Krzysztof Silicki: Attacks continue all the time

– Attacks are going on all the time. They are going to become more and more sophisticated. It is enough to look at our reports. The number of incidents handled by NASK’s CSIRT increases annually by several dozen percent – states Krzysztof Silicki, deputy director of NASK, director for cyber security and innovation at NASK (Scientific and Academic Computer Network – National Research Institute) in an interview with Interia.

Interia, How big a threat is online impersonation of another person or institution in order to phish for confidential information (phishing)?

Krzysztof Silicki, NASK: Phishing is one of the most common threats to the average user. It is not something new. Phishing is used by various actors for specific purposes. If we are dealing with financial motivation, phishing will be conducted by impersonating financial institutions in order to take over our bank accounts. In the case of spreading misinformation, it will be a broad campaign to reach as many internet users as possible – people pretending to be someone else then publish information that is false. To do this covertly, they take over email accounts or social media accounts. E-mail accounts are especially important, which not everyone remembers – not only can we find valuable information for the attacker in e-mail, but also we can use e-mail accounts to control accounts in various services, e.g. social networking sites (e.g. change or remind password). Email accounts are therefore a natural target for attacks. This is a threat that has existed for years and is gaining strength. It does not concern only Poland.

So what should you watch out for when it comes to phishing?

– Cyber security hygiene should concern everyone, whether they are at work or at home, whether they are using a private or a business account (of course, the two worlds should not be mixed). Even strong passwords are no longer enough, let alone weak ones, which have always been a threat. Now everyone should be educated to enable multi-factor authentication, because it gives a much greater guarantee that our data will not be intercepted and we will not become a victim of attack. But on the other hand, if we are not vigilant when using the Internet and we click on links leading to crafted websites and enter our login details to bank services, social networking sites etc., or we open attachments that hide malware, even strong authentication will not help. You need to be vigilant.

Cyber attack – how to protect your mailbox?

– The basic two truths are as follows: First, how do I ensure that my credentials give me increasing assurance that no one will take over my access credentials. Second, phishing methods are becoming more and more sophisticated. We are used to receiving a confirmation SMS during a bank transaction. Meanwhile, Internet users do not realize that an ordinary e-mail account should be protected in a similar way. There is often a lack of awareness that the digital footprint we leave can be manipulated.

Who could be behind this attack on MP accounts? Is this an isolated incident or an organized campaign?

– It’s worth reading a report by a serious company like Mandiant (now FireEye), which conducted an analysis of the Ghostwriter campaign, pointing to an actor named UNC1151 (disinformation campaign conducted in Lithuania, Latvia and PolandIts victims included Marek Suski – editor’s note). What attackers acquire in such a campaign can then be used to carry out other criminal activities and, for example, to compromise a well-known institution. Reports like Madianta’s speak of the source and reasons for the attack “with high probability,” no one can give a full guarantee of who is behind it.

Should more attacks be expected?

– Attacks go on all the time and the issue is, as they say, evolving. They will become more and more sophisticated. Just look at our reports. The number of incidents handled by CSIRT NASK (Computer Security Incident Response Team NASK deals with issues of cyber security – editor’s note) increases annually by several dozen percent.

– One of the possible events are “state sponsored” attacks – dop. editors), such as SolarWinds – these are premeditated global attacks where zero day vulnerabilities (“zero day vulnerability”) are exploited, bugs that no one knew about before. Other attacks use the “poisoned source” method. If software produced by a company serving others is “poisoned”, the other companies will download the code to themselves via an update. It is not necessary to attack individual institutions, but the producers of the software they use – as was the case with SolarWinds.

Can a cyber attack on Polish politicians be considered a “state-sponsored” action?

– Observations of the NASK CSIRT and analyses of serious, experienced and credible international institutions confirm such a thesis. Similar conclusions are also presented in the communications of our secret services.

Like this post? Please share to your friends:
Mobile Pedia