The Limited Times

Now you can see non-English news...

Cyber ​​attacks have multiplied since the invasion of Ukraine and have become more frequent, diverse and complex

2022-04-08T03:53:32.083Z


Companies that maintain activity with Russia register up to 1,000% more attempts to break digital security


A monitor from the US Cyber ​​Threat Intelligence Center shows the degree of exposure of infrastructures to possible computer attacks.CLIFF OWEN

Cyber ​​attacks have multiplied and intensified.

Up to 39% of companies and 30% of entities have reported weekly digital breaches of their systems, according to the UK Digital Department.

It is ratified by the FBI (Federal Bureau of Investigation) in the United States and the European Chamber of Accounts, which concludes in a report: "The community of institutions, bodies and agencies of the EU has not reached a level of cyber preparation commensurate with the threats.

The attacks are more frequent, sophisticated and diverse, including all devices and all areas: also the private sector and humanitarian aid NGOs.

Companies in the sector corroborate the increase.

Ricardo Sanz, director of cybersecurity at Evolutio, assures: “Since the invasion of Ukraine,

The Digital Department of the British Government has no doubts: “The new figures show that the frequency of cyber attacks is increasing”.

According to data from the public body, a quarter of NGOs have been added to the list of companies and entities that are victims of this activity.

The FBI has joined the warning.

As explained by Bryan Vorndran, director of the security division of the US federal entity, to the House Judiciary Committee: "Cases of Russian scanning have increased."

It refers to the programs developed to know the activity of an organization and its weaknesses.

According to Vorndran, “Moscow-linked computers have been probing the networks for vulnerabilities to a series of cyberattacks, possibly in the works.”

"Scanning activity," he explained, "is similar to reconnaissance missions, in that cyber actors are trying to see what security systems look like before setting up an attack."

This Wednesday, the attorney general of the United States Merrick Garland has reported that, with the help of governments, they have removed a Russian malicious program from computer networks around the world.

According to Garland, it was a program controlled by Russian intelligence and created to massively infect private computers.

"Fortunately, we were able to remove it before it could be used," Garland said.

Europe is not spared.

On the contrary.

According to the latest report from the EU Accounts Chamber, “the number of cyber incidents is on the rise [up to ten times more than four years ago]” and they are becoming more sophisticated: “They generally involve the use of new methods and technologies and it can take weeks, if not months, to investigate and recover the systems.”

The institution points out, as an example, the cyberattack on the European Medicines Agency, where sensitive data was leaked and manipulated "in a way designed to undermine confidence in vaccines."

The European institution warns that the preparation is not adequate to the level of risk and that this weakness, given the interconnection of community entities and private and public organizations, "can expose several other organizations to cyber threats."

The Chamber of Accounts also concludes that good preventive practices are not always followed, "including some essential controls", and that the entire digital environment is not covered.

According to Bettina Jakobsen, head of audit at the European Court of Auditors, "The EU needs to do more to protect its own authorities."

increase due to war

Cybersecurity companies agree on the analysis of public bodies and point out that the Russian invasion of Ukraine has been a trigger.

The Check Point company has detected an increase in digital attacks to more than 1,500 per week per organization, 39% in Ukrainian entities and 17% in Russia in the days after the start of the war.

According to this company, "the trend of cyberattacks directed at NATO countries continues to grow."

Eusebio Nieva, Check Point's technical director for Spain and Portugal, explains that, after the war, the increase in attacks is recorded in all areas: “It seems that cybercriminals are increasing their efforts to take advantage of the situation.

The trend is visible not only in the two countries involved, but throughout the world.

I think they are trying to take advantage of the hype and interest around the war, as they seek to attack organizations that span the public sector as well as non-profit entities or the private sector.”

More information

Last minute of the war in Ukraine

The trend detected is that war is not only the goal of cyberattacks, but also the excuse.

In this sense, Bitdefender Labs has published an investigation into new fraudulent email campaigns with alleged charitable purposes to send financial aid to Ukraine.

In the same vein, Check Point points out that "cybercriminals are using lures ranging from official-looking writing to news articles and job postings" to access everything that is entered using the keyboard (

Keylogging

), steal the user credentials and passwords stored in browsers (Credential Harvesting), copy files, screenshots or clipboard data and even take control of computers.

In this way, not only large companies, such as Iberdrola, which suffered an attack last week, are threatened by cyberattacks.

According to the company Avast, 29.25% of global users are at risk of suffering from them.

And as the report from the EU Chamber of Accounts explains, they are becoming more sophisticated every day.

In this sense, Jakub Kroustek, Director of

Malware

Research at Avast, explains: “In the past, malicious programs used to be designed to perform a single action.

Today, these programs are like Swiss Army knives, capable of more than one intervention and often designed to do more harm.”

According to Ricardo Sanz, head of security for companies at Evolutio, "solidarity is another attack vector and it will be more sophisticated and difficult to detect the more attractive the target is and the more money there is involved."

The basic recommendation is to avoid clicking on the links that come to us by mail or SMS.

Sanz explains it with a simple example: “If you meet someone you don't know on the street, you normally don't say hello;

Well, you don't have to click on something that comes from an unknown source, an email address or a strange phone number.

That is the first step.

The second is to pay attention to details, even if they seem to come from entities we know.”

Vulnerable devices have also diversified.

According to Sanz, "attacks have adapted and, if people use mobile phones or tablets more, obviously there will be many more attacks against them."

According to the company Proofpoint, mobile malware infection attempts in Europe have grown by 500% since February.

The Police have warned of the proliferation of scams through unknown WhatsApp numbers that pretend to be an acquaintance or a relative who has changed their mobile and asks for money.

It is best not to answer, but if there is any doubt, the interlocutor can be challenged with a question or information that only the person they claim to be knows.

If the answer is ambiguous or incorrect, the interlocutor has assumed the identity of another person.

The introduction of a double authentication factor (via mobile) or biometric elements (such as fingerprints or facial scans) is a general practice in some economic transactions.

But among ordinary citizens, preparation is still lacking.

Jesús Cabet, from Persán, pointed out during the first Andalusian Cybersecurity Congress, held at the end of last month: “The problem is the low level of cybersecurity in society.

In companies, there are people who normally have a very low level of personal cybersecurity” Sanz agrees: “Not all people are prepared”.

According to a Proofpoint survey, 68% of Spanish IT security managers consider human error to be the biggest cyber vulnerability in their organization.

These mistakes are clicking malicious links, downloading compromised files, and not having a strong password (not changing or reusing it).

You can write to us at

rlimon@elpais.es

, follow

THE COUNTRY TECHNOLOGY

on

Facebook

and

Twitter

and sign up here to receive our

weekly newsletter

Exclusive content for subscribers

read without limits

subscribe

I'm already a subscriber

Source: elparis

All tech articles on 2022-04-08

You may like

Trends 24h

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.