Last Saturday, 15th of October, Bulgaria woke up to the news that several Bulgarian websites of state institutions, media platforms, telecom providers, and airports had been a target of a cyberattack from the distributed denial-of-service (DDoS) type, making them inaccessible for several hours. This is the latest Bulgarian cyberattack after the hacking attempt against The Bulgarian Food Safety Agency this August and the ransomware attack against Bulgarian posts earlier this year in April.
Worldwide scale cyber threats have significantly increased since the start of the pandemic. In addition, Ukraine’s ongoing war further reinforced the demand for institutions to take better measures and invest more resources into the war against hackers.
Among the most common methods that hackers use to get access to sensitive information or to take control of a certain computer system are phishing attacks, spear phishing attacks, ransomware, and man-in-the-middle. According to the Ministry of e-Governance, 80% of all malicious attempts in Bulgaria are phishing attacks and about 57% of all Bulgarian institutions have to face and prevent hacker attacks on a daily or monthly basis.
To put the recent Bulgarian cyberattack in context, by discussing the level of cybersecurity in the country and whether its institutions are prepared to deal with different scenarios of cybercrime, Investor.bg, a Bulgarian finance and business media platform, gathered a panel of experts at the event Tech of Tomorrow. The discussion was joined by Dimitar Pavlov – Cybersecurity Manager at A1, a Bulgarian telecom service provider, Vihren Slavchev – Executive Director of Mnemonica, IT security and data storage advisor company, Bozhidar Bozhanov – Member of Parliament and a former minister of e-government, and Spas Ivanov, Managing Partner at IT Baseline, data security, and protection IT company.
Sound cybersecurity strategy – Vital Ally in the Raging War Against Hackers
According to Dimitar Pavlov, “before it was much easier for a person with malicious intents to break into a government digital infrastructure and extract data but now things are much better than what they were 10 years ago”. Later in the discussion, he added that cyberattacks have increased worldwide, especially after the beginning of the war in Ukraine. According to his observations, especially in Bulgaria, the most common cyberattacks are against web applications.
The former Minister of e-Governance, Bozhidar Bozhanov presented his concerns that even though the Bulgarian state administration has improved its level of preparation regarding cybersecurity, there is a lot to be desired. He remarked that generally Bulgaria and Europe are lagging behind because of the lack of trained staff. Bozhanov pointed out that Bulgaria has lots of cybersecurity experts and IT security companies but they are simply not enough.
In addition, the state administration often does not know how to react in the face of such threats. Despite this, he pointed out that the first steps have been made in the right direction – “we managed to convince the managers and the leading figures in the state administration that cybersecurity is something important and that, in the long run, it is worth investing in it”.
“We have clarity on what measures we have to take. However, we need to make improvements in the human resources and its organization”, said Bozhidar Bozhanov.
Vihren Slavchev of Mnemonica was much more critical of the current situation, directly saying that “we are not prepared”. He added that “right now, the modern, hybrid wars typically begin with cyber offensives.”
The expert also noted that cyberattacks are progressively increasing. What is more concerning, however, is that hackers tend to work in organized structures and not in a chaotic manner. This gives them the upper hand because they are able to communicate and exchange information with each other faster. According to him, government structures would be much more prepared if they had an internal system for quick information transfer.
Spas Ivanov of IT baseline noted that most of the technical problems we are currently facing could be easily resolved “with money” and through different types of financing. However, the real problem is the lack of enough qualified people who would maintain the infrastructure once it has been built. He noted that in order to attract more cybersecurity experts, the state administration has to offer more attractive working conditions.
“Many government structures have spent money and have invested in good technologies. Unfortunately, they are not implemented and maintained correctly”, said Spas Ivanov.
The evolution of cyberattacks
In the second part of the panel that followed the recent Bulgarian cyberattack, the experts went on to discuss the most common cyberattacks. Spas Ivanov of IT baseline noted that while phishing attacks are the simplest ones, hackers’ tactics are constantly evolving. Ultimately, the end goal of every hacker is not only to get access to the victim’s personal information but to monetize it. For example, with a spear phishing attack, the hacker can get access to credit card information that has been saved in the browser of the victim. He added that the most profitable attacks are the so-called ransomware attacks. They are designed with the idea to get access to the victim’s sensitive information, to encrypt it, and to ask for ransomware in exchange for the key. He added that ransomware attacks are a trillion dollars business.
Vihren Slavchev of Mnemonica pointed out that spear phishing attacks account for about 60% of all malicious intents. They are much more difficult to execute and involve “social engineering” tactics. The hacker has to study the victim very well and usually, those attacks require between 9 and 12 months of preparation. Normally, these types of attacks target companies or organizations. He points out that nowadays we are very vulnerable to these attacks because people tend to overshare personal information that later can be used against them.
The panelists also talked about deepfake as one of the modern ways of internet scams. Deepfake is a synthetic media that uses artificial intelligence and machine learning to create photos and videos of people whose appearance resembles someone else’s face, body movements, and even voice. Pavlov noted that this technology is becoming more widespread and there are even websites where one can buy an entire identity with a passport with a unique social security number and even a photo.
According to Slavchev, deepfake can be used as a “means of mass manipulation only with the help of a simple website”. He compared deepfake to the most serious cyber threats.
In the end, the panelists all agreed that disinformation and lack of proper digital literacy put at risk not only common people but also big organizations and state structures. It is crucial for everyone to have good cyber hygiene.