Cybersecurity in times of war
Can we feel safe?
From the start of Russia’s military invasion of Ukraine, the number of ransomware attacks has increased fivefold compared to the pre-war period. The scale of cyberattacks is based on the data analysis provided by the Lithuanian anti-malware system manufacturer, SpyWarrior, whose software is installed in many European countries. Ransomware attacks do not only affect computers operating in Central and Eastern Europe, the Baltic countries or Ukraine itself. Data from the end of 2021 indicates that 74% of ransomware attacks originated in Russia and were carried out by organized hacker groups.
Phishing, bots, and disinformation
In addition to ransomware attacks, there was a significant increase in phishing attacks. Disinformation campaigns about the situation in Ukraine and the course of the war carried out via social media often negatively position the European community against refugees from Ukraine. Importantly, these attacks were carried out using bots (specialized software that automates the posting and comments on Facebook, Instagram, or Twitter) and software that took over the accounts of real users, who were often not even aware of the fact that such information was posted on their behalf.
DGA-based botnets detection using DNS traffic mining
Botnet is a network of infected workstations that are remotely managed by BotMaster via the command and control (C&C)…
Until recently, attacks had most often been carried out via e-mail messages, but now there has been an explosion of attacks by messages or social media posts containing links to malware that often took over a social media account by sending messages to the address book, giving the sender credibility. After clicking on the link, either the proper ransomware is installed, or the message is further disseminated to other victims by the unaware account owner.
Another threat is attacks on computers, which become “zombie” computers, because they are used to execute Distributed Denial of Service (DDoS) attacks on the servers of companies or government organizations. A DDoS attack prevents the operation of, for example, a web service by seizing all free server resources (sending multiple requests) and is carried out simultaneously from many computers from different places. The victims of such attacks were the servers of Ukrainian institutions and other countries in the region.
The weakest link is a human
For a reason, a human is called the weakest link in the security ecosystem. Research by the U.S. National Security Agency shows that over 90% of successful cyberattacks are the result of human error, not software or hardware errors. Human errors were not only the result of clicks on links of unknown origin, but also of non-compliance with the basic rules for creating, storing, and using passwords or not following the procedures developed in the organization. Research shows that 80–90% of ransomware attacks took place because of a click on a link in an e-mail sent to an unaware recipient. It’s also not uncommon for people who clicked the link to have previously disabled virus and malware protection because it reported a security alert.
To realize the scale of the threat, it is worth knowing that hacker groups are organizations divided into departments (e.g., management, programmers, testers, negotiators, and customer service) consisting of tens or hundreds of people. One such gang is Conti, the author of the ransomware of the same name, that, since 2020, has run a website which may have leaked documents that had previously been copied by such ransomware.
Conti cybergang gloated when leaking victims' data. Now the tables are turned
For months, members of Conti-among the most ruthless of the dozens of ransomware gangs in existence-gloated about…
During the Russian invasion of Ukraine, the Conti group announced its support for Russia and threatened to use “retaliatory measures” if cyberattacks were launched against that country. In February 2022, personal data from the chats of the group was disclosed and, on this basis, information about the group was obtained. Regular programmers earn from $1,500 to $2,000 per month and members negotiating the payment of the ransom get a commission. In 2021, the group successfully launched attacks on 400 institutions and it is estimated that it has obtained at least $50 million in ransom payments. Group attacks are limited only to computers located outside of Russia.
It is worth mentioning here about the dangers resulting from the improvement of deep-fake technology, i.e., image and sound processing techniques that combine images of human faces and voices using artificial intelligence. The resulting audio or video recording deceptively presents a real person. Many companies have fallen victim to such manipulation (e.g., when a transfer was made to a cybercriminal’s account based on an audio command from the company’s CEO merely imitating his voice).
We live in a world where military threats are combined with digital ones, so we should take even better care of the security (cyber and otherwise) of the organizations we work for.
Below is a list of eight essential cybersecurity components that each of us, Internet users, should implement to ensure a high level of security. Remember that technological measures are only one element of the cybersecurity ecosystem, and nothing can replace attention and common sense.
1. E-mail accounts — use separate e-mail accounts for professional activity and private purposes. It is also worth having the so-called “Junk” mailbox, which we disclose on websites that require it and which we use to receive spam.
2. Multi-factor authentication allows increased access protection to network resources such as social networking sites or cloud storage. It prevents unauthorized people from logging into these resources by using additional security measures, e.g., by entering codes from SMS or a link in an email or a dedicated application.
3. Passwords should be of a certain “strength” consisting of a certain number of letters, numbers, characters, different for different services. Why? If the login (which is usually an e-mail address) leaks along with the password — hackers try to use such a data set on other websites. The password should be changed regularly.
4. Before you click on the link you received in the messenger or e-mail — think twice. If you have a moment of doubt, do not do it, especially when the antivirus program warns you against opening it.
5. Make regular backups, preferably using dedicated software that creates backups automatically at a specified time, keeping data from the last few days. If you fall victim to ransomware, then you will be able to use your saved files.
6. Use updated anti-virus and anti-malware software from reputable vendors.
7. Do not use open wireless networks where data transfer is not encrypted, and which can be traps created by cybercriminals. We all have a cell phone that allows you to run a wireless router — it’s more secure than using insecure access points with an open connection.
8. Encrypt data stored on disk in the computer and in the cloud, encrypt data in transit. The greater their financial, image and business value, the more you should take care of their security against unauthorized access. Remember that various regulations enforce encryption in many areas of the economy (for example, healthcare or GDPR requirements).
Is it all? Certainly not. These are the most important elements that must be met by every individual computer or smartphone user. In companies and governmental and local government organizations, this security ecosystem is extended to include network and server security.
About Przemek Kucharzewski
Przemek is a co-founder and VP of Sales at Cypherdog Security Inc., a vendor of solutions for encrypted communications. Przemek has 26 years of experience in building sales channels, marketing, and commercialization of IT solutions. In recent years, he has been focusing on cybersecurity and cloud solutions. Earlier in his career, he mainly worked for the largest IT distributors in the CEE region. He also worked as Interim Manager for IT system integrators and vendors in advanced solutions selling. He is the author of many articles in the IT & business media, speaker, lecturer, and podcaster.