From the start of Russia’s military invasion of Ukraine, the number of ransomware attacks has increased fivefold compared to the pre-war period. The scale of cyberattacks is based on the data analysis provided by the Lithuanian anti-malware system manufacturer, SpyWarrior, whose software is installed in many European countries. Ransomware attacks do not only affect computers operating in Central and Eastern Europe, the Baltic countries or Ukraine itself. Data from the end of 2021 indicates that 74% of ransomware attacks originated in Russia and were carried out by organized hacker groups.
In addition to ransomware attacks, there was a significant increase in phishing attacks. Disinformation campaigns about the situation in Ukraine and the course of the war carried out via social media often negatively position the European community against refugees from Ukraine. Importantly, these attacks were carried out using bots (specialized software that automates the posting and comments on Facebook, Instagram, or Twitter) and software that took over the accounts of real users, who were often not even aware of the fact that such information was posted on their behalf.
Until recently, attacks had most often been carried out via e-mail messages, but now there has been an explosion of attacks by messages or social media posts containing links to malware that often took over a social media account by sending messages to the address book, giving the sender credibility. After clicking on the link, either the proper ransomware is installed, or the message is further disseminated to other victims by the unaware account owner.
Another threat is attacks on computers, which become “zombie” computers, because they are used to execute Distributed Denial of Service (DDoS) attacks on the servers of companies or government organizations. A DDoS attack prevents the operation of, for example, a web service by seizing all free server resources (sending multiple requests) and is carried out simultaneously from many computers from different places. The victims of such attacks were the servers of Ukrainian institutions and other countries in the region.
For a reason, a human is called the weakest link in the security ecosystem. Research by the U.S. National Security Agency shows that over 90% of successful cyberattacks are the result of human error, not software or hardware errors. Human errors were not only the result of clicks on links of unknown origin, but also of non-compliance with the basic rules for creating, storing, and using passwords or not following the procedures developed in the organization. Research shows that 80–90% of ransomware attacks took place because of a click on a link in an e-mail sent to an unaware recipient. It’s also not uncommon for people who clicked the link to have previously disabled virus and malware protection because it reported a security alert.
To realize the scale of the threat, it is worth knowing that hacker groups are organizations divided into departments (e.g., management, programmers, testers, negotiators, and customer service) consisting of tens or hundreds of people. One such gang is Conti, the author of the ransomware of the same name, that, since 2020, has run a website which may have leaked documents that had previously been copied by such ransomware.
During the Russian invasion of Ukraine, the Conti group announced its support for Russia and threatened to use “retaliatory measures” if cyberattacks were launched against that country. In February 2022, personal data from the chats of the group was disclosed and, on this basis, information about the group was obtained. Regular programmers earn from $1,500 to $2,000 per month and members negotiating the payment of the ransom get a commission. In 2021, the group successfully launched attacks on 400 institutions and it is estimated that it has obtained at least $50 million in ransom payments. Group attacks are limited only to computers located outside of Russia.
It is worth mentioning here about the dangers resulting from the improvement of deep-fake technology, i.e., image and sound processing techniques that combine images of human faces and voices using artificial intelligence. The resulting audio or video recording deceptively presents a real person. Many companies have fallen victim to such manipulation (e.g., when a transfer was made to a cybercriminal’s account based on an audio command from the company’s CEO merely imitating his voice).
We live in a world where military threats are combined with digital ones, so we should take even better care of the security (cyber and otherwise) of the organizations we work for.
Below is a list of eight essential cybersecurity components that each of us, Internet users, should implement to ensure a high level of security. Remember that technological measures are only one element of the cybersecurity ecosystem, and nothing can replace attention and common sense.
Is it all? Certainly not. These are the most important elements that must be met by every individual computer or smartphone user. In companies and governmental and local government organizations, this security ecosystem is extended to include network and server security.
Author: Przemysław Kucharzewski
About Przemek Kucharzewski
Co-founder and General Manager in Cypherdog Security Inc. – a vendor of solutions for encrypted communication. Przemek has 27 years of experience in building sales channels, marketing, and commercialization of IT solutions. In recent years, he has been focusing on cybersecurity and cloud solutions. In the past, he mainly worked for the largest IT distributors in the CEE region. He worked as Interim Manager for IT system integrators and vendors in advanced solutions selling. He is the author of many articles in the IT & business media, speaker, lecturer, and podcaster.