As Russia has openly declared war on Ukraine on all fronts, concerns grow on how this will affect us in the West. The classic war as we know it has evolved through the years from bombs and grenades to bits and bytes; a Hybrid War. Attackers can now cripple their opponents’ networks with the simple push of a button, and you can be sure this tactic is being used and abused. Last week, we learned the hard way about this new way of hybrid warfare, as Ukrainian computer and information systems were the target of large-scale, coordinated cyber-attacks.
On the 23rd of February, a new wiper malware began circulating in Ukrainian companies and organisations. Shortly afterward, Belgium’s main cyber security body, the CCB, published a call to companies in our country to ‘dust off’ their cyber emergency plans, even if there is no concrete threat of cyber-attacks now,” according to director Miguel De Bruycker. Still, no one knows what will happen next.
Previously, ESET, a Slovak internet security company that offers anti-virus and firewall solutions, reported their discovery of this new data wiping malware on hundreds of systems in Ukraine. In at least one case, the malware, named Hermetic Wiper, infiltrated the victim’s Microsoft Active Directory Server. According to ESET, the wiper’s goal was to actively disrupt businesses and cause havoc by destroying data and putting down operational systems.
It seems likely that Russia will be continuing its massive cyberattacks in the next few weeks, in an attempt to delay or threaten a Western response to the invasion of Ukraine. As Belgium hosts the NATO headquarters and key European Institutions, it could pose an interesting target. Even if your company is not immediately involved or connected with one of these organisations, the risk of collateral damage always remains, and extra vigilance is encouraged.
Not the first time
This isn’t the first time that attacks on Ukraine have had repercussions for Belgium. In 2017, a piece of malware called NotPetya, attacked Microsoft Windows-based systems, causing some companies in The Netherlands and Belgium to shut down temporarily.
That is why for companies, it is vital to dust off existing cyber response plans and review and update them where necessary. As prevention is always better than cure, it’s important to be prepared, and have procedures in place to respond to and recover from security incidents.
What you can do
On Friday 25 February, the following recommendations were made to the Defense Department personnel by the General Intelligence and Security Service (in Dutch, ADIV or French SGRS). These can be useful for any company, as it is important to react quickly and increase vigilance.
In terms of cybersecurity, it is vital that you protect yourself and your company, whether you work from home or at the office. Remote working has made it easier for criminals to attack you via cyber ways. Your view on cybersecurity may have changed because of the recent events in Ukraine, but the way cyber attackers operate hasn’t changed. Here are some simple practices you can keep minimizing the change of a successful (and detrimental) attack:
Phishing & scamming are methods in which cyber attackers try to trick you or get you to do something to erase data or get your personal details. Usually, messages are sent via email and via text messages and social media. Lately, there has been a rise in Teams attacks, as its “Microsoft’s most popular collaboration tool, which has particularly risen in popularity among remote workforces during the pandemic.” This makes it an attractive tool to use for phishing.
Keep an eye out for messages that seem too good to be true, emails that urge you to do something unusual, or that put pressure on you. These are often phishing attacks. Always check the source; phishing mails will almost always have a strange or unknown source. Make sure your employees are aware of phishing, know how to recognize a fishy message, and how and where to report any phishing attempts.
Strong passwords are essential to protect your organization and personal life. Make sure all your accounts are safe by using long and unique passwords. The longer your password, the better.
Of course, we’re not robots, and remembering these passwords can be a hassle. You could therefore use password sentences (for example: I-am-4lways-Hungry) or passwords that consist of multiple words (for example: ‘Honeybutter-Happy<3’). We also recommend you to change passwords regularly.
Can’t remember all these passwords? Neither can we! You could use a password manager, such as ‘LastPass’ to keep all your passwords safe.
Lastly, make sure you use multi-factor authentication (MFA or 2FA) for important accounts.
PED-Updated (Personal Electronic Devices):
Make sure you keep your computers, devices (mobile phone, tablet…), and applications up to date through automatic updates. Cyber attackers are continuously searching for new vulnerabilities in our software and devices. You’ll be able to cover these weak spots by turning on automatic updates.
Often, you’ll see fake news appear on the Internet. Don’t trust everything you read from new, unknown, or random social media accounts (on Facebook, but also on LinkedIn, Twitter, or Instagram). Only follow trustworthy, known news sources who verify the authenticity of news before publishing it.
Awareness is Key when it comes to a hybrid war
Awareness is key when it comes to preventing cyberattacks. Make sure everyone in the company is aware of these attacks and knows where to report suspicious content. By doing so, you are already severely reducing cybercriminals’ chances of success in winning this Hybrid War.