ThreatSTOP Blog

Detecting Rerouted Russian Traffic for Security AND Compliance

Written by Ofir Ashman | July 19, 2022

Most countries in the world, and especially Ukraine, want nothing to do with Russia these days. Yet as Russian forces continue to invade and seize areas in Ukraine, identifying and avoiding everything Russia-related has become a big challenge.

 

Russia is taking over Ukrainian Infrastructure

Last month, Wired magazine posted a story about Russia's internet takeover in Ukraine. They describe internet shutdowns, and Ukrainian ISPs like SkyNet suddenly sending all internet traffic to and from Ukraine through Russia. Senior Ukrainian officials explain that "Ukranian ISPs are forced to switch their services to Russian providers". If they don't comply, their operations are shut down.

This "Russification" of Ukrainian internet is another way for Russia to take control. The Russian networks are fully controlled by Russian state authorities, who are known for their vast surveillance and censorship, and controlling the Internet pipes allows for selective content censorship, like global news and Russian sentiment, and military intelligence gleaned from electronic communications moving through fiber they now control. 

 

Blocking Russia - Everywhere

ThreatSTOP solutions block all communications with Russia. Our team monitors internet infrastructure changes, and can prevent even seemingly legitimate traffic if it's rerouted through Russia. For example, Gigabyte is a Ukrainian Autonomous System (AS). In theory, the last thing a Ukrainian internet infrastructure would want is any traffic related to Russia. Yet a deeper look into Gigabyte's AS path shows that traffic to this AS is routed through Russian-owned Miranda-AS (AS201776). This is just one case out of hundreds, and as Russia continues its military advances on Ukraine, more of this traffic is being taken over, manipulated and spied on, by Russia.

 

An all-in-one Solution for Security AND Compliance

Avoiding attacks and surveillance from Russia is a critical concern in Ukraine, but for U.S. businesses, contact with Russia poses another big risk. Government sanctions such as those imposed by the Office of Foreign Assets Control (OFAC) oblige U.S. companies to prevent any and all contact with Russia. Communicating with Russian entities, even if unknowingly, can result in a compliance breach, legal turmoil, business disruption, and fines that can run into the tens of millions of dollars. In other words - communicating with Russia, or Russian-controlled entities, can be a death sentence for your business, even if it happened on accident.

ThreatSTOP blocks everything that's obviously Russian of course (all Russian IPs, the whole .ru ccTLD, and Russian entities such as national organizations and businesses), but also everything-Russia that's disguised as something else. Whether it's a Ukrainian ISP that routes everything through Russia, conquered geo-sub regions like Crimea, Luhansk, and Donetsk, or Russian business subsidiaries scattered across the world that want to remain inconspicuous. ThreatSTOP makes this compliance simple and automated, taking the guesswork out of knowing what is Russian-controlled, and automating the blocking of communication that could lead to consequences, both cyber and legal.

Want to see how our preventative cybersecurity platform works? We're happy to share a tech demo:

 

Want to see ThreatSTOP in action in your network right now? Here's a link to start a free trial: