The Russian invasion of Ukraine continues to claim lives months after the initial assault in February. Cybersecurity experts advise the general public to remain vigilant amid “evolving intelligence” for the potential of cyberattacks on critical infrastructure.
In March, the Office of the Chief Information Security Officer (CISO) released a blog for best practices to defend against security incidents at UW. The blog largely follows general best practices recommended by CISO analysts to stay safe amid zero-day vulnerabilities or vulnerabilities that are not yet known.
One of the most common schemes includes websites that claim to be donating money to Ukraine. The rise of stories like Stepan, a cat influencer on Instagram whose owner publicized a Russian attack on their apartment in Ukraine, prompted the rise of fake accounts seeking to benefit off of other peoples’ tragedies.
Scams are not the only threat from fake accounts. Individuals masquerading to be refugees from Ukraine have been linked to distributed denial of service attacks on Ukrainian websites. These follow several severe attacks on Ukraine’s critical infrastructure by state-backed threat actors.
Unlike cybercriminals, state-backed threat actors conduct complex attacks over the long-term. Past attacks by Russian state-backed actors, such as NotPetya, were so severe that the country’s critical infrastructure was down for several hours. The cost of recovery for involved companies — only a fraction of the overall attack surface — was at least $1.2 billion.
“While UW stakeholders and the CISO office cannot defend against exploits of previously undisclosed vulnerabilities, we can reduce risk by mitigating known vulnerabilities on our systems,” CISO wrote.
The blog updates periodically to reflect observed threats in cyberspace such as “protestware,” a new type of malware that uses open source code written in support of Ukraine, and how to mitigate them.
Best practices CISO cybersecurity analysts advise include: protecting your NetID password, not using the same password across multiple applications (instead, opt for a password manager like 1Password), and being critical of contacts who are not using a university email address or ask you to switch to an alternative email address.
Melissa Albin, CISO cybersecurity analyst, said gaining access to your credentials is just one less step malicious actors have to take to gain access to your accounts.
Albin and Alex Salazar, CISO cyber intelligence analyst,encouraged students not to reinvent the wheel when it already works. Following best practices with situational awareness about common schemes used by cybercriminals can help you navigate safely online.
Albin reminded UW students that threat actors want us to be in fight or flight mode and will act without much regard for their victims’ well-being. Deloitte reported that 91% of cyberattacks begin with a successful phishing attempt.
Getting your NetID, in other words, could be the first step in navigating and figuring out how to compromise a more valuable asset such as university financial accounts.
Although there is no certainty regarding anticipated attacks on critical infrastructure, the history of intrusions on Ukrainian cyberspace is critical in understanding Russia’s capabilities. State-backed cyber attacks are much more complex than those carried out by cybercriminals, so even if your account is compromised, it is important to take precautions to recover your data and change passwords as soon as possible rather than feeling ashamed.
Cyberattacks can happen to anyone. The inevitability of attacks on cyberspace encourages everyone to consider a personal incident response plan through understanding the basics of cybersecurity.
Do you have any lingering questions about cybersecurity or any other issues related to information technology? Please fill out the following form to alert us on any topics you would like to see us explore with industry experts.
Reach reporter Julie Emory at news@dailyuw.com. Twitter: @JulieEmory2
Like what you’re reading? Support high-quality student journalism by donating here.
Gloss