Cyber security threats
24 March 2022
Increased levels of cyber threat – what to watch out for?
International cybersecurity centers, including the NCSC, are warning of an increased level of cyber threats due to current developments related to Russia and Ukraine. During this heightened threat, it is important to be extra vigilant for cyber security threats. In this blog, we share the latest updates.
Cyber threats and digital attacks
Due to ongoing developments in Ukraine, the UK National Cyber Security Agency (NCSC), the US Cybersecurity & Infrastructure Security Agency (CISA) and the Netherlands National Cyber Security Centre (NCSC) report that cybersecurity threats are of an elevated level. Meanwhile, US President Biden has also warned companies about Russian cyber attacks.
The NCSC has no concrete indications so far that digital attacks in relation to the war in Ukraine are currently having an impact on the Netherlands, but does not rule this out in the future. On March 23, the computer system of the Italian railroads was shut down by hackers, preventing travelers from buying tickets. Italian media hold it to be Russian cybercriminals, but this has not been confirmed as of yet.
Forms of cyber threats
A threat may come in the form of a phishing email and/or suspicious text message. In particular, there are currently international reports of digital attacks using DDoS and wiperware (malware that permanently deletes data on systems).
In addition, various international hacker groups are getting involved in the war, which could lead to an increase in digital attacks, which could also impact Dutch organizations in the future.
Make sure your digital resilience is in order. For example, read our 5 tips to arm yourself against phishing below. And scroll down for the NCSC’s advice on basic cyber security, with practical tips and tools.
Phishing: what should you watch out for?
Phishing is one of the forms of attack preferred by cybercriminals. Attackers in Ukraine are currently mainly targeting communication infrastructures.
What can you do to avoid becoming a victim of such an attack?
For example, ask yourself the following control questions when answering email:
- Do I trust the sender and subject of the email?
- Do I recognize the link I am being directed to?
- Think before you open an attachment. Do you not expect or trust the attachment? Do not open the attachment and report it to the IT service desk or privacy officer.
Be extra alert for attachments or links in e-mails, especially if the sender is unknown. Do not open anything you find suspicious. Want to know more? Then read our 5 tips below.
1. Take precautions
In practice, a lot of it is already intercepted, to prevent you from being inundated with erroneous emails. Curbing phishing entirely is not easy, but you can certainly take some steps to better shield yourself.
Start by properly setting up your spam folder so that the lion’s share of phishing emails don’t even reach your inbox. And a good virus scanner is also a must. But above all, make sure you don’t just leave your email address everywhere. The more often you enter your details on random websites, the greater the chance that they will come fishing in your inbox.So create a free account, for example in Gmail, especially for all the websites where you don’t want to leave your usual email address.
2. Do not share personal or financial information
A bank, insurance company or subscription service will never ask for your PIN, bank account or credit card number via email (or phone). They will also never direct you to a website with a hyperlink where you are asked for security codes, certainly not via SMS text or social media.
Therefore, never share these details if you are asked for them in an e-mail. And if in doubt, always contact the party concerned before responding to anything substantive – chances are the message did not come from them.
3. Stay alert – outside of your inbox too!
Phishing is hardly limited to email traffic, so always be on the looking during your various other online habits as well. Malicious URLs and links that want to fool you can be found just as easily on websites (“You are our 1,000,000th visitor, click & win!”) and are also increasingly being distributed via social media.
Fraudsters are usually even more effective on Facebook and certainly via SMS/WhatsApp, because internet users are more likely to follow a link there than in a dubious email from an unknown sender. Especially when that message seems to come from someone they know. So don’t just click on any links elsewhere on the Internet!
4. Doubts? They are often justified!
You know the drill: it all seems right, yet something feels slighly off. The message is not quite relevant, the person or agency in question would never formulate it in such a way, the tone is not right – et cetera. If an email doesn’t feel quite right, then something is probably off. In short: if you have doubts, they are often justified.
Check for so-called ‘red flags’ that help you to recognize a phishing e-mail: a strange e-mail address of the sender, an overly excited (positive) message, a form of pressure or threat, many language errors or strange translations, a strange URL under a link or a different, impersonal salutation. Uncertain? Just go directly (not via email) to the sender’s website to find out the truth. And remember: too good to be true is often too good to be true!
5. Fell for it? Always report it!
5. Fell for it? Always report it!
Of course it can happen that you click on a link or open an attachment. In general, we observe that employees are more susceptible to phishing around lunch time and are also less aware of the risks at the end of the working day. Always make sure you report it immediately to the helpdesk or to the appropriate colleague in the IT department.
The quicker you act, the greater the chance that the damage from ransomware or other dangerous exploits can be limited. And be sure to do this even if you haven’t clicked as well, as it provides a valuable warning for colleagues.
Basic cyber security measures
Make sure, as an organization, that your digital resilience is in order. The NCSC recommends that you at least follow these basic measures. We’ve also listed them below.
In addition, the NCSC offers additional short-term advice below;
- Which digital attacks should I take into account?
- What can I do in the short term?
- How to act in case of an incident?
The NCSC continues to monitor the situation closely and will continue to share relevant information and advice. The timeline and advice will be updated regularly.
NCSC basic cyber security measures
Every year, an increasing number of cybersecurity incidents occur at organizations worldwide, even outside of exceptional current circumstances. These attacks involve the use of ransomware or phishing, for example. Partly for this reason, the NCSC drew up a set of guidelines with basic measures.
- Install software updates
- Ensure that every application and system generates sufficient log information
- Control who has access to which data and services
- Implement multifactor authentication
- Back up (and test) systems regularly
- Segment networks
- Encrypt storage media containing sensitive data
- Check which devices and services
are accessible online and protect them
You can find the full NCSC guideline here.
AWAREWAYS Phishing Simulation
Prefer the professional way? The AWAREWAYS approach goes far beyond click behavior. Our expertise is in behavioural change, so that moment where you decide to click or not to click is just where our jobs begin. We have our own phishing simulation software that trains employees continuously and proactively.
We provide everything from a one-off phishing action with impact to continuous training courses in which we adjust the campaign based on the results and provide concrete tools. Contact us to find out more!