In recent days, the question of what impact the war in Ukraine may have in terms of cybersecurity has come up more frequently. We asked our CISO Monika Bubela for her assessment of the situation.
How would you assess the current situation with regard to cybersecurity? Can you tell us what has happened in the past few days?
For general context, it is important to know that the war in Ukraine differs from past wars on one crucial point: for the first time the fighting is taking place not only on the ground in Ukraine, but in cyberspace as well. Russia is a powerful player in cyberspace. This risk of being fed misinformation or becoming the victim of a cyber attack is very high, particularly in Ukraine. And the other countries involved in the conflict – whether through sanctions or other policy measures – are also exposed to this risk. And that includes Germany. Which is why we need to remain extremely vigilant. Even though German-speaking countries are not the main focus at the moment, pro-Kremlin hacker groups or hacktivists may exploit the situation to carry out cyber attacks. We can expect the following:
- an increase in phishing attacks
- DDoS attacks
- and the use of misinformation
Prime targets include institutions that have proven easy for pro-Kremlin hackers to attack, the attack of which is not considered an act of war, and which are also not militarily or politically active. This includes financial institutions, educational institutions, local government and businesses that supply basic necessities.
What should businesses expect in the coming weeks? And what can they do to protect themselves?
The current focus of pro-Kremlin hacker groups seems to be on activities related to the war. Once the situation begins to change, it is likely that these groups will increasingly begin to target countries that support Ukraine, as well as businesses.
My advice to businesses is to focus on their cyber hygiene more than ever before. Raise your employees’ awareness of potential social engineering activities. The following are examples of information that is of interest to cyber criminals:
- Which individuals are in management positions at a company
- Which business activities a company is currently involved in
- Who at the company is responsible for transferring funds
- When managers are on leave
- Email addresses
This kind of information is all that’s needed to simulate internal emails and use them in a phishing attack. A single click is often all it takes to install malware and disrupt business operations. Be more vigilant about receiving unsolicited messages, emails or phone calls. And bear in mind that there is a possibility that the person contacting you could very well be impersonating someone else. If you have any doubts, contact that person using a different communication channel to double-check. Any time someone suggests that something is urgent or pressures you to act, it is most probably an attempted attack. The same applies any time someone makes you an offer that is too good to be true.
Businesses should also regularly monitor their systems for DDoS attacks. DDoS attacks deliberately overload the system using incoming traffic from many different sources. The aim is to flood the system until the service offered is no longer available. As a result, the company website could go down, the customer service team could be shut out of the email system or production could even come to a complete standstill. This type of attack is particularly insidious as it is very difficult to contain. To prevent attacks of this type, it is essential that all devices connected to the internet are secured. This includes speakers, cameras, watches, etc. These are rarely password-protected and are therefore particularly vulnerable to attack. Firewalls and server settings can also provide additional layers of security.
Proper password management together with multi-factor authentication and regular updates to all systems will also significantly reduce a business’s vulnerability to cyber attacks. Cyber criminals are always searching for new weak points in the devices or software being used. Automatic updates ensure that any known security gaps are closed and that the devices in use are equipped with the latest security software.
It’s also important to note that misinformation is one of the most powerful tools in a military conflict. Familiarize your staff with the phenomenon of so-called deep fakes. A deep fake is content that appears to be real but has been created using artificial intelligence. In the current context, this could be used to discredit, manipulate or spread disinformation. And it isn’t always immediately obvious that these photos, videos or voice recordings are deep fakes. Which is why I recommend questioning the origin of the material and cross-checking the information with other sources.
“For the first time in history, a war is taking place not only on the ground, but in cyberspace as well. At the moment, cyber attacks are focused primarily on war-related activities. But this situation could change at any moment, and with it, the targets of these attacks. I would therefore advise all businesses to exercise extreme caution. Raise your employees’ awareness of potential phishing attacks that use social engineering tactics. Ensure that your system is protected against DDoS attacks and be discerning when it comes to handling information. Being able to assess the risk to your business and take the appropriate action is essential. Not only given the current situation, but in the long term as well.”
Monika Bubela, CISO Perseus Technologies
What else can businesses do?
Tracking the activities of key threat actors and those who collaborate or sympathize with them is of interest here. By monitoring their activities and methods, it is possible to predict their next moves and to analyze the techniques and tactics they use. Another key factor in sustainable security is to be aware of one’s own risk when it comes to cybersecurity. I believe that a risk analysis carried out by experts makes sense here.
About Monika:
Monika Bubela studied law in Warsaw before training at the Polish Naval Academy and specializing in cybersecurity. Her work experience includes a position at Interpol as well as various security companies throughout Europe. Bubela joined Perseus in 2020 and was appointed CISO of the company in 2021.