“The Ukrainian IT specialists are on the front line of fighting the cyberwar, and companies in Ukraine, despite everything else, are trying to save their businesses and the jobs of their staff. They are making an important contribution to increasing the defense capabilities of the country. Ukrainian citizens are doing everything to fight the enemy,” Stepan Veselovskyi, CEO of Lviv IT Cluster, a project which aims to bring the Ukrainian IT community together, shares with The Recursive.
In light of the recent Russian-Ukrainian war, both Romania and Bulgaria could witness cyberattacks, similar to the distributed denial-of-service (DDoS) on the government and the financial sector’s websites in Ukraine. As Russia is looking for disruptive ways to fund its war, it will also most probably retaliate against countries that have imposed or even supported sanctions against it. But a cyber attack can come from anywhere.
Today, we want to find out more about:
💡 what do cybersecurity threats in our region look like?
💡 what are the main security solutions and the steps business can employ?
💡 what are the cybersecurity responsibilities of tech companies?
Therefore, we talked to Bogdan Dumea, State Secretary at the Romanian Ministry of Research, Innovation, and Digitalization, and with Mihai Rotariu, Head of Communications at The Romanian National Cyber Security Directorate. Bogdan has a background in enterprise strategic management, while Mihai joins with his experience in politics, diplomacy, and security.
What do cybersecurity threats look like?
“The biggest risk is in the banking and financial services, but also in the energy infrastructure,” Bogdan Dumea shares.
He says that the current situation has no precedent. All corporations have to increase their alert levels as any asset can become a target during a war. He shares the Goldman Sachs analysis, where five types of attacks have been used to disrupt governments, take hold of data, and wreak chaos.
“First of all, there is the denial-of-service (DoS). In these types of attacks, hackers will flood a server with traffic in an attempt to crash it and make it inaccessible to users.
The second one is malware, which is designed to steal data or disrupt, and also destroy a network.
The third is the injection, a type of attack that allows hackers to insert code into a program that will allow it to execute commands remotely.
Phishing is the fourth type of attack, and it involves sending seemingly trustworthy emails to trick a source and extract data from them.
Finally, the fifth type of attack identified is brute force, which means that the attacker uses trial and error to guess a user’s credentials to break into their network,” Bogdan summarizes.
What is the most common cyber threat?
Mihai joins to explain that in the past years, the most common attack has been ransomware, “a type of malware that encrypts files on infected devices, blocking access to data, and then asking for a ransom to be paid in exchange for returning access to the owner.”
The consequences are business interruption, loss of reputation, clients, and data, but also a psychological impact on the employees. “These attacks are highly disruptive for businesses because most of the time there is no decryption tool as a last resort for file recovery and it puts the company in a difficult position – having to face the spotlight of business discontinuity while deciding whether to pay the ransom and directly finance cybercrime this way, or not pay and risk losing all data,” Mihai explains.
He adds that this type has even been developed as a business model by cybercriminals – ransomware-as-a-service (RaaS). It is so common that there are RaaS kits over the dark web forums.
How can businesses protect themselves from cybersecurity attacks?
“Enterprises need to exercise their cyber incident response besides maintaining a strong security baseline, prioritizing the patching of known vulnerabilities, and detecting commonly observed tactics, techniques, and procedures,” Bogdan says.
Both specialists agree that the first step is for all security solutions to be kept up to date to avoid vulnerable spots, even if this means allocating bigger budgets.
Mihai specifies that in case of a DDoS attack, organizations should:
- “Understand the software and hardware limitations of their current infrastructure;
- Engage with the hosting providers to enable DDoS mitigations at a network level;
- Leverage cloud solutions to automatically scale up resources when needed”.
What are the cybersecurity responsibilities of tech companies?
“To be able to deal with cyberattacks, we need a joint effort, one that takes into account national security, information security, but also citizens, those who are exposed also to these cyberattacks and do not have the tools to fight them,” Bogdan adds.
Another thing specialists agreed on is the fact that everybody has to be involved in cyber defense efforts. This way, each person contributing can become a firewall. Bogdan is looking forward to developing more partnerships between technology companies and public institutions. He believes the role of tech companies will rise and cooperation is imperative.
“In Romania, we are strong believers that cyberspace must be neutral, secure, and resilient, and no geopolitical or military interests shall affect the lives of people and their business,” Mihai says.
Mihai explains one example of this public-private collaboration, between the Romanian National Cyber Security Directorate and Bitdefender, the Romanian cybersecurity software developer. Together, they are providing technical consulting, threat intelligence, and technology, free of charge, to Ukraine citizens, businesses, and government institutions. This is also extended for the next year to any company from NATO or EU, which is looking to enhance their cybersecurity.