Bulgarian Cybersecurity Expert: Remote Working Heightens Risk of Hacker AttacksSociety | February 23, 2021, Tuesday // 13:27| views
For the larger part of Bulgarians working from home in time of pandemic is an advantage. It’s true that some firms could not switch over to a digital-only business model and keep on working. Fortunately, the larger part of businesses made the necessary transformations quite promptly and managed to adapt to the new situation caused by the coronavirus pandemic.
However, this has also triggered big problem: many companies were not prepared for such quick transformation as it asks for serious risk assessment, i.e. clear understanding of what is happening, what arrangements would be right for their employees under new circumstances.
Faced with the situation when they couldn’t do business anymore many companies took an ad hoc decision to transform and switch over to digitalization. This was the leading trend throughout 2020 – to do our best to let out staff work remotely. This is what Lyubomir Tulev, cybersecurity expert who worked for the General Directorate Combating Organized Crime and has 10-year experience in the field, told Novinite.bg.
Exactly at this point the major hazard emerged: without proper risk assessment in this novel situation most of the companies made mistakes. They were not prepared for remote working – didn’t have enough PCs nor laptops to give out to their staffers for their home offices, he says.
“For a huge part of employees the office was their workplace so, they were taken almost unawares when the company gave them the opportunity to work from home but couldn’t provide them with computers, because the cancelled or delayed supplies hampered the purchase of new hardware, especially when it came to office equipment which traditionally comes from Asia. All supplies for Europe, and Bulgaria in particular, have become extremely difficult. Thus, on the one hand, the companies were willing to let their staff work remotely, but on the other – didn’t have enough PCs to equip them.
Hence, many employees started working with their own computers which poses an immense risk because on these private PCs the company cannot install the so-called “tracking software” which would allow to track down every operation, simply because these are private and not company computers, the cyber expert explained.
"When the IT administrator and security engineer in a company cannot monitor what happens on the employee's machine, they lose sight of the overall picture.
Employees can very easily visit sites that contain malware and get their computer infected. When a connection is built between this machine and the office infrastructure, the hacker can very easily access this company’s infrastructure and compromise its database. So, here was the first problem – lack of supplies and lack of proper risk assessment ", said Lyubomir Tulev.
"Be as it may, a large number of companies succeed in finding the right approach, transforming their business into digital modes. Even in a conservative field like education, where various projects and initiatives have been promoted for years guessing how to digitalize and embrace online learning, we saw how Covid helped education became digital in a few weeks. Yes, it had its inconveniences, but the trend continued anyway," the expert explained.
Answering the question if we had fallen victim to more hacker attacks, the cyber expert was adamant: "Yes. This was apparent at the beginning of the pandemic. Especially on the territory of Europe and Bulgaria as early as January 2020, when more than 2,000 domains were registered related to Covid, Covid-19, vaccines, etc.
Why were these domains registered? To let hackers use them for the so-called "fishing attacks," i.e. the trick hackers are using to manipulate us or click on a link of a fake site under their control where they can easily get hold of our personal data or steal our payment instruments or, which is