Page 18 - GS220302
P. 18

Views


                          Embrace consumer-centered


                                  digital transformations




        By Suresh Dakshina                                      damage that could be done if these hackers were to carry
        Chargeback Gurus                                        out a sophisticated, widespread and powerful campaign
                                                                of unfettered digital sabotage.
                 ears of a large-scale cyberattack on business and
                 infrastructure by a well-equipped state actor   Most cyberattacks come in phases. They start with spear
                 like Russia have been in the air for years. The   phishing or brute force attacks to gain access to the target
        F Russian invasion of Ukraine, broadly opposed          system, exploiting known software vulnerabilities when-
        by the United States and its allies, has made it more likely   ever possible. Hackers have been known to maintain a
        that an attack of this nature is coming sooner rather than   quiet presence on compromised systems for years before
        later. While both private and public sector organizations   launching the next phase of their assault.
        have been dealing with overseas hackers and cybercrimi-
        nals for a long time, we have yet to experience a full-scale   Once  they’re  in,  hackers  can  steal  data, issue  harmful
        assault on our most important networked assets. What    software instructions or install malware programs. In a
        can businesses do to protect themselves from the threat of   worst-case  scenario,  such  cyberattacks  could  be  used  to
        a major cybersecurity attack?                           cause actual physical damage to expensive and dangerous
                                                                industrial equipment—much like the Stuxnet computer
        Events in Ukraine are changing rapidly as the invasion   worm (see  https://bit.ly/3u6mbZn) did to Iranian nuclear
        continues, and NATO countries have been applying a wide   centrifuges in the early 2000s. Stuxnet is considered to be
        range of economic sanctions to put pressure on Russia and   a highly sophisticated, narrowly targeted attack, and it’s
        limit its ability to engage in warfare. Any direct military   not hard to extrapolate the consequences of a similar at-
        intervention would carry a risk of severely escalating the   tack carried out on a large scale and intended to cause as
        conflict, leaving indirect actions like sanctions as the most   much chaos as possible.
        viable option currently on the table.
                                                                The US Cybersecurity & Infrastructure Security Agency
        Russia doesn’t have the leverage or influence to counter   has not warned of specific threats as of this writing, but
        with meaningful economic sanctions against the countries   they are directing businesses, government agencies and
        who oppose it, leaving cyberwarfare as the most effective   other organizations that could be targeted to their Shields
        nonviolent means of retaliation that they have to work   Up website,  https://bit.ly/3ijVgDW,  for guidance and re-
        with. While cyberattacks do have the potential to hurt or   sources.
        even kill people when they target things like critical infra-  How can cyberattacks be detected?
        structure, utilities and hospitals—things that have all hap-
        pened already—their primary purpose is often to disrupt   As last year’s wave of ransomware attacks showed, it’s not
        normal online activities, prevent the flow of information   just government agencies, big corporations and industrial
        and cause economic harm.                                plants that need to worry about powerful, high-tech cy-
                                                                berattacks. Any organization can potentially be targeted,
        The fallout from a major cyberattack could easily affect re-  and the initial stages of a sophisticated attack can look a
        tailers and other small businesses that have nothing to do   lot like a regular account takeover attempt from a garden-
        with geopolitical conflicts. While this threat pales in com-  variety cybercriminal.
        parison to the dangers faced by anyone whose homeland
        is being invaded, it is nevertheless a real one. Merchants   The following tips can help you spot a hacker probing for
        should keep informed about it and start taking steps to   weaknesses—or already laying low inside your system.
        prepare themselves.
                                                                    • Collect and retain detailed system access logs.
        What is the scope of the threat?                            • Watch for repeated failed login or authorization at-
        Last year saw some of the most severe ransomware at-          tempts.
        tacks to date (see  https://bit.ly/3CRJvOB), targeting large,   • Watch for logical inconsistencies, like identical IP
        high-profile companies that provide critical infrastructure   addresses being used for different logins.
        and services, and many of the groups behind those attacks   • Watch for unusual activity in privileged or dormant
        were known to be operating out of Russia. The targets of      accounts.
        these attacks, which included Colonial Pipeline, Acer, JBS
        Foods, and many hospitals and healthcare facilities, had    • Investigate any unusual records or user behavior
        their critical IT systems paralyzed by malicious software     that raises red flags.
        and were forced to pay millions in ransom payments to       • Use up-to-date antivirus software.
        the hackers to regain access. Such attacks only hint at the
        18
   13   14   15   16   17   18   19   20   21   22   23