The war in Ukraine isn’t only being fought on the ground — it's also being fought online, prompting the need for organizations and individuals around the world who handle sensitive information to step up cybersecurity protocols. In January, the Microsoft Threat Intelligence Center (MSTIC) detected destructive malware operations targeted at Ukraine-based organizations. The malware was designed to delete data and programs. In mid-February, two Ukrainian banks and the nation’s defense ministry fell victim to distributed denial of service (DDoS) that overwhelmed websites, rendering them inaccessible.
So how can we protect ourselves — and our organizations — from similar attacks?
Institutional, not personal
Experts say they are currently more concerned with institutional rather than personal cyber hacks. But attacks on individual accounts owned by private citizens, who work for institutions that handle sensitive information, are still a risk. "People who are not wary are often the weakest link and the foot in the door for cybercriminals looking to stage a larger attack on critical infrastructure," Rachel Schutte, an IT and cybersecurity manager based in Germany, told DW .
This was the case for European government personnel involved in assisting refugees fleeing Ukraine. They received phishing emails — or messages aimed at collecting sensitive information — from a Ukrainian armed service member’s compromised account, she said. In response to increased instances of cyberattacks aimed at employees of high-profile organizations, Deutsche Welle has also asked employees to ramp up security on personal social media accounts.
Hacking the cloud
Cloud-based services distribute distinct functions across data centers in multiple locations, fueling a race towards interconnected networks. In a perfect world, cloud-based systems like Google Drive, WhatsApp and Facebook provide services previously only accessible via a single computer system. But although interconnectivity can increase efficiency, it also makes systems more vulnerable to hacks aiming to reach networks physically out of range.
To increase security measures, Schutte recommends using a secure browser and a complex password that is at least twelve digits long. And, rather than using the same password for every account, she said, they should be unique for each application. Schutte also said a good password is not enough. Multi-factor authentication is essential. This method supplements the simplistic security of a password by requiring two pieces of evidence to verify a user before they are granted access to an account.
Do not open
Phishing scams are another popular method used by hackers to gain access to sensitive information. In January, DW dealt with a string of fake emails sent to employees, prompting them to click on malicious links. Phishing scams can be hard to identify, so Schutte said one should "never click on, open, or respond to anything you are not entirely sure of the legitimacy of."
If you are unsure whether an email is legitimate or not, double-check by verifying that the sender’s name matches their email address, check for spelling errors and poor grammar — and never respond to requests for money. If you think the email is a scam, delete it immediately.
How to preempt attacks
The Microsoft Threat Intelligence Center warned in its January report related to potential cyberattacks in Ukraine that the "number could grow as our investigation continues." Prevention is key in dealing with cyberattacks. Laptops, tablets and mobile phones should have a regularly updated anti-virus or anti-malware application installed, said Schutte. Malware is a common method used by hackers to infect computer systems. These strings of code are often used to infect, steal and delete data on computers.
For organizations who want to protect themselves against malware, Kritika Roy, a threat researcher at the German Cyber Security Organization (DCSO), recommends practicing proper "cyber hygiene". This includes a set of practices that ensure data is handled and protected correctly. These guidelines can be laid out in an organization-specific cybersecurity policy. The policy should include protocols like standards for passwords used on the network, encryption for sensitive emails and two-factor authentication measures.
Efficient hackers can target backed-up data too, so users should "build resilience within their system" by hosting this information in locations that are inaccessible within the typical data management system, Roy said. This could include hosting information in a physical data center and cloud data center for an organization. An individual might consider cloud data storage as well as a hard drive for added protection.
An IT army
Ukraine is also taking new measures to achieve higher levels of national cybersecurity. On February 26, Ukraine’s deputy prime minister and minister for digital transformation, Mykhailo Fedorov, announced the creation of an IT army to defend against hackers and launch counterattacks. Recruited on and organized by Ukraine's Ministry for Digital Transformation via Telegram, an end-to-end encrypted, cloud-based messaging service, the group has more than 275,000 subscribers.