Even if unintentionally, Russian hacking attacks in the country’s war against Ukraine started this Thursday (24) could impact the whole world — even Brazil.
Since the beginning of the escalation of tension, websites of the Ukrainian government have been victims of virtual offensives, which took down pages of the Ministries of Foreign Affairs and Education. This week, a new wave of attacks was detected, also affecting banking websites.
In the most sophisticated virtual assaults, the viruses used are programmed to spread to other devices connected to the network and are not necessarily confined to the target. As the internet is one, there is potential for damage everywhere.
That’s what happened with the most costly cyberattack in history, with losses estimated at US$ 10 billion (R$ 51 billion) around the world, according to the White House. It involved precisely Russia and Ukraine.
In 2017, a malicious app called NotPetya was launched against companies, government agencies and the Ukrainian power system. The Russians did not claim responsibility, but were accused by different countries of being behind the attack.
It disguised itself as ransomware, one of the most popular types of viruses today, which blocks access to computers in exchange for a ransom. Instead of practicing this virtual hijacking, however, he was wiping data with a focus on destroying systems.
The business spread to Ukrainian-based multinational companies such as Maersk (logistics) and Merck (pharmaceuticals). According to the then Donald Trump administration in the US, the impacts were seen by Europe, Asia and the Americas.
In January, a program operating similarly to NotPetya was detected in a campaign against Ukrainian targets. Dubbed WhisperGate, the virus did not have as much ability to spread as its predecessor and was not seen in other countries, but it did generate alerts from cybersecurity companies.
“Organizations that have access to networks in Ukraine should take into account the risk of collateral damage that could spill over into their global operations,” reads a report from Secureworks.
With the situation with Russia worsening, the US government asked companies to “raise their shields” in a statement that warned of potential hacking attacks targeting the country.
A statement issued by the US Cybersecurity and Infrastructure Agency on the 11th said that there was no imminent threat, but noted that the Russian government could “consider escalating its destabilization actions that may impact others outside Ukraine”.
On Thursday (24), in announcing new sanctions against Russia, US President Joe Biden repeated warnings that the Kremlin not attack Americans virtually, but did not comment on how he would retaliate.
While the most likely targets other than Ukraine, experts say, are the US and Western Europe, an offensive could reverberate elsewhere.
“We recommend that organizations in all nations be aware that there may somehow be unintended consequences in malware attacks,” say experts at Unit 42, the research division of American cybersecurity firm Palo Alto Networks, citing NotPetya as an example. .
protection tips
This Wednesday (23), Unit 42 released a brief report with protection tips. According to the group, it is not possible to protect oneself with a single measure, as attacks can come from different fronts. The recommendation is to prioritize the following steps:
-
Fix known vulnerabilities: Apply updates to any software that contains vulnerabilities, not just those that are known to be commonly exploited. It is most urgent for internet-facing programs needed for business operations, such as email and remote access solutions.
-
Prepare for ransomware and/or data destruction: Testing backup and recovery plans is critical, as is testing the organization’s business continuity plan in case the network or other key systems are taken down in the attack.
-
Be prepared to respond quickly: Security teams don’t want to test crisis response processes in the heat of a real crisis. Organizations must ensure that they designate points of contact across the workforce in key areas in the event of a cybersecurity incident or disruption to critical infrastructure. They should also conduct an exercise with all parties involved to explain how you would react if the worst happened.
-
network lockdown: Minor policy changes can decrease the likelihood of an attack. Recent cases have abused popular apps like Trello and Discord to distribute malicious files. Many apps can be exploited this way, and if an organization doesn’t need the functionality of those apps, blocking them will improve their security posture.
In the case of individuals, the tips are to adopt basic security measures, especially thinking about an increase in ransomware attacks — something that has been on the rise in recent years. In practice:
-
Back up your data.
-
Use strong passwords to protect your devices and online accounts.
-
Be sure to regularly update the software on your computer and mobile devices so that they include security patches for known vulnerabilities.
-
Use security software and keep it up to date.
