February 2, 2024
Read time: 5 min.

Cybersecurity During a Full-Scale Invasion

by Oleksandr Adamov, Cybersecurity Consultant at GlobalLogic Ukraine, Associate Professor at Kharkiv National University of Radio Electronics

Unexpected cyber hygiene principles to know to enhance personal and corporate security

Since the beginning of the Russian invasion in 2022, cyberspace has become an arena of intense attacks affecting both corporate and personal security. 

On January 13-14, 2022, a massive attack on Ukrainian government websites was carried out with reports of an alleged personal data leak. Soon after, the WhisperGate malware was discovered, which was aimed at destroying files at government, non-profit, and tech organisations. On January 19, a group of hackers called Gamaredon attempted to compromise a government agency in Ukraine for the purpose of cyber espionage. Since March 6, attacks against civilians have increased, especially phishing and malware for personal devices.

February 2022 saw a series of Ghostwriter phishing attacks targeting Ukrainian government agencies to steal confidential information. At the same time, the HermeticWiper malware attack targeted government information resources, destroying important data.

In the face of modern cyber threats, it is important to integrate a comprehensive approach to cyber hygiene.

March 2022 brought the DDoS attack “Operation: Isolation” DDoS attack on Ukrainian banking institutions, causing network overload and denial of service. In April 2022, there was an attack on the supply chain through the compromise of software used by Ukrainian manufacturers and distributors of energy equipment. Social engineering techniques, including fake calls and messages, were used to manipulate employees and gain unauthorised access to systems.

These incidents highlight the need for knowledge of cyber threats to corporate security and personal data protection. These developments reinforce the need for a comprehensive approach to cybersecurity, including updating security systems, educational programmes to raise employee awareness, and developing strategies to effectively respond to cyber incidents. In the context of military conflict, cybersecurity becomes a key component of national security, requiring coordinated efforts from the government, the private sector and individual citizens. Appropriate response to cyber threats, proactive identification of vulnerabilities and development of effective defence strategies are crucial to ensure resilience and security in the digital space in the face of growing uncertainty and changes in the global cyber landscape.

In the context of strengthening corporate and personal cybersecurity, especially in the face of modern cyber threats, it is important to integrate a comprehensive approach to cyber hygiene. According to current research in this area, the following key areas can be identified:

  • Security awareness training: Conducting security awareness seminars and training for employees on a regular basis focusing on social engineering and, specifically, phishing attacks. The training should also include drills where, for example, test phishing emails are sent to discover weak links in corporate cyberdefense.
  • Encryption of DNS queries: The use of DNS over HTTPS (DoH) or DNS over TLS (DoT) is becoming increasingly important to protect DNS queries from possible interception and manipulation. This is especially important to counter certain types of phishing attacks that exploit vulnerabilities in DNS protocols.
  • Network isolation: Dividing corporate networks into segments allows you to limit the movement of potentially harmful traffic and reduce the area of influence of possible attacks. This approach effectively reduces the risk of malware spreading within the network.
  • Advanced behavioral access control: Modern security systems offer solutions that analyse user and device behaviour to detect abnormal patterns. This is important for early detection of potential compromises to accounts or infrastructure.
  • Use of honeypots: Deploying honeypot systems that mimic vulnerable resources is an effective way to detect and analyse hacker attacks. Such systems allow you to identify new methods and tools of attackers, and help to improve security strategies.
  • Application of Zero Trust architecture: The “don’t trust, always verify” model is becoming key in today’s cyber threat environment. This architecture provides access to users and devices only after thorough verification and within the required privileges.
  • Automation of patch management: Automating the software update process is key to ensuring protection against known vulnerabilities. Regular software updates help prevent these vulnerabilities from being exploited by malicious actors.
  • Use of a Security Incident Management System (SIEM): Integrate an SIEM for real-time monitoring and analysis of security events in the network. This provides in-depth analysis and timely response to cyber incidents.
  • Principles of least privilege: Restricting access to users and systems to the minimum necessary to perform their tasks reduces the risk of compromise and insider threats.
  • Strong identity and access management (IAM): Strict authentication and authorisation methods, including multi-factor authentication, to enhance account security.
  • Advanced Threat Intelligence: Using data on current threats for preliminary analysis and prevention of attacks.

In summary, the modern cyber landscape, especially in the context of military conflicts, poses serious challenges to corporate and personal security. The evolution of cyber attacks, including phishing, malware, DDoS attacks and social engineering techniques, requires organisations and individuals to have a deeper understanding and a more progressive approach to cyber hygiene. Integration of solutions such as DNS query encryption, network isolation, advanced access control, use of honeypots, Zero Trust architecture, patch management automation, SIEM, least privilege principles, IAM, and Threat Intelligence are key to building an effective defence. An appropriate approach to cybersecurity is becoming an integral part of ensuring resilience and security at both the corporate and personal levels.

Share:
Cybersecurity During a Full-Scale Invasion

by Oleksandr Adamov, Cybersecurity Consultant at GlobalLogic Ukraine, Associate Professor at Kharkiv National University of Radio Electronics Unexpected cyber hygiene principles to know to enhance personal and corporate security Since the beginning of the Russian invasion in 2022, cyberspace has become an arena of intense attacks affecting both corporate and personal security.  On January 13-14, […]

https://itcluster.lviv.ua/wp-content/uploads/2024/02/montazhna_oblast_1.png
Copied!