Cyber Attacks | Today's Reality


Introduction


I am aiming to complete my CISM® (Certified Information Security Manager) exam within the second quarter of this year, likely around July 2022 at this stage, but I am hoping to read another handful of books and further literature beforehand.


I have always had an interest in information security and cyber-security, but I have never invested any substantial time in researching and reading books about the topic, hence my new certification objective for 2022.


Thanks to the CSMP® for really giving me a good insight into the Protection of Information in Unit 11 of my studies last year in 2021.


Over the past few months I have been studying and researching this very informative, challenging, complex and misunderstood area in depth.


We have seen these tragic events unfold in the Ukraine over the past days, the actions by Russia are well documented on TV and across the internet, but what is not overly publicised, understood, or even taken seriously is the threat of cyber-attacks and theft of information, not only by various global nations, but in general, from organised criminal gangs and lone-wolf cyber criminals.


Cyber-attacks increasingly target large-scale, high-profile, national infrastructure and government entities, and there is only so much people can do despite the resulting disruption and damage caused to them both professionally and privately.


For individuals, the most important defence is to ensure any potential vulnerabilities on personal and business devices are addressed, whether that's through software updates or additional security measures such as two-factor authentication, where a code from an external device or app is used in addition to your existing password.


The burden is arguably on the public and private sector to prepare. The banking system may be particularly vulnerable to attacks, with recent government sanctions aimed at crippling the Russian financial system making banks a target for retaliation, particularly countries that move to further cut off Russia from SWIFT.


Cyber-attacks fall under the traditional attack categories of Sabotage, Espionage and Subversion.


Sabotage


Deliberately destroy, damage, or obstruct (something/someone), especially for political or military advantage.


Espionage


The practice of spying or using spies, typically by governments to obtain political and military information.


Subversion


A systematic attempt to overthrow or undermine a government or political system by persons working secretly from within.


Russia and the Threat of Cyber-Attacks


Cyberterrorism is often defined as any premeditated, politically motivated attack against information systems, programs and data that threatens violence or results in a violent action.


The definition is sometimes expanded to include any cyber-attack that intimidates or generates fear within the target population. Attackers often do this by damaging or disrupting critical national infrastructure (CNI) such as airports, hospitals, transport, energy and sewage treatment facilities to name a few.


Cyber-attacks can be carried out more rapidly than a standard weapons attack, and largely remove barriers of time, distance, delays and often response.


Launching them is relatively cheap and simple if the adversaries are skilled, have the appropriate capabilities and are intent, but defending against them is increasingly costly and complex.


After Russia’s withdrawal from Georgia in 2008, Vladimir Putin led an effort to modernise the Russian military and incorporate cyber strategies. State-sanctioned cyber-attacks have since been at the forefront of Russia’s modern warfare strategy.


The Russian Main Intelligence Directorate (GRU or Glavnoye Razvedyvatelnoye Upravlenie) typically orchestrates these attacks. They often involve customised malware (malicious software) to target the hardware and software underpinning a targets system and a countries CNI.


Among the latest attacks on the Ukraine, was a Distributed Denial of Service (DDoS) attack.


DDoS attacks try to crash a website by bombarding it with requests at the same time, and this surge of simple requests overloads the servers, causing them to shut down completely, this is often aimed at a government website, or a government entity offering public services, such as a nation's electricity and water infrastructure company.


In order to leverage and amass the number of requests necessary, hackers will often resort to botnets (robot networks), networks of computers brought under their control with malware.


According to the Ukraine, several government and banking websites went offline as a result of this attack, DDoS attacks use bots to flood an online service, overwhelming it until it crashes, preventing access for any legitimate users.


A destructive “data-wiping” software has also been found circulating on hundreds of computers in the Ukraine, according to reports, with suspicion falling on Russia.


On February 15th 2022, the Cyber Police of Ukraine said citizens were receiving fake text messages claiming ATM’s had gone out of service. Many citizens scrambled to withdraw money, which caused panic and uncertainty amongst the general population.


This attack was not aimed at causing technical disruption, it was aimed at damaging confidence, like within the financial sector, people get nervous and worried when share prices drop or exchange rates decrease. However, other disruption was possible due to the amount of people trying to withdraw money, thus impacting ATM’s functionality, and the requirement for banks to fill empty ATM’s more frequently.


Historically, Russia has managed to evade much of the responsibility for such cyber-attacks. In conventional warfare, pinpointing the responsible party is usually straightforward, in cyberspace it is very complicated, and can be very time-consuming and very costly.


It’s easy for a country to deny its involvement in a cyber-attack, we rarely see a nation claim responsibility for such attacks.


One reason plausible deniability can usually be maintained is because cyber-attacks can be launched from an unknowing host. For example, an unwitting victim’s compromised device, (a zombie device, a zombie is a computer connected to a network that has been compromised by a hacker, a virus or a Trojan, it can also be used remotely for malicious tasks) these can be used to continue a chain of attacks, often unknown to the asset owner/operator. So, while the operation may be run by the perpetrator’s command and control servers, tracing it back to them becomes very complicated.


While businesses reinforce their cybersecurity posture during this period of geopolitical tension, people should regularly ensure their computer, mobile devices and software are updated, double-check that all passwords are secure and all email accounts, applications and social media accounts are protected by two-factor authentication.


