Welcome to Cybility Savvy, the show that demystifies cyber security for not-for-profit boards and leaders
I’m your host Michala Liavaag, founder of Cybility consulting.
Russia and Ukraine are at war. So why exactly is it that the UK government's National Cyber Security Centre are repeatedly urging organizations to take action? And what do they actually mean ‘take action’? More importantly, what can you do about it? In this episode I will explain a little bit about the threat and share some simple steps that each of us can take to defend our organizations, our homes, and society at large.
So, what's it all about? Putin's war against the Ukraine is being brought not only with tanks and machine guns. They're also using computers as invisible weapons that can be equally dangerous. This is especially true when criminal groups and hacktivists pick sides. Ukraine’s hacker group has passed a quarter of a million members. Currently they're working out how to compress video files so they can try and get the message out of people's mobile phones. And this is an example of what's happening behind the scenes, these cyber attacks going on. So we know what's happening, but a little bit more about hacktivists: who are they? Are they heroes or are they villains? Hacktivists are vigilante rebels with a cause. Some see themselves as heroes, whereas you know others you might see as villains. It just depends on which side you're on. In fact, the hacktivist group Anonymous already called for hackers to unite calling for them to carry out cyber attacks against Russia. Successes so far have included disrupting the tv channel, defacing websites, and even leaking information from a military database. Meanwhile, Conti have risen to Russia's defense. They are a Russian-based extortionist gang, and they were the first professional-grade outfit to weaponize the log4j vulnerability, that you'd have heard about previously in one of our alerts last year. If you'd like to know more about log4j, there's resources on our website as well as the prior episode. Now, one pro Ukraine member of the Conti gang leaked 13 months’ worth of the gang's conversations, in retaliation for the action they were taking. So it really isn't very sort of clear-cut and straightforward.
Why does all this matter? So far I’ve been talking about Russia and Ukraine, miles away from us. Well, when missiles are aimed at a military target and things go wrong, it results in civilian casualties as we're seeing every day on the news, which are by the aggressors considered to be collateral damage. Now when mistakes spill out from the digital world into the real one, this can also result in collateral damage. Potentially having a devastating impact on businesses, hospitals, power stations, schools, water treatment plants, and even you in your home. Now it's not personal. We're just collateral damage. If you'd like to learn more about who would hack us, and why, check out episode 1.
You may recall that we have had examples of this in our very recent past. Attacks have been attributed to Russia and they have spilled over. There is an example, it didn't spill over to the rest of us. In December 2015 there was a horrible attack called BlackEnergy, where they managed to shut off Ukraine’s electricity grid for between one to six hours depending on where you lived, affecting a quarter of a million people. The following year they did the same, and this time a fifth of Kyiv lost power for an hour. What's interesting about that one it was the first malware designed specifically to disrupt electricity grids. Then, in June there was NotPetya which was targeted at Ukraine but it leaked over and was devastating to organizations all over the world, and many are still paying costs for that now. Then in October there was some nasty ransomware known as BadRabbit that meant that devices couldn't operate again causing disruption to the transportation system in Kyiv, the airport, the bank, etc. In 2019 Russia targeted Georgia and some of their website providers, and as a result of tha,t the website provided customers had their websites defaced. And some of those were governments, courts, media organizations, including national broadcasters. More recently, things have been ramping up. Perhaps what's been quite worrying is a few that have been designed specifically to destroy information and make systems completely inoperable. You can imagine if that were to leak out and escape like a leaky bucket to the rest of the world, what damage that could potentially cause to particularly major businesses, transportation networks, political national infrastructure. So it's a very precarious balance at the moment.
You may be interested to know, by the way, that there's a Cyber Peace Institute, and they maintain a watch over what's going on, so if you're interested, do have a look at their timeline. So this is all very well but going back to that point about the UK government urging people to protect their organizations, when you have a look at their guidance, it's quite long and it almost reads as a ‘this is everything you should be doing in cyber security, just get it done now’, when, if you haven't been doing any of this already, it's a bit of an immense task.
So, I’m just going to focus now on some of the fundamentals. Passphrases. Multi-factor authentication. If somebody gets your password and you've got MFA enabled, then they can't get in without that code, which they might been trying to social engineer out of you, maybe over the phone or a text message or something, so you do need to be very vigilant and alert. Also make sure that your anti-malware software is installed, that it's updating daily, and look out for your other software updates as well, your operating systems, your mobile apps, maybe you've got smart devices around the home. Make sure those are also updated. If you don't need them, you're not using them, turn them off, unplug them. If you'd like to know more about passphrases, multi-factor authentication, and software updates, please go and listen to episode 2 of Cybility Savvy: How can we be cybersmart?
One of the things that's perhaps most important here, especially when we've seen ransomware ramping up and now there's really destructive malicious software: back up your data. And when we say backup, we don't mean just copy it to the cloud. Take a copy that is offline, so get a separate external hard drive, copy your data off, store it whether it's a safety deposit box at the bank or whether you trade with neighbors, preferably living far away from you if you're home, but do something to keep it separate, and most importantly offline. So that if the worst does happen, you've still got your precious data and you can restore your systems. I’ll just add to that actually, especially for organizations, don't just back up your data, back up your system configurations as well, whether that's your firewall rule sets or other things.
If you don't already have an incident response plan, it's time to write one. Pull some key people together, go through what might happen in an incident, get it down, work it out, and then you're ready and hopefully prepared, as long as you've got those backups as well. There is excellent guidance from the National Cyber Security Centre on how to write incident response plans, but because of the urgent nature of what's going on right now, I’d actually recommend a link that we will give you in the show notes: the Southeast Cyber Resilience Centre have put together an excellent incident response plan, so I suggest that you use that as your template, and you'll be up and running with something that is functional for if the worst happen in these coming days.
And finally, as is always the case with anything related to cyber security, keep your ear to the ground, stay up to date with what's going on, make sure your IT departments are hooked into the sort of threat intelligence that can come through, so they can look for malicious things as they're discovered, and react quickly to those.
So, in summary: what's going on, what are we expecting? At the moment, cyber attacks are on the increase, it's not yet what we classed as a cyber war, but who knows where things are going? Who is the aggressor? At the moment we've seen attacks from Russia, Belarus, and obviously I mentioned the hacktivists on either side. Where it's affected? At the moment, it's really focused very much on targeting the Ukraine and then counter to Russia, but as I explained, it could easily spill out to the rest of the world. So we do need to be ready. And if it does spill out to the rest of the world, there is that potential real world harm. I’m sure that many of you in the UK remember WannaCry and how that affected the NHS in particular. When do we think this is gonna happen? As I hopefully have shown you through some of the malware instances, this is not new, it's been going on for a long time. It's just that it is ramping up, techniques are more advanced and we've still got a long way to go in terms of getting those fundamentals in place. So it is time to act now. As for how you do this, start with those fundamentals. You can always go back and listen to our prior episodes, and if you have any questions or concerns, please reach out on social media or you can fill out the form on our website cibilitysavvy.com.uk and we'll do our best to answer your questions. If you prefer and you want to leave a little video, that would be great too and we could reach you on an episode and answer your questions that way too. As always, we'll provide some links on the website and in the show notes for you. And until next time, keep busy with those fundamentals, get your house in order, and stay safe.