The Ukrainians were told how to protect their data.
Ukraine regularly faces hacker attacks from different countries. Most often they relate to critical infrastructure facilities and government agencies, reports with reference to.
Hackers of which countries, why and how they attack our country, and how the table with the personal data of vaccinated Ukrainians appeared on the website of the Ministry of Health – at the first annual Cybersecurity Forum CS² DAY, the lead inspector of the National Cybersecurity Coordination Center (NCCC) under the National Security and Defense Council told (NSDC) Alexander Galushchenko.
Hacker attacks and cyber hygiene Since 2016, the NCCC has been working under the NSDC. How has the approach to work at the focal point changed over the past five years?
From 2016 to 2019, the NCCC was engaged in documentary and analytical things. Now work with technical data has been added, and we are fully fulfilling the duties assigned to us.
In July 2020, you said that most of the devices used to attack infrastructure facilities in Ukraine are located in the occupied east. Has this trend changed?
Most often, over the past week, Ukraine has been attacked from South America, China, Russia and, oddly enough, Bulgaria. There is just a very affordable server rental.
According to Sergei Prokopenko, head of the department for ensuring the activities of the NCCC of the National Security and Defense Council of Ukraine, previously, attacks were simply using hacked devices or intermediate points – proxies, but now entire networks are being created for attacks.
The expert explained that the networks have one switching point in the gray zone, in the occupied territories of Ukraine, and another – in one or another country of the world. The number of such organized networks is constantly growing.
Russia, North Korea, Iran are behind the majority of cyberattacks on the critical infrastructure of Ukraine and government agencies, he added. Their goals are espionage, infrastructure control or seizure of control of certain critical infrastructure facilities.
Why didn't you name the DPRK? For example, the State Special Communications Service believes that North Korean hackers are attacking Ukraine on a par with the Russians.
It is impossible to track anything. The DPRK has its own hacker groups based in other countries. Therefore, they cannot be identified in North Korea. Information can be obtained only on modified exploits (a subtype of malicious programs – channel 24) in pdf files.
And the DPRK can be identified by a simple chain: Chinese hackers steal this exploit from North Korea. The American ones squeeze it away from the Chinese, and only then our leaders squeeze it away from them. Eventually, the exploit enters the darknet, and over time becomes available for research.
Which agencies are most often attacked by cybercriminals from China, Russia and North Korea?
Today, the most common type of attacks is the distribution of “malware” from compromised e-mail addresses of government agencies. Let me give you a live example. On September 16 and 17, 450-350 thousand infected letters were sent from compromised mailboxes per day.
Phishing is one of the most popular types of cyberattacks. The user himself launches the malicious program by clicking on an attachment or link in an e-mail or messenger. Then cybercriminals gain access to passwords and logins , or the computer becomes infected with a virus, ”Sergey Prokopenko explained.
Can you tell me how many officials opened them?
So many. I can't say for sure.
According to Sergei Prokopenko, the average percentage of opening such investments ranges from 5 to 30% – it all depends on the state authority and the level of knowledge of civil servants.
“Several cyber-hygiene programs have now been launched in many organizations, and all employees who have access to a computer are required to undergo training,” the experts said.
What needs to be done to improve citizens' cybersecurity awareness?
First of all, you need to explain to everyone certain rules of behavior on the network. It is important for government officials to understand how to work with their systems. Well, business also needs to listen to the recommendations of cybersecurity experts.
Diya, data leaks and Russian social networks At the forum, you talked a lot about trust in the state. However, can you trust him? Many people complain about the work of the Diya application, including data drain …
In fact, no one has confirmed that data is being merged from the Diya service. These are only guesses and assumptions.
Confirmed. This spring, personal data of vaccinated persons appeared on the website of the Ministry of Health in the form of a table in Excel. For two days, everyone could download it. People provided this information when registering on the Diya portal. The table was removed only after a public outcry arose …
This table on the website of the Ministry of Health was pointed out to us by an indifferent citizen, and two days later it was closed. This is not to say that this is a problem of the system. Rather, it is a problem of employees' negligence in performing their duties.
I say it again. People need to be trained. Technology does only what people tell it to do. If people give the wrong commands, then the technique does the wrong thing.
Medical information systems on an ongoing basis have access to registries, including vaccinations, emphasized Sergei Prokopenko.
“The electronic health care system only accesses this data and requests it the moment you request your COVID certificate. It is incorrect to say that this information became available as a result of leakage from Diya's service, ”he assured.
In this case, can a citizen receive material compensation from the state? The personal data of the people were nevertheless made public.
I do not know.
Was your data in this table too?
I will neither confirm nor deny this information.
In Ukraine, the work of the Russian social networks VKontakte and Odnoklassniki is prohibited. But Ukrainians continue to use them. Explain to people why it is dangerous.
The data of Ukrainians from the Russian social network are collected and used by the Russian special services. Preferences, interests, phone brand, advertising … When all these things come together, you can create a user profile and find many interesting things about him.
We asked Sergei Prokopenko why the correspondence of people's deputies often appeared on the Joker and Dark Knight Telegram channels, and how this affects the country's cybersecurity.
“This issue is not directly related to cybersecurity. We're actually talking about hybrid threats . In fact, the deputies undergo a course on “basics of cybersecurity” and their level of cyber hygiene is higher than the national average, “the specialist said.
According to him, the Joker and Dark Knight Telegram channels are part of Russia's information operations directed against Ukraine.
How to defend against cyber attacks In your opinion, which operating system is the best to protect against cyber attacks and viruses? Windows, macOS, Linux …
Each task has its own operating system. Windows, macOS, Linux, with the right approach, provide a sufficient level of security. The main problem is that we run it all out of the box and never read the instruction. Let me give you an example.
When you buy a washing machine, you open the instructions and see which buttons to press, how to use it. But still, there are some individuals who immediately screw something on, turn it on. Then a week later they wonder why she was out of order. It's the same here.
The use of unlicensed software carries the risk of being infected from the moment the operating system is installed. When you download some kind of “quack”, some kind of mechanism, then be prepared for anything. For example, the operating system can infect and drain all data.
Give basic advice to Ukrainians on how to protect themselves.
Turn on your brain and read the instructions!