Attackers might use the Ukrainian invasion by Russia to increase their cyber threat
The Russian invasion of Ukraine is a war being fought unlike any before – physically, politically, financially, and through cyber warfare.
The Information Security experts at Quilter share their thoughts on how attackers might use the Ukrainian invasion by Russia to increase their cyber threats, and give some tips to keep yourself safe.
Cybercriminals will continue to take advantage of any headlining situation and attack through – phishing attempts, scam emails, social engineering, and malware. The UK and wider Financial Services sector have not experienced any increase in cyber-attacks stemming from Russia (the situation continues to be monitored), however, there have been notable changes in the methods and motivations used in this war, which could affect you.
“Hackers wouldn’t be interested in me!”
Unfortunately, this statement is a myth.
Whilst it’s the case for most people that they are not the specific end target of most cyber-attacks, be assured that you have digital and online assets that a cybercriminal would use.
Whether as part of a wider attack; to get information on you, your loved ones, or your employer to use or sell on; for your access to a person, service or system; or simply banking or payment details in order to continue to fund their real end goal – we all need to continue to be vigilant and protect ourselves.
What types of attacks could be linked to the situation in Ukraine?
Phishing is the most common threat that cyber-criminals use. Spearphishing is a targeted type of phishing attack that uses social engineering methods to make it harder to spot. It often stems from freely available online information on sites such as social media platforms, LinkedIn, CV/jobsites, and other places with personal or company information.
Scammers are also using the conflict to take advantage of the empathy people feel for the human suffering that is taking place using scam emails that appear to be cries for help. We have seen tactics such as imitating a trusted entity or organisation, such as the Ukrainian government, and personal pleas for money. These are all designed to trick individuals into sending money directly or disclosing your bank information. The underlying technique for all of these is Social Engineering – and social engineering techniques are now being used in more subtle, sophisticated ways to reach the cybercriminals’ goals.
Social media/social engineering
Recently, there has been an increase in social media based reconnaissance and attack preparation. Attackers are creating fake accounts. Sometimes, it isn’t even a person at the end of the attack, but a ‘bot’, which is a profile created by an automated software programme to increase the volume of connections made and appear as a legitimate person you may want to connect with on social media.
The attacker then makes contact through the site messaging system (REMEMBER: all messaging platforms – be it Facebook, WhatsApp, LinkedIn, text message, direct messages through social media etc – can be abused by cybercriminals.) and may spend time building a relationship, or they may try to bait the recipient with a link to an event, or a great sounding job role, or they may ask for information under the guise of being a recruiter or similar – however, their real intent is to gather as much information as possible. Of particular worry in this form of attack is when the criminal subtly switches from messaging on the platform to the work email or messaging system – blurring the lines between personal and professional lives.
What action can you take to keep yourself safe?
Staying safe on Social Media
* When on social media, treat the “about me” fields as optional – these are not mandatory and may be a wealth of valuable information to an attacker.
* Go through any platforms you are a member of and familiarise yourself with your privacy settings – make sure the levels you have in place are appropriate for the data you are sharing, and those who can see it.
* Know any people you ‘friend’ or connect with.
* Be cautious with any messages from people you don’t know –especially if they are asking for personal or company information or asking you to click a link.
Think before you click
* Think before clicking or tapping on links or attachments or downloading files.
* Take 5 seconds to pause and think:
* What is the call to action?
* Is it necessary?
* Does it seem rushed?
* Does it feel suspicious?
* And is there another way you can achieve the same goal?
Don’t be rushed into taking an action – if emotions are in some way heightened, that’s a red flag and a sure sign to stop, breathe and assess.
What action should I take if I see anything that looks or feels suspicious?
If you are concerned that your financial accounts may have been affected, please contact your bank in the first instance, and report any instances of online fraud to Action Fraud. It’s also a good idea to let your adviser know too.
Most of the social media platforms have help pages and inbuilt reporting mechanisms for accounts and posts.
🚨 Data accurate as of the date of publication – 16.05.2022.
🚨 The above material is for informational purposes only and does not constitute a sales offer or financial advice. Before taking out any insurance, credit agreement or other financial product, you should obtain individual advice on your requirements and the general terms of the contract.
