Even as the tensions between Russia and Ukraine refuse to die down, a series of cyber-attacks has knocked the websites of the Ukrainian army, the defense ministry and major banks. These attacks could be a smokescreen for a more serious and damaging cyber-threat. According to a report by news agency AP, at least 10 Ukrainian websites were unreachable due to the attacks, including the defense, foreign and culture ministries and Ukraine’s two largest state banks. In such attacks, websites are barraged with a flood of junk data packets, rendering them unreachable.
However, this is not the first time when Ukraine faced this sort of hybrid warfare as it had happened in 2017 too, when a series of powerful cyber-attacks using the Petya malware reportedly began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms.
In the backdrop of these developments, let’s understand what exactly the cyber-attacks are, what are the common forms of cyber-attacks and how one should avoid them.
What is a Cyber-attack?
A cyber-attack is a malicious and deliberate attempt by an individual or organisation to disable computers, steal data, or use a breached computer system to launch additional attacks. Cybercriminals use different means to launch a cyber-attack that includes malware, phishing, ransomware, man-in-the-middle attack, or other methods. These sorts of attacks hit businesses every day. According to former Cisco CEO John Chambers, there are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.
Most common types of cyber-attacks (as per Cisco)
Malware: It’s a term used to describe malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software. Once inside the system, malware can- block access to key components of the network (ransomware); install malware or additional harmful software; secretly obtains information by transmitting data from the hard drive (spyware); and disrupt certain components and renders the system inoperable.
Phishing: It’s the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine. Phishing is an increasingly common cyber threat.
Man-in-the-middle attack: Also known as eavesdropping attacks, the Man-in-the-middle (MitM) attacks occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data. There are two common types of entry for MitM attacks. 1). On unsecure public Wi-Fi, attackers can insert themselves between a visitor’s device and the network. Without knowing, the visitor passes all information through the attacker. 2). Once malware has breached a device, an attacker can install software to process all of the victim’s information.
Denial-of-service attack: A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this attack. This is known as a distributed-denial-of-service (DDoS) attack.
SQL injection: A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box.
Zero-day exploit: A zero-day exploit hits after a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time. Zero-day vulnerability threat detection requires constant awareness.
DNS Tunneling: It utilises the DNS protocol to communicate non-DNS traffic over port 53. It sends HTTP and other protocol traffic over DNS. There are various, legitimate reasons to utilize DNS tunneling. However, there are also malicious reasons to use DNS Tunneling VPN services. They can be used to disguise outbound traffic as DNS, concealing data that is typically shared through an internet connection. For malicious use, DNS requests are manipulated to exfiltrate data from a compromised system to the attacker’s infrastructure. It can also be used for command and control callbacks from the attacker’s infrastructure to a compromised system.
Cyber-attacks surge amid Covid-driven digitalization
According to World Economic Forum’s Global Cybersecurity Outlook 2022, the accelerating pace of digitalisation, triggered by the COVID-19 pandemic, has led to a record-breaking year for cybercrime with ransomware attacks rising 151 per cent in 2021, and an average of 270 cyberattacks per organisation being faced. Each successful cyber breach cost a company USD 3.6 million (nearly Rs 27 crore) last year, while the average share price of the hacked company underperformed NASDAQ by nearly 3 per cent even six months after the event in case of the breach becoming public.
The study further said that the global digital economy surged on the back of the COVID-19 pandemic, but so has cybercrime and nearly 80 per cent of cyber leaders now consider ransomware a ‘danger’ and ‘threat’ to public safety. At the same time, there is a large perception gap between business executives who think their companies are secure and security leaders who disagree. Even after a threat is detected, the study found that nearly two-thirds would find it challenging to respond to a cybersecurity incident due to the shortage of skills within their team. Even more troubling is the growing trend that companies need 280 days on average to identify and respond to a cyber-attack. To put this into perspective, an incident that occurs on January 1, may not be fully contained until October 8.
Effective solutions to cyber-attacks
With cybersecurity being as important as ever, it is imperative that we adopt the right set of tools. This is an effective way to create a secured infrastructure and processes. It is also important to carry out regular assessments and gap identification, in order to protect your devices and personal information on different platforms, from falling prey to cyber criminals. Here’s a list of what to do to secure yourself in the cyber world.
- You must update the software of your device on a regular basis. Set your installed Windows and applications to automatic software update and they will notify you as soon as they become available, which will safeguard you from vulnerabilities.
- You must use multi-factor authentication. It is an authentication method that requires the user to provide two or more verification factors to gain access to an application or an online account, like a temporary code on a smartphone or a key that’s inserted into a computer.
- One must backup all important files offline to an external hard drive, or to a secure cloud service.
- Don’t leave your devices unattended in public places. Always use complex passwords for all laptops, tablets and smartphones to login.
- You must encrypt devices such as laptops, smartphones, removable drives and cloud storage solutions as well as other documents containing sensitive personal information.
- Securing your router is a must. Change the default name and password and ensure you turn off remote management feature and remember to log out of the router. It’s recommended to set up router with WPA2 or WPA3 encryption.
- You should use legitimate/licensed software and employ antivirus and anti-malware protection applications on your electronic devices.