Tomas Janckus EN.DELFI
Cyberattacks are becoming an
increasingly greater problem in the whole world. This applies to Lithuania too.
It is estimated that Lithuania experienced 55 thousand cyberattacks last year.
Below, Monika Žemgulytė, Project Manager of cybersecurity competences at
“Cyber Security Academy” talks about how these attacks are carried
out and how to avoid falling victim to them.
Cyberattacks steal personal data and disrupt public
institutions Cyberattacks are characterized as instances, when a personal
computer, a computer network, and informational system, or an infrastructure
object is attacked with various malware tools. These attacks can be organized
by organizations and individuals alike.
According to M. Žemgulytė, cyberattacks usually aim at objects of public
importance. “Cyberattacks are usually organized from an anonymous source,
while their goal is to usurp, disrupt, or destroy data by hacking into
informational systems or servers. The attacks have a wide range: from DDoS
attacks (when attackers overload a system with fake requests and it stops
functioning normally) to viruses, or Trojan horses.
All these methods are used to disrupt or shut down the critical infrastructure
in the state (energy, transport, banking, etc.) or steal user data to use in
future criminal activity (i.e., to extract money from bank accounts),”
notes M. Žemgulytė.
One can observe that mass cyberattacks are becoming increasingly more
innovative and sophisticated. “Cyberattacks are becoming harder to
control, they are growing in scope. Last year, such malware as
“Petya” or “WannaCry” spread widely across the world:
“WannaCry” hit 150 countries, affected 10000 organizations and
several hundred thousand individual users. This malware also reached Lithuania.
This attack spread through fake emails with infected attachments and encrypted
all data stored on the computer; to regain access, users were asked to pay a
ransom in cryptocurrency “Bitcoin.”
The same principle was used in “Petya,” which dealt most damage to
companies and public institutions in Eastern Europe. However, the world has
seen attacks that reach even millions of people. This September, more than 50
million “Facebook” accounts were hacked; in 2014, cybercriminals
hacked 145 million “Ebay” online store accounts. In 2007, of the
strongest cyberattacks to date hit Estonia, where a massive DDoS attack
disrupted the work of government institutions, media, educational systems, and
bank servers. Before it was resolved, this attack effectively paralyzed the
public services and the daily life of Estonians,” tells M. Žemgulytė.
Cybersecurity expert adds that cyberattacks happen every year and their numbers
are only growing. Lithuania is strengthening cybersecurity Lithuania
experienced the largest cyberattack in its history in 2016. Then, during a
series of DDoS attacks, more than a dozen of state institution informational
systems were disrupted. In the last several years, as the number of
cyberattacks increased, Lithuania prepared and confirmed a National
cybersecurity strategy. It calls for strengthening the national cyber defense
capabilities, for ensuring cybercrime prevention and investigation, for
building a cybersecurity culture, for fostering innovation, for deepening
public-private sector cooperation and cooperation between science institutions,
and for deepening international cooperation in the area of cybersecurity.
All European Union member states have agreed to develop such strategies to more
effectively combat cybercrime. How to avoid cyberattacks and not become their
tool According to M. Žemgulytė, the actions taken by state institutions are not
enough to combat cybercrime – broader social awareness is necessary.
“Every individual should take personal responsibility to protect their
devices. All servers and computers need to be equipped with security solutions
(i.e., antivirus programs), need to use the most recent operational systems.
Users need to update their systems regularly and strengthen their passwords.
Malware can also reach users through infected websites or file-sharing
platforms (“torrents”).
Malware can also be activated when opening infected documents or email
attachments,” lists M. Žemgulytė. Lately, another type of cyberattacks
became widespread – links sent with emails that direct their receivers to
infected or fake websites. If opened, the malware automatically enters the
computer system and can, for example, trace the user’s keyboard clicks to
extract their login and password information – all without their knowledge. If
the user, when visiting their accounts, does not use the dual factor
authentication (when, after inserting password or PIN, the user is prompted to
confirm their identity with additional codes sent by SMS or generated in a PIN
generator), their login information can fall to cybercriminals’ hands.
M. Žemgulytė offers several items of advice for those wishing to protect
themselves against cyberattacks. “You should always check, where the links
you receive want to direct you. This can be done by hovering your cursor over
the link and checking the lower-left corner of the browser, where the full
address is shown. If you open an unverified link, you should immediately check
the URL address – it can be completely different from the address of the real
website. For example, you may see faceboook.com instead of facebook.com. I
would strongly recommend being very critical about all incoming content and
never open unknown links or suspicious emails. If the links direct you to familiar
websites, go to the website using the traditional route – by typing in the URL
address or with a “Google” search – rather than by opening the link
in an email. Above all, always stay alert,” advises M. Žemgulytė.
Be the first to comment