Phishing attacks are increasing, seeking to trick people into clicking links within emails, that grant attackers access to computer system or application, such as a victim’s email account, banking application, or social media account.


These are incredibly common, and it is important for the recipient to partake in some of the following actions.


- Instead of clicking on a link in an email, open a new browser page and type in the address/URL for the site that you intended to visit. Sometimes a fraudulent link will be very similar to a trusted one, just changing a few imperceptible letters.


- Upgrade both your operating system and browser software. The latest versions of most browsers come equipped with anti-phishing filters. As attackers devise new attacks, software updates improve your filters.


- It’s a good idea to block pop-ups when browsing the internet.


- Never input personal information into pop-up windows unless you are completely confident they are from the intended site.


- For day-to-day computer use, use a standard user account instead of an administrator account. Switch over to the administrator account only when administrator functions are necessary. This protects your computer by reducing access to critical administrative functions.


- Delete and do not open suspicious email messages. It may be tempting, and sometimes the subject line can be catchy or so generic that you want to learn more, just delete it.


- Only accept trusted certificates on webpages.


- Do not click on links that will take you to an unfamiliar site.


- Look out for any unsecure warnings from the browser. For instance, Chrome displays a warning triangle with “Not secure” in the address bar if a site does not have the HTTPS security protocol enabled.


- In general, if you receive a phishing email do not open it, do not click on any links or attachments and delete it immediately.


- If you are in the UK and you are receiving multiple emails of suspicion, you can forward the email to report@phishing.gov.uk, The National Cyber Security Centre (NCSC) will investigate it.


Misinformation vs. Disinformation vs. Malinformation


Misinformation, Disinformation, and Malinformation are often confused with one another, I have tried to explain them below.


Misinformation and Disinformation are both false information, but Misinformation is spread without the intention to harm and Disinformation is spread with the intention to harm.


Malinformation is information that is based on reality but is deliberately manipulated or put into a context meant to inflict harm, like official and genuine documents released the day of, or night before an election to harm a person’s chances of being elected.


Intention is what differentiates Misinformation vs. Disinformation. While the spreaders of Misinformation do not have any alternative motive behind sharing inaccurate information, or may not even be aware of the inaccuracy of the information at all, for example a genuine news agency sharing a news story they believe to be accurate, those who spread Disinformation are deliberately intending to mislead others.


The goal of spreading Disinformation is often to have a specific effect among a target audience, or manipulate the way people perceive reality.


Nations continue to weaponize Disinformation in order to influence opinions, create confusion, and polarize a population, an example of this is above in relation to an SMS message sent to confuse people in relation to ATM’s going offline.


This could also be through fake news stories spread through state sponsored media outlets, or through social media posts propagated (promoted, reinforced) by online bots, like the Twitter bots used to spread propaganda around the 2016 American election, or paid marketing on social media platforms such as Facebook, which is a popular tactic used by Chinese threat actors which we are seeing more of, you may yourself see these campaigns if you are a regular Facebook user.


Many Disinformation operations are themselves cyber-attacks. Whether it’s hacking a legitimate website to post fabricated statements, infiltrating a person’s email inbox to infiltrate and leak data, or even using false information as a lure in phishing emails (above), Disinformation and cyber-attacks are often combined to reach the same targets and enhance the impact of both.


Conclusion


As criminals, and nations continue to adopt new technologies, skills, capabilities, intent, and attack strategies, businesses must adapt their approach to cybersecurity and consider the below best practices as part of their BCP (Business Continuity Plan).


Policy


The cyber security and information security policy must be endorsed, effective and communicated to everybody in the business to be effective. An information security policy is a set of rules and guidelines that dictate how information technology (IT) assets and resources should be used, managed, and protected within the business.


Create an Insider Threat Strategy


Creating an insider threat strategy is imperative for businesses to prevent employees from misusing their access privileges to steal or destroy corporate data. The IT security team should not delay, and must gain endorsement from top management to deploy policies across the business. Insider threat is a growing problem, and one which is very much ‘’shrugged off’’ or taken for granted.


Training and Awareness


Employees are the first line of defence against cyberthreats. Businesses must conduct comprehensive cybersecurity awareness programs to train employees on recognizing and responding to cyber threats, such as phishing emails.


Phishing & Attack Simulations


Organizations must conduct phishing simulations and attack simulations to educate employees on how to avoid clicking malicious links or downloading attachments. This forms part of the training and awareness point above.


Compliance


Irrespective of the level of cybersecurity a business implements, it must always maintain compliance with data regulations that apply to the industry and geographical location they operate in.


Regularly Update Systems and Software


As cyber threats are evolving rapidly, a programme in place now, may not be effective in two months, or even next week, regular updates are required.


Backup Data & Appropriate Storage


Backing up data regularly helps reduce the risk of data breaches. Backup your website, applications, databases, emails, attachments, files, calendars, and more on an ongoing and consistent basis.


Secure Site with HTTPS


Organizations must encrypt and secure their website with an SSL (Secure Sockets Layer) certificate. HTTPS protects the integrity and confidentiality of data between the user and the website they are browsing.


- CISA Issues “Shields Up” Warning About Russian Cyber Attacks – 25/02/22

- Russian cyberattacks could soon strike the West, analysts say. ‘The risk right now is high and rising’ – 24/02/22


Thank you for reading.


My regards.


Adam WG Green MSyl CSMP