The war may show up on your doorstep in an email
BY KERRY TOMLINSON, AMPERE NEWS
FEBRUARY 25, 2022
If you live outside of Ukraine, you may be asking how you will be impacted by the Russian invasion and how you can prepare.
The short answer? Hold your clicks.
Cyberattacks related to the siege of Ukraine would probably come to you by email, said Rob Lee, curriculum director at the SANS Institute, an information security organization.
"If some of these attacks are going to happen, they're still going to potentially use --- and likely use --- the human target to be able to click on the thing via an email link that is provided to you to get that initial access," he said in a webinar today.
That initial access on your computer would give them the ability to get in and do further damage and further attacks.
What to Look For
You may not be able to tell the difference between an attack email related to Russian cyber war and the typical phishing email that shows up in your inbox.
"If it's going to come in, it's going to look surprisingly familiar," Lee said.
Be on the lookout for email and links that ask for your password, as well as random updates to software, he recommended. And remember that these fake emails can look very legitimate.
"I get a lot from my bank and they look really good. But in reality, those things are definitive phishing attacks," he explained.
What the attacks could do
The attackers may launch ransomware, an attack that scrambles your files and makes it difficult or impossible to use your computer system, or they may launch a fake ransomware attack that actually destroys all of your files, said cybersecurity company Palo Alto Networks' Unit 42.
On a personal level, that could cause problems. At a power plant or other critical infrastructure, the results could be highly disruptive. Countries at war often want to destabilize and cause confusion.
In Ukraine, cyber attackers have used file-destroying malware on hundreds of computers, said cybersecurity company ESET yesterday. Some of the targets included a Ukrainian financial institution and Ukrainian government contractors in nearby Latvia and Lithuania, said cybersecurity company Symantec in news reports.
Attackers pretended to hold the files ransom as a decoy or distraction for the real destruction, Symantec researchers said.
"While there are no specific or credible cyber threats to the U.S. homeland at this time, we are mindful of the potential for Russia’s destabilizing actions to impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies," CISA said in a post called Shields Up. "Every organization—large and small—must be prepared to respond to disruptive cyber activity."
Phishing right now
Cyber criminals are currently sending phishing emails to Ukrainian military personnel and their contacts, according to the Ukrainian Computer Emergency Response Team. The CERT says the attacks are coming from Russian ally Belarus.
The message pretends to be from an email service and says you must verify your contact information your account will be deleted. If you click, the attackers not only get access to your email with the ability to launch further attacks, but also send out more malicious messages to your contacts.
While many attacks are focusing on Ukraine and nearby countries, cybersecurity professionals say people in other countries need to be aware and alert.
"You're sharing an Internet border," said Tim Conway, an instructor at the SANS Institute, in the same webinar.
In some cases, you are the only one patrolling that border between an attacker and your computer. Hold your clicks. Go to a website directly instead of clicking the link in the message. Verify, and you may stop an act of war.
Resources on how to spot phishing:
https://www.cisa.gov/uscert/ncas/tips/ST04-014
https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
https://us.norton.com/internetsecurity-online-scams-what-is-phishing.html