27.04.2023
Protecting the digital front: Strategies for defending against cyber threats

Due to the large number of cyberattacks from all directions, strong security policies and cyber hygiene have become extremely important for businesses, organisations and individuals.

In today’s digital environment, the threat of cyberattacks has increased significantly. From 2020 to 2021, the number of attacks increased steadily, especially with the onset of the Covid-19 pandemic.

However, the true scale and consequences of cyberattacks became fully apparent on 23 February 2022, when Russians launched a massive and destructive cyberattack on industrial facilities, government and financial institutions in Ukraine. This attack took place on the eve of a physical attack that ushered in a new era in cybersecurity.

Who is responsible for the most common forms of cyberattacks?

Cyberattacks can be carried out by both states and non-state actors as a means of espionage, sabotage or warfare. For example, one state may launch a cyberattack on another state to obtain sensitive information or disrupt critical infrastructure.

For example, in 2010, it became known that the United States, together with Israel, had launched a cyberattack on Iran’s nuclear programme by introducing the Stuxnet computer worm. The worm was supposed to disrupt the operation of centrifuges used for uranium enrichment, causing them to go out of control and self-destruct.

Another example is the Russian cyberattack in Estonia in 2007, which paralysed government and media websites. This attack was carried out by distributing a program that blocks access to the Internet. As a result, the network of compromised computers overloaded traffic, and the entire system went down.

Cyber attacks on businesses, which have recently become commonplace, can have serious consequences, such as financial and reputational losses. Such attacks attempt to gain access to sensitive data, disrupt operations, or steal valuable intellectual property.

One of the most famous examples is the hack of Sony Pictures in 2014. A large amount of proprietary information was disclosed, including email correspondence, financial documents, and films that had not yet been released.

Businesses not only fall victim to cyberattacks, but also carry them out themselves. For example, in 2018, it became known that the consulting firm Cambridge Analytica used data obtained from Facebook without the users’ knowledge to interfere with political advertising during the 2016 US presidential election. This has raised concerns about the possibility of cyberattacks being used as a means of political or economic gain.

Cyberattacks on individuals are carried out for a variety of reasons – for example, to steal personal or financial information, to interfere with work, or to cause personal harm. Some do it for profit, others for ideological reasons or because of their own beliefs.

What you need to know about the main cybersecurity threats

According to the analytical report of the State Special Communications Service of Ukraine for 2022 “Russia’s Cyber Tactics: Lessons from 2022”, the CERT-UA team recorded 2,194 cyberattacks on Ukraine’s critical infrastructure. 1,148 of them had a critical or high threat level. Ukraine has experienced various types of cyberattacks – malware and ransomware, phishing, IoT attacks, DoS, DDoS, hacking, supply chain attacks, etc.

Now, in 2023, there are two main threats that businesses, organisations and individuals need to be aware of to protect themselves: malware and phishing.

Malware

Malware is the main threat today. According to the SonicWall Cyber Threat Report, there were 2.8 billion malware attacks in 2022.

There are many different types of malware, including viruses, worms, and ransomware. The WannaCry attack of 2017 is a well-known example of the exploitation of a vulnerability in the Windows XP operating system released in 2001. It caused severe disruptions to critical services and caused significant damage to large organisations that were demanding ransom for decrypting files.

Another well-known ransomware attack, NotPetya, occurred in 2017. NotPetya infiltrated the programme through which individuals and legal entities in Ukraine are required to file tax returns. This attack hit various industries, including banking, mobile communications and even the radiation monitoring systems of the Chernobyl nuclear power plant. Starting in Ukraine, it quickly spread to foreign companies with representative offices here.

Since March 2022, the Russian state-sponsored Sandworm group has been involved in a series of ransomware attacks on the transport and logistics infrastructure of Ukraine and Poland. These attacks are believed to have targeted businesses supporting Ukraine in the war and to have been carried out using the Prestige ransomware.

On 24 June 2022, CERT-UA released a report on the use of the DarkCrystal Trojan virus by the UAC-0113 group, which is associated with the Sandworm programme and the Russian GRU. The report states that UAC-0113 sent out a malicious decoy document to individual and corporate users in Ukraine, including mobile and Internet providers, to compromise Ukraine’s telecommunications infrastructure.

Social engineering: phishing

Phishing is a type of cyberattack that uses fake emails or websites to lure passwords, financial and other sensitive information from people. The purpose of such attacks, which are carried out under the guise of well-known brands using familiar logos, is to obtain sensitive information or infect computers with viruses. As of 2022, 323,972 Internet users were victims of phishing.

Prior to an attack, attackers gather information about potential victims in a variety of ways, such as by examining LinkedIn profiles, social media posts, and publicly available information or data on the Dark Web. They may also send messages purporting to be from colleagues, bosses, vendors, and others the victim knows and regularly interacts with.

One example of phishing is the attack on [US credit reporting agency] Equifax in 2017. The attackers used phishing to gain access to the logins of the bureau’s employees, and through them, to sensitive customer information such as names, insurance numbers, credit card details, etc.

According to Microsoft’s 2022 Digital Security Report, Microsoft detected and blocked 710 million emails every week. In addition to the Uniform Resource Locators (URLs) blocked by Defender for Office, the Digital Crimes Unit ordered the removal of 531,000 unique phishing URLs outside of Microsoft.

How to protect businesses and organisations from cyberattacks

There are several practical steps that can be taken to protect against cyberattacks, the first of which is to identify and assess potential threats to personal data.

-Access control and authentication; responding to incidents according to an appropriate plan and mandatory reporting of each case of personal data breach; logging and monitoring; securing servers and databases; encrypting specific files or records with special software.

-Workplace security is also important. Users should not be able to deactivate or bypass security settings; antivirus applications and personal signatures should be updated once a week. Organisations need to have robust security systems that can detect and block suspicious activity, including that originating from previously unknown malware.

-Education and training of all employees is equally important.

-Pen tests or a Vulnerability programme can be useful to identify weaknesses in the system and strengthen its security. For example, some companies invite independent experts to identify vulnerabilities in the system and pay them if they find them.

-To protect against cyberattacks, the user can take the following measures: create a strong password (at least 8 characters – special icons, uppercase and lowercase letters, numbers); the password should not be your own name, phone number, date of birth or other personal information.

-Do not store registration data and passwords for mobile banking, social networks, etc. in notes or saved messages.

-Enable two-factor authentication for accounts (fingerprint, SMS, electronic signature, etc.).

-Be cautious about opening emails or links from unknown sources (to protect against phishing), and keep antivirus and other security software on your computer and other devices up to date.

-Be aware of the risks and keep an eye on personal and financial information on the Internet.

-Move all important information to a separate folder and lock it.

-Make a backup copy of important information in the cloud or on a USB stick and protect it with a strong password.

-If possible, encrypt the device.

-Delete information that is no longer needed but could harm you if it is disclosed (photos, documents, etc.).

-Activate the remote wipe feature on your phone in case it is lost or stolen.

-Check whether your data is protected by the institutions you use (banks, medical institutions, insurance companies, etc.).

-In general, you need to have basic knowledge of cyber hygiene.

For small businesses and individual users alike, it is crucial to be informed and prepared to protect yourself from the ever-evolving cyberattacks.