The pandemic highlighted another problem: our Achilles heel

Researchers from the VU Kaunas faculty dr. According to Renata Danielienė, one of the goals of these state-supported national groups is to extract as much confidential information as possible from institutions in another country, certain commercial organizations or scientific institutions that conduct relevant research, create new inventions or improve existing ones. According to the researcher, the activities of these groups pose a significant threat to organizations that use strategic information systems connected to the Internet.

“Cyber ​​group attacks in other countries in the past suggest that the target may not only be state or industrial espionage, but also an attempt to undermine some activity, such as attacks in the United States during election campaigns. Then there was an attempt to break in. in the accounts of senior officials, reveal confidential information to form the opinion of the population in a certain direction or take revenge for critical statements against the country from which the attack may take place. “Dr. R. Danielienė.

Linas Bukauskas, associate professor at the VU’s Faculty of Mathematics and Informatics, explains to her colleague and says that currently the most common trend is to manipulate information using cases of social engineering, when the electronic space of hostile countries is used to achieve their goals. objectives.

“In such cases, the goal is to trap using a social engineering attack. For example, citizens receive invitations to events or conferences taking place in a hostile country, often even paid in full. Stakeholders can gradually become involved in activities that can be anti-state, revealing scientific, state and technological secrets. The information is used to check human alertness. You have to remember that there is nothing for free, there is usually some hidden purpose “, warns the doc. L. Bukauskas.

Objectives: websites of state institutions and the media

Researchers at VU, who assess reports from Lithuanian institutions responsible for security and recent cases in the media, note that the number of information cyberattacks against Lithuania is increasing. According to experts, several elements related to cyber security can be distinguished: data loss, information manipulation and cyber security vulnerabilities, exploitation of these vulnerabilities in state or critical infrastructure systems.

It is not uncommon for state institutions and the media to target false information to compromise the organizations themselves and shape public opinion. According to the National Cyber ​​Security Center, in 2020 alone, 22 public sector websites were hacked in December. Most of the sites belonged to Lithuanian municipalities. False information was posted after the website was hacked.

Dr. According to R. Danielienė, Lithuania is not an exceptional country; many countries face similar problems. The 2020 report, published by the Estonian Intelligence Service, emphasizes that anyone can participate in the attack, as hackers find the weakest links and, for example, find a vulnerable device in the cyberattack infrastructure, thus becoming partly from criminal activity. ”The VU investigator said.

Achilles heel – human error

Assessment of the cybersecurity situation doc. L. Bukauskas highlights the use in 2020. indirect human errors in the public sphere. Human errors are left behind during system development or implementation, forgetting to handle variables safely or creating weak login passwords. These errors take advantage of data leaks as well as human-shared files or errors in software solutions.

“Most of the time, attempts are made to hack and intercept passwords, to exploit vulnerable systems to run various infected computer networks (botnets). At VU Cyber ​​Security Laboratory, we use network traffic sensors that monitor illegal connections. These sensors they show the activity of the hackers and the passwords used. This type of automated attack looks for insecure systems or vulnerabilities left by man, and the surveillance is checked. For example, a single system receives an average of 200 illegal intrusions in the weeks ” calmer “and, sometimes, these numbers reach a thousand and more,” says the doc. L. Bukauskas.

To avoid human error in the field of cybersecurity, it is necessary to improve the skills of professionals responsible for cybersecurity. At VU’s Cybersecurity Laboratory, researchers are implementing several projects that not only develop methodologies to help identify early cybersecurity risks, but also enhance the competencies of cybersecurity professionals.

One-off investments are not enough

Residents can suffer various consequences of cyber attacks: from disconnected power supply to theft of personal data, financial losses. Meanwhile, hacking companies can disconnect from your critical systems, stealing sensitive data from themselves, their customers, and partners, and incurring financial losses due to the inability to provide services. Additionally, they can be fined for revealing confidential data, losing their reputation, trusting customers, and may require considerable effort to retrieve.

According to dr. R. Danielienė, cybercriminals, be they organized groups or individual programmers, not only constantly look for vulnerabilities in information systems or infrastructure, but also in one way or another use people’s trust.

“When analyzing the attacks carried out, the main problems are such as security breaches in the infrastructure, cyber prevention, ignorance of managers and cyber security personnel, leadership competencies. Often times, an organization does not have an information security policy or does not follow it, and in the event of a cyber incident, it is not known how to respond. Also, organizations still don’t pay enough attention to regular cybersecurity training and awareness, ”says Dr. R. Danielienė.

The researcher believes that to reduce the risk of cyber-hacking, organizations must take consistent and integrated measures, implement and adhere to a culture of cybersecurity within the organization, and managers and decision-makers must stay abreast of cyber trends and respond. Consequently. “In this world of information technology, it is not enough to invest once in IT infrastructure. Now organizations have to constantly allocate funds for both infrastructure renewal and cyber risk management,” emphasizes Dr. VU Kaunas, Faculty Researcher, Dr. R. Danielienė.

No system escapes attack

Doc. According to L. Bukauskas, all systems, whatever they may be, will suffer a cyber-incident. According to the researcher, cybersecurity is a continuous work, since the technologies used today do not have known vulnerabilities, but they will be known later.

“It is important to constantly take care of monitoring cyber security incidents, updating software solutions and monitoring the environment that interests you as an organization. For example, if you see that you have received 1000 requests from different IP addresses with a similar request, you should already worry for your security and monitor, look for vulnerabilities. Cybersecurity professionals constantly monitor vulnerability databases of data that do not reveal the vulnerability, but only identify product x as vulnerable. They participate in threat exchange networks, which they help to obtain early information on the patterns of the ongoing attack or the characteristics of the attackers, ”says Assoc. L. Bukauskas.

The professor from the VU Faculty of Mathematics and Informatics recalls once again that organizations seeking to prevent cybersecurity incidents must periodically update software solutions, change passwords or additionally use two-factor authentication. System network administrators should also avoid using popular passwords that are easy to guess.
According to the expert, it is necessary to monitor not only the vulnerability of the systems used by the company, but also which programs and platforms employees use during work, especially if personal devices such as mobile phones and tablets are included in the organization’s network. It is also necessary to develop the capacity of employees to evaluate the security of the programs used. You should also keep track of the apps, mobile apps, or web browser extensions that are used in your organization to help you remember your passwords, as sometimes there are redundant rights requirements or even full-text passwords stored on systems outside of the European Union. .

The researcher also draws attention to the security of mobile applications developed by tech startups. According to the researcher, startups should pay more attention to the security of the products that are being developed, follow the requirements of secure programming.

“Startups apply the latest technology, but too often they forget to test to ensure cyber security, they don’t always follow the requirements of secure programming. The main objective of these companies is to produce the product as quickly as possible, sometimes without paying due attention to the safety of the created product. Young people, who do not yet have enough experience in terms of security, are often involved in systems development, and learning to program safely is a serious occupation that also requires specific knowledge based on experience ”, says Assoc . L. Bukauskas.