Cybersecurity | News
In recent days, the question of what impact the war in Ukraine could have on cybersecurity has come up more and more frequently. We asked our CISO Monika Bubela for a classification.
How do you assess the current situation in terms of cybersecurity? Can you give an overview of what has happened in the past few days?
For a general classification, it is important to know that the war in Ukraine differs from the wars in the past in one crucial point: For the first time, both the immediate environment in Ukraine and the entire cyberspace are the scene of battles. Russia is a powerful virtual player. The risk of being supplied with false information or becoming a victim of a cyberattack is very high, especially in Ukraine. And all other countries involved in the conflict – whether through sanctions or other political actions – are also exposed to this risk. This also includes Germany. Therefore, the highest vigilance is the order of the day. Even if there is currently no focus on the German-speaking world, Kremlin-friendly hacker groups or hacktivists can use the situation for cyberattacks. At present, the following are to be expected:
The main targets are facilities that turn out to be easy to attack for hackers close to the Kremlin and whose attack is not considered an act of war, and who are neither militarily nor politically active at the same time. This can include financial institutions, educational institutions, local authorities and companies for everyday goods.
What should companies prepare for in the coming weeks? And how can they protect themselves?
Currently, the focus of Kremlin-affiliated hacker groups seems to be on war-related actions. As soon as the overall situation changes, it can be assumed that states that support Ukraine and companies will be increasingly targeted by these groups.
Therefore, more than ever, I advise companies to pay attention to cyber hygiene in their own operations. Sensitize your employees to possible social engineering activities. For example, the following information is relevant for cybercriminals:
Information of this kind is enough to replicate internal emails and send them as phishing emails. One wrong click is often enough to install malware and render the company inoperable. Pay more attention to unexpected messages, emails, or calls, keeping in mind that there is a possibility that the contact person could impersonate someone else. If you are not sure, use an alternative communication option to take the exam. Whenever someone gives a sense of urgency and pushes you to take action or makes an offer that is too good to be true, it is most likely an attack attempt.
Companies should also regularly check their systems for DDOS attacks. The deliberate overload of the system is caused by a variety of decentralized sources. This type of attack aims to load a system so heavily that the service offered is no longer available. This can lead to the company website no longer being accessible, customer service being cut off from the e-mail system or even an entire production stoppage. This type of attack is particularly treacherous because it is very difficult to contain. An important measure against this is to secure all devices connected to the Internet. These include loudspeakers, cameras, watches, etc., as these are rarely provided with secure passwords and are therefore particularly easy to use for criminal activities. Additional protective measures can also be taken via firewalls and server settings.
Appropriate password management including multifactor authentication and regular updates of all systems also significantly increase the protection of a company against cyberattacks. Cybercriminals are constantly on the lookout for new vulnerabilities in the devices or software they use. Automatic updates ensure that known vulnerabilities are fixed and that the devices used have the latest security.
In addition, the fact that misinformation is one of the most important tools in military conflicts should not be overlooked. Familiarize your employees with the existence of so-called deepfakes. This is realistic-looking media content such as photos, videos or voice recordings, but it was created with artificial intelligence and is used to discredit, manipulate or disinform in the current context. With the corresponding media, it is often not immediately obvious whether it is a deepfake. Therefore, I recommend questioning the origin of the medium and comparing the information with other sources.
“For the first time in history, war is taking place in the immediate vicinity as well as in cyberspace. At the moment, the focus of cyberattacks is mainly on war-related actions, but the situation can change at any time – and so can the focus of the targets. Therefore, I advise all companies to exercise extreme caution. Sensitize your employees to possible phishing attacks based on social engineering. Make sure your system is protected from DDOS attacks and handle information critically. The important thing is that you can assess the risk of your company and take appropriate measures – not only in the current situation, but also in the long term.”
Monika Bubela, CISO Perseus Technologies GmbH
What else can companies do?
It is interesting to follow the actions of the main threat actors and those who cooperate or sympathize with them. Tracking the activities and methods helps in a possible prediction of next steps as well as the analysis of the techniques and tactics used. Developing an awareness of one’s own risk in terms of cybersecurity is also the cornerstone of sustainable protection. I think a risk analysis by the appropriate experts makes sense here.
About the person:
Monika Bubela studied law in Warsaw and specialized in cybersecurity in additional training at the Polish Naval Academy. This was followed by professional stations at Interpol and in various security companies throughout Europe. Bubela has been with Perseus since 2020 and was appointed CISO of the company in 2021.
