Cyberattacks on Ukrainian businesses continue: how to protect yourself
Most often, this happens due to human error or small, hardly noticeable breaches in the system.
According to Oleksandr Atamanenko, a cybersecurity expert at Octava Defence, email messages represent one of the most popular entry points for hackers. Two types of such messages exist - a malicious program disguised as a useful attachment, or a phishing email. Such a message would encourage the user to follow a link to a clone of a website and enter their account data there, thereby granting access to the malefactors.It was through phishing that the Russians managed to gain access to Delta, a Ukrainian military situational awareness system, for 13 minutes.Two servicemen took the bait, infecting their devices with malware. Luckily, the intruders were prevented from accessing much information, since each account in this system is granted restricted access to information, while the access for higher-level commanding officers is more heavily protected.
According to him, hackers also take advantage of software vulnerabilities. All the most popular software from even the best IT companies, including the Windows OS, has such security flaws.
Developers release updates almost every month to eradicate these vulnerabilities. However, users often hold off on updating their software until later, enabling exploitation of software flaws by hackers. A single vulnerable computer on the secretary's desk can become an entry point for a virus.
"Information about certain software vulnerabilities is widely available, it can be bought, for example, on the darknet. Last winter, a vulnerability in Microsoft Outlook surfaced, and the developer released a patch to fix the bug in a few days. I know of a case where this vulnerability was exploited.
That is, it took an intruder only a few days to identify the software problem and attack its target before the vulnerability was closed by the developer," Atamanenko emphasised.
Protecting against cyberattacks
Not a single organisation is impenetrable against cyberattacks. Even the Pentagon's system gets hacked once in a while. The US Government recently held the Hack the Pentagon hackathon, during which 1,400 hackers searched for system vulnerabilities and identified more than 100 of them.Ukraine has found itself between the devil and the deep blue sea.
On the one hand, it is being attacked by ordinary cybercriminals and, on the other hand, by Russian hackers. Companies and government agencies can sift out most threats if they take security seriously.
First of all, the company needs to understand what kind of IT infrastructure it has. Broadly speaking, what exactly it must protect.
In an online store, protection would be built around the main website, while in a logistics company - around the vehicle route planning system, etc. According to Atamanenko, cybersecurity implies a systematic effort. It cannot be done on a piecemeal basis, relying only on online recommendations.
It must represent a compact ecosystem that responds to threats with all available tools - from risk assessment, implementation of appropriate security measures, proper configuration of the IT infrastructure, and to appropriate briefing of employees. Cybersecurity is not a one-time event, but rather an ongoing process that requires investment. Technology is changing rapidly, which means that hacker attacks are becoming more sophisticated.
This calls for a proper response through monitoring of IT infrastructure to detect suspicious activity, along with modifications to security methods. Hiring experts full-time to secure digital infrastructure is usually prohibitively expensive. "Cybersecurity professionals are very well-paid.
A team of such experts may cost a company half a million hryvnias a month [about US£12,500 - ed.], which isn't easily affordable," pointed out Atamanenko. Hiring such a team would make sense for larger companies, while smaller companies, which lack a well-developed IT infrastructure, can manage by sharing a single team. This is the reason why cybersecurity professionals can be outsourced.
Octava Defence, one of the leaders in the cybersecurity market, provides services to multiple clients simultaneously at much lower prices for each customer.
This involves a classic set of cyber defence services, such as assessment of IT infrastructure and analysis of potential threats, development and implementation of security solutions. And all this - with due regard given to the specifics of each organisation's operation. Monitoring events in the IT infrastructure, responding to identifiable indicators of a hacker attack, and investigating suspicious incidents are essential to present-day cybersecurity.
To this end, Octava Defence has developed SOC -- the first commercially available surveillance system in Ukraine, offering real-time collection of data on cyberthreats, finding prompt solutions to problems, and reporting to the customer. Octava Defence's staff comprises analysts who are aware of global trends and are guided by international security standards, being one step ahead in anticipating threats. The protection of Ukrainian cyberspace must be based on the protection of each computer in every company.
Finding a reliable partner is the first step in this process.