As war grips Ukraine, the world is scrambling to find ways to help. While governments impose sanctions, ordinary people are flooding donations to organisations on the ground and we have seen a tech element to this as well.
Ukraine is a hotbed for technical talent and IT outsourcing. Household names like Revolut have teams in the country while native companies like SoftServe are major cogs in the country’s outsourcing industry.
Many of those employees have left the country to seek safety in neighbouring countries like Poland.
For those left behind, much remains uncertain. Accessing secure communications and reliable information are just two of the many concerns.
Bitdefender, the Romanian cybersecurity firm, recently announced a new initiative with Romania’s National Cyber Security Directorate (DNSC) to provide cybersecurity consulting and threat intelligence for free to people, businesses and government bodies in Ukraine. This is also being extended to others in EU and NATO countries for one year.
The company said the measures are to provide help to its neighbour in a time of crisis.
“We have had several requests coming from both NATO and EU countries for our endpoint detection and response solutions on the business side. We also had multiple downloads on the consumer side so far,” Bogdan Botezatu, director of threat research and reporting at Bitdefender, said.
Ukraine has long been a field for cyber-attacks and Russian hacker aggression. Most infamously, in 2015, hackers affiliated with Russia shut down parts of Ukraine’s power grid, plunging people into cold darkness in the dead of winter. It is one of many in a string of attacks on Ukraine over the years but, at the time, a nightmare scenario that many security pros had feared.
Cyber threats loomed again in recent weeks and months but as Dick O’Brien from Symantec Threat Intelligence puts it, these took a backseat when the bombs start dropping.
“Once the shooting started that was the end of the cyber element of the campaign, so far anyway,” he said.
However as the war rumbles on, the cyber threats could re-emerge, he said. Putin’s army expected a quick a victory but as the days wear on and Ukrainian forces continue to fight back, it has become clear that this conflict is far from over.
“There was maybe an expectation that the invasion would last a couple of days and now it's taking a bit longer so if there is any other cyber aspect to come, I feel that it's probably only being planned now,” O’Brien said.
Staying secure
Amid this chaos, there is much confusion for people on the ground.
“From a cybersecurity standpoint, the greatest risks Ukraine citizens are facing is anything to do with revealing location both from a person safety standpoint and the safety of others,” Bitdefender’s Botezatu said.
He said people should avoid using social media platforms, unless it’s “absolutely necessary”, and to turn off location services on all devices.
“Use a VPN solution whenever possible. Remember that sharing pictures may also reveal your location or other personal information through the embedded metadata,” he said.
Phishing attacks remain a tried-and-true method of compromising a system and this is something people and companies need to be wary of still, according to Symantec’s O’Brien.
“The general advice against espionage attacks is that they tend to unfold in particular ways, and they have certain ways of gaining access to people, networks, certain ways of moving across those networks and reaching the computers that they want to,” he said.
“You have to educate yourself on how these attacks unfold and then adopt a defence strategy.”
Regular advice can still apply too, he said, like applying two-factor authentication on devices and services.
“It’s not relying on a single solution. If one aspect of your defence fails, others will slot into place.”
End-to-end encryption
Encrypted messaging apps have long been a favoured tool for those seeking greater security in their communications with the likes of Signal and Telegram garnering much attention.
Tim Redfearn is the former CIO of NEXCOM and currently a category manager at military equipment supplier ADS.
He told IDG Connect that it is key people understand just how exactly end-to-end encryption works on these apps and, most importantly, that sometimes it may not be switched on by default.
“End-to-end encryption communication prevents third-parties from eavesdropping on data while it’s transferred, and the data is encrypted on the sender’s device which can only be decrypted from the recipient’s systems,” Redfearn said.
“It’s important that the people on the ground in Ukraine know how to use the encrypted communications tools. Some apps require users to enable this feature, and if not implemented properly, individuals may think their messages are encrypted even if they are not.”
Some apps may also store unencrypted backups of messages to the cloud, which could be vulnerable and accessed if hacked.
“Depending on what application they are using, there may be known vulnerabilities that could be compromised and exploited. Even though the message content may be encrypted, their location may be compromised just by transferring an encrypted message or any messages for that fact,” he said.
Evolving threats
As the war rages on, Redfearn said that cyber-attacks will play a “big role” and companies and government entities could be targets.
“Software vendors are not required to provide security updates for unsupported products so keeping all systems patched and updated to maintain support agreements is key to minimising risk,” he said.
This is where the cybersecurity training and protocols that companies should already have in place can come into play.
“Additional steps include installing firewalls and securing all access points and networks as well as setting up web and email filters to prevent spam and block websites that could inadvertently download malware into your companies’ systems,” Redfearn added. “This goes beyond encrypting internal systems, but also protecting all computers, tablets and smartphones that employees use to access information from their place of work.”
As the attacks in Ukraine unfolded, institutions on both sides of the Atlantic also sounded the alarm that more Russian-driven cyber-attacks could be coming across the world.
“It’s a threat that we’re aware of, I think the real wild card in this conflict is non-state affiliated actors taking action. For example, the Anonymous hacking collective have said that they want to get involved in this and then a number of notable Russian cybercriminal operations have threatened to mount ransomware type attacks on any organisations that they deemed to be working against Russian interests,” O’Brien said.
“There’s a likelihood of tit-for-tat attacks going on.”
As with any major event, hackers, regardless of their political leanings, will seize on these opportunities to enrich themselves too.
“With any global tragedy, it's often used as a lure for scams where people set up fake charities and appeals for donations and that kind of thing and there is a cyber aspect of that too. It would be no surprise that this happens with this conflict.”