Online safety requires education – Cert report

In the digital space we are not at all as safe as we think. The growth of this medium contributes to the increasing dangers that await us. Nask released a report – The landscape of Polish Internet security – which shows how much we are missing.

The Cert report is very comprehensive and contains a great deal of detailed information, which you are of course welcome to read. We will discuss the most important findings and we will also talk about security, i.e. how to react to cyber incidents.

Last year, the CERT team, which operates under the National Research Institute, recorded more than 10,000 cyber security incidents. This is an increase of almost 61 percent. vs. 2019. Of all the incidents, the most popular was the so-called. phishing, which was responsible for as much as 73% of the. of all incidents, which is an increase of 116%. compared to last year. It is worth mentioning that this is the number of registered actions, so in reality this number can be, and certainly is, much higher. CERT boasts that the biggest impact on the log of these shares is their March initiative, within which they introduced List of Warnings Against Dangerous Websites.

It got serious?

NASK’s CSIRT says it handled more than thirty incidents last year, under the National Cyber Security System Act, whose classification verified them as serious. Serious incidents are those whose presence has a significant impact disrupting the provision of service, which are key to the operation of the entity.

Android is the most vulnerable to attacks

There was also a significant increase in malware for mobile platforms, with Android OS reigned supreme. Usually as part of spam campaigns in Poland. Fortunately, Windows did not score such frequent malware operations.

The most commonly used virus was the Alien trojan, which is sometimes called Cerberus. Moreover, it was possible to observe further modifications of Anubis and Hydra families, well known to Polish cybersecurity specialists.

Phishing, or how to trick someone into a bottle

CERT says that the most common scenarios were attempts to get Facebook account login credentials, payment card number or online banking login details. In most cases, it was to be achieved by appropriately prepared Facebook posts with sensational-looking headlines, fake SMS messages, and messages on WhatsApp messenger.

Information and disinformation

A team from the National Research Institute conducted an analysis that shows a series of hacks on servers and data leaks mainly of Polish universities and research institutions. Disinformation campaigns and hacking into accounts of public and political administration officials have also been observed. Disinformation was caused by hacking into news portals and accounts of Polish politicians. Criminals used accounts to publish fake articles. This was intended to actually lower the status of public trust in public functions and to introduce negative attitudes in society.

Pay a ransom for access to data

The point, of course, is ransomware, which is a category of malware that encrypts data and blocks access to the computer for a given person or persons. It is a phishing technique, after transferring of which the device is supposed to return to the state from before the infection.

NASK claims that this threat does not only affect well-known global companies, but also our Polish entities – both small businesses and Polish domestic companies. Of the 110 incidents handled by CERT in 2020, as many as 69 were reported by national public institutions and businesses. The institute considered emails, RDP services and known vulnerabilities in VPN software to be the most dangerous.

There is also a new growing trend in stealing user information and blackmailing them into revealing it. In 2020, CERT had information on 711,492 IP addresses located in Poland that hosted services enabling distributed denial of service (DRDoS) attacks, with open DNS servers being the most common.

The most vulnerable to attacks were services located in: CWMP, SSL-POODLE, RDP, Telnet and TFTP.

You could be a zombie!

During the previous year, the. The cybersecurity institute collected a total of more than 600,000 IP addresses. These addresses have been referred to as zombies. Zombies are a portion of infected devices that function normally, giving users no concern to worry about, while secretly performing tasks ordered by the hacker. The criminal gains administrator rights and has full control over the device, while the user is not even aware of it. All the infected computers form an entire network that is used for various crimes, and this network is often called a botnet or farms. When it comes to the number of zombie computers it is very similar to that of two years ago. The most visible was Activity of Andromeda and Conficker botnets, which are already sinkholing, and Qsnatch botnet, infecting QNAP Systems devices.

How to protect yourself from cybercriminals?

The report makes it clear that unfortunately we have very limited room for maneuver as users. We are not able to realistically assess threats from the level of use of given applications or systems and poor knowledge of their structure. Furthermore, even the best-secured institutions are always subject to the risk of human error, so we are all at risk.

Assume your data is already stolen..

Seriously, assume that your data has already been leaked! First of all, it’s likely, secondly, it will prepare you for such an eventuality psychologically, but also you will start to be more respectful of what you do online. CERT advises not to share too much information about yourself. The less information about us is processed, the less attractive it will be to attackers, or the more difficult it will be to use it to carry out an attack or identity theft.

HAAAS³OO!

We have already written about this many times, but this is one of the most important issues, that is diversity of passwords. They must be as original, difficult and different on other platforms as possible. If possible, take care to authenticate the authenticity of the login with two or three components. Especially in strategically important accounts like banking, mail, and corporate data.

Don’t ignore the messages

It would not be prudent to ignore a notification that your data has been leaked. Of course, this is also one of the techniques of fraudsters who are just waiting for us to click on their malicious link that will damage our device. However, remember that the provisions of the Act on Personal Data Protection impose an obligation on the personal data controller to inform users if a data leak has been detected. The information will be reliable if it shows the extent of the data that was stolen. When passwords are leaked, most often their hashes are given and should be reset. Such messages should not be ignored, similarly to single attempts to take over an account to a social networking platform or messages about attempts to log in to our e-mail. These situations, although fear-inducing, can contribute to our increased vigilance and caution.

Split ego – for scammers

Separate your life spaces – professional, social, hobby into different accounts and email addresses, so you don’t combine all your information in one place.

What to do after digital data leak?

The milk has been spilled. Hard to. Well, unless that milk is your data, you can’t ignore it. Administrators and service providers after receiving such information are obliged to reset the password, and then we should change the rest of the passwords on other accounts ourselves. In a situation where we cannot get help it is worth prophylactically change the access password.

What to do after sensitive data is leaked?

If a stranger on the Internet gets hold of our PESEL, ID number or credit card details you should report it to the police immediately. Law enforcement authorities will usually spread their arms, but it is worth having the fact of such an incident documented.

Unfortunately, there are no state institutions that can prevent us from taking a loan or engaging in some cyber scam using our identity. Fortunately, there are solutions that go some way to helping us respond to such emergencies.

Such services may include:

– Credit Information Bureau (BIK) offering m.in. notifications about attempts to obtain credit on our data and reports summarizing our credit obligations,

– BIG national debtor registry – designed to collect and share information about people with outstanding debts.

– SecurePESEL portal.en – allowing us to block our PESEL number free of charge in order to prevent us from taking out a loan using our personal data.

In case of an ID card, NASK recommends replacing it and updating it in every bank, so that they are aware of its invalidity. This month also marks Cyber Safe October, which promotes responsible and informed attitudes online. You can read more here.