Challenges in Cybersecurity
The military conflict caused by Russia in neighboring
Ukraine takes place in cyberspace too. Some researchers are saying that we are
talking about the biggest war of the cybernetic era, and the most significant
escalation on both sides.
Corina Cristea, 10.02.2023, 14:14
The military conflict caused by Russia in neighboring
Ukraine takes place in cyberspace too. Some researchers are saying that we are
talking about the biggest war of the cybernetic era, and the most significant
escalation on both sides.
Early in the conflict, Moscow launched an impressive
number of destructive attacks against dozens of Ukrainian networks, managing to
damage the Viasat satellite network, and cause grief for Ukraine’s defenses. A
few weeks in, the pace of such attacks went down, and right now, almost a year
into the war, the main cybernetic activity that Russia carries out in relation
to Ukraine is intelligence gathering. In addition to challenges caused by the
war, China’s technological advance, and the pandemic, which moved a lot of
activities online, are as many reasons for cyberscurity to be more and more of
a reason for worry.
In this geopolitical context, with so many uncertainties,
things are sure to stay the same, with organizations at all levels being more
and more exposed to the threat of cybercrime. The global costs of cybercrime
are expected to go up by 15% per year until 2025, and amount to more than 10
trillion dollars a year, as seen in a report by Cybersecurity Ventures, much
higher than the cumulative profits of drug trafficking worldwide. The new kinds
of online fraud will become more elaborate and harder to detect, as computer
crime perpetrators are moving towards using artificial intelligence tools,
according to the National Cybersecurity Directorate in Bucharest. The security
of institutions is under careful care by experts and authorities, but regular
users are much more exposed, and need assistance to fend off the many kinds of
attacks they are vulnerable to.
Among the most widely used fraud attacks for
stealing personal data are phishing attacks by e-mail, which ask for
identifying data through spurious offers, the National Cybersecurity
Directorate in Bucharest warns. At the same time, many misleading messages are
also disseminated on social media and search engines, as explained for Radio
Romania by Mihai Rotariu, the head of communication for the directorate, who
provided a few examples:
Mihai Rotariu: As we begin this year, we see an increase in attempts at
online fraud. As usual, the attackers are using the context we are in, and are
trying to take advantage of commercial discounts associated with winter. More
to the point, they are launching phishing campaigns using the visual identity
of popular brands, which are usually more active during this period. We are
talking about commercial banks, retailers, some online services, and delivery
services. We have even witnessed fraud attempts using the image of some public
institutions, such as the police, the fiscal authority, or even Europol. Most
phishing attacks occur by e-mail, but they can be propagated through social
media or text messaging, SMS, and the goal of attackers is to harvest personal
data, be they financial or authentication data, mainly by redirecting the
potential victim to cloned websites. These are sites that look like the real
ones, but have a slightly different address, and are in another domain. Which
is vital to pay careful attention to the name and security status of a websites
where we use personal data.
It is no secret that attackers are relying more and more
on artificial intelligence, enhancing and automating their activities, adapting
to the context better, and having a better rate of success. However, we should
not panic, says Mihai Rotariu:
Mihai Rotariu: If we have cybersecurity routine, and good online
hygiene, we should not panic, because we can sidestep about 90% of attacks.
When I am talking about routine, I am referring to forming reflexes when acting
online, formed just like the ones in real life. For instance, when we cross the
street, we look right and left and check the traffic light. This is the case
with links we access too. We don’t click on a link from an unknown source
before running a check on the source, using a security solution. At the same
time, we have to know clearly that most companies that offer online services,
especially banks, would never send e-mails with links for updating or verifying
authentication data. You should never go to websites for, let’s say, online
banking through a link sent by SMS or e-mail, or through sponsored ads, you
should only use the smartphone app. We also recommend you enter the website
address manually in your Internet browser, taking care not to end up carelessly
on such cloned sites. You should pay close attention to the exact name of the
domain, because attackers substitute digits for letters, and if we rush through
the process we could be fooled into thinking we are on the original site, but
in fact we are on the cloned site. Last but not least, pay close attention to
offers online that look too good to be true.
Mihai Rotariu added that we should always check with the
company purporting to make the online promotional offers before acting on the
purchase. (C.C.)