The threat of cyberattacks has become increasingly pronounced in the current digital landscape. From 2020 to 2021, there was a sustained increase in cybersecurity attacks, which became even more prevalent with the onset of the Covid-19 pandemic.
However, the true scale and impact of cyberattacks were fully realized on Feb. 23, 2022, when Russian actors launched a massive and destructive cyberattack against Ukrainian government, technology, and financial sector targets. This attack preceded the physical conflict that ensued, marking the beginning of a new era in cybersecurity.
Who is responsible for the most prevalent forms of cyberattacks?
Cyberattacks can be launched by states as a means of espionage, sabotage, or warfare, and they can also be targeted by other states or non-state actors for similar purposes. For example, a state may launch a cyberattack against another state in order to steal sensitive information or disrupt critical infrastructure.
For instance, in 2010, it was discovered that the United States and Israel had jointly launched a cyberattack against Iran’s nuclear program using a computer worm called Stuxnet. The worm was designed to disrupt the operation of centrifuges used to enrich uranium, causing them to spin out of control and destroy themselves.
One more example is the Russian cyberattack in Estonia in 2007, which disrupted the country’s government and media websites. The attack was carried out using a distributed denial of service attack, in which a network of compromised computers is used to flood a targeted website with traffic in order to overload and shut it down.
Cyberattacks on businesses have become more common recently and can have serious consequences, such as financial losses, and reputational damage. These attacks often involve attempts to access sensitive data, disrupt operations, or steal valuable intellectual property.
The Sony Pictures hack is one of a well-known example. In 2014, the entertainment company Sony Pictures was the target of a cyberattack that exposed a large amount of sensitive internal data, including emails, financial documents, and unreleased movies.
In addition to being the target of cyberattacks, businesses have also been known to launch cyberattacks themselves. For example, in 2018, it was revealed that the political consulting firm Cambridge Analytica had used data obtained from Facebook without the users’ knowledge to target political ads in the 2016 US presidential election. This raised concerns about the potential for businesses to use cyberattacks for political or economic gain.
Individuals can be targeted by cyber attackers for a variety of reasons, including to steal personal or financial information, to disrupt their operations, or to cause harm or embarrassment. Some may be motivated by profit, while others may act based on ideology or personal beliefs.
What you need to know about major cybersecurity threats
In the 2022 analytical report by the State Special Communications Service of Ukraine titled “Russia’s Cyber Tactics: Lessons Learned 2022,” the CERT-UA team identified 2,194 cyberattacks on Ukraine’s critical infrastructure. Out of these incidents, 1,148 were deemed to have a critical or high threat level. Various cyberattack types, including malware, ransomware, phishing, IoT, DoS, DDoS attacks, hacking, and supply chain attacks, were directed against Ukraine.
For 2023, it is crucial for individuals, organizations, and businesses to be aware of two prevalent cyber threats in order to safeguard themselves – malware and phishing.
Malware (malicious software)
Malware continues to be the leading cybersecurity threat in the present day. According to SonicWall’s Cyber Threat Report, 2.8 billion malware attacks, took place in 2022.
There are many different types of malware, including viruses, worms, and ransomware. The WannaCry attack of 2017 is a well-known example of a significant malware attack that exploited a vulnerability in the legacy operating system Windows XP, which was released in 2001. It caused significant disruptions to essential services and affected major organizations by encrypting files and demanding payment for decryption.
Another well-known ransomware attack was NotPetya in 2017. The malware was spread through tax software that companies and individuals require for filing taxes in Ukraine. The attack had a significant impact on various industries, including banking, telecommunications, and even the radiation monitoring systems at the Chornobyl nuclear plant. It started in Ukraine but quickly spread to international companies with offices in the country.
Since March 2022, the Russian state-sponsored Sandworm group has been linked to a series of ransomware attacks on Ukraine and NATO member Poland’s transportation and logistics infrastructure. It is believed that these attacks were aimed at businesses supporting Ukraine in the ongoing war and were carried out using the “Prestige” ransomware.
On June 24, 2022, CERT-UA published a report about the DarkCrystal remote access trojan (RAT) being used by the UAC-0113 group, believed to be affiliated with the Sandworm and GRU. The report stated that UAC-0113 targeted individuals or entities in Ukraine using a malicious lure document, possibly including telecommunications providers, with the aim of compromising Ukraine’s telecommunications infrastructure.
Social engineering: phishing
Phishing is a type of cyberattack that involves the use of fake emails or websites to trick individuals into giving away sensitive information, such as login credentials or financial information. Attacks may use familiar branding or logos to appear legitimate, but they are actually designed to steal sensitive information or infect computers with malware. As of 2022, 323,972 internet users were victims of phishing.
To do this, attackers gather information about their victims through various means, such as researching LinkedIn profiles, social media posts, and publicly available information or data found on the Dark Web. They may also craft messages that appear to come from colleagues, management, vendors, or others that the victim knows and interacts with on a regular basis.
One of the examples of the phishing attack is Equifax 2017 data breach. In this case, attackers used phishing to gain access to the login credentials of a number of Equifax employees. The attackers were then able to access sensitive customer data, including names, social security numbers, and credit card information.
As per Microsoft Digital Defense Report 2022, Microsoft detected 710 million phishing emails blocked per week. In addition to the URLs blocked by Defender for Office, Digital Crimes Unit directed the takedown of 531,000 unique phishing URLs hosted outside of Microsoft.
How to protect businesses and organizations from cyberattack
There are some practical steps that businesses and organizations can take to protect themselves from cyber-attacks:
The identification and assessment of potential threats to personal data serve as the initial step in implementing appropriate security measures to protect them.
The primary security measures include:
Access control and authentication; incident handling with an incident response plan and the reporting of personal data breaches; logging and monitoring; server and database security; and encrypting specific files or records through software or hardware implementation.
Workstation security is also very important. Security settings should not be able to be deactivated or bypassed by users; anti-virus applications and detection signatures should be set up on a weekly basis. Organizations need to have robust security systems in place that are able to detect and block suspicious activity, even if it is coming from previously unknown malware.
Cybersecurity awareness training for all employees is also important.
To identify weaknesses in the system and to improve its security it is useful to use Pen tests or Vulnerability rewards program. For example, some companies participate bug bounty programs, in which they invite independent security researchers to try to find vulnerabilities in their systems and are willing to pay a reward for successful discoveries.
What individuals can do
To protect against cyberattacks, individuals can take a number of steps, including: using strong passwords (at least 8 characters, including special characters, letters of different case and numbers). Do not use your name, phone number, date of birth and other personal information as a password.
Do not store login information and passwords for various accounts, ranging from mobile banking to social networks, in notes or saved messages.
Enable two-factor authentication for online accounts (fingerprint, SMS, electronic signature file, etc.).
Be cautious about opening emails or links from unknown sources (to be protected from phishing attacks), and keep your computer and other devices up-to-date with the latest security patches and software updates.
Be aware of the risks and to be vigilant about protecting personal and financial information online.
Move all important information to separate folders to set a password.
Make a backup copy of important information to a cloud drive or flash drive, which should also be protected with a complex password.
Enable device encryption if possible.
Delete information that is no longer needed but could harm you if disclosed (photos, documents, etc.).
Activate the remote data deletion feature for your phone in case it is lost or stolen.
Check whether your data is protected in the institutions where you are served (banks, medical institutions, insurance companies, etc.).
In general, try to have a basic understanding of cyber hygiene.
Whether you’re a small business or an individual user, staying informed and prepared is critical for defending against the ever-evolving landscape of cyberattacks.
The views expressed in this opinion article are the author’s and not necessarily those of Kyiv Post.
You can also highlight the text and press Ctrl + Enter