyberdefenses [and] sharpen our response to Russian cyberattacks as well.”
‘Whatever it takes’
Industrial control systems security firm Dragos, in response to concerns over retaliatory cyber responses outside of Ukraine, on Thursday offered up free cybersecurity support and incident response to cooperative and municipally-owned utilities in the United States, United Kingdom and New Zealand. The new users will be automatically enrolled in Dragos’ Neighborhood Keeper, a real-time threat detection and information sharing platform that counts the NSA and CISA as partners. The service will stay free for the next two years, Dragos CEO and founder Rob Lee said.
Lee expected that his team would have the capacity for 30 companies at most. But by the end of the day, 60 had reached out. Dragos employees were immediately on board to volunteer their time to expand the effort, he said. Lee also received messages from other professionals and even large owner-operators asking how they could help.
“A bigger credit is honestly owed to the infrastructure community for stepping up and saying, ‘Hey, whatever it takes, we’ll do it,’ and I think that’s awesome to see,” Lee said.
In addition to social media, Dragos and other firms are using trade associations and private channels to amplify their offers. One firm, which declined to be named but has been offering its services to hospitals and other critical infrastructure, said it hadn’t seen any uptake but an analyst categorized that as a “good thing.”
Big tech companies have also taken steps to increase security for individual users and businesses. Google Europe automatically turned on increased account security protections for accounts in the regions and made Safe Browsing default, the company outlined on Twitter Friday. The protections include making SafeBrowsing, a Chrome feature that blocks harmful files and scans for phishing and malware, the default for users. Additionally, “a number of websites” in Ukraine have opted into Google’s free, unlimited DDoS protection, according to the tweets. Facebook, Twitter and Microsoft have also made statements about putting increased resources toward cyberthreats in Ukraine, including misinformation.
Not all of the cybersecurity firms that have jumped on the trend of offering services to Ukraine have done so for free, however. Some cyberdefenders have expressed disappointment in firms that appear to be capitalizing on the tragedy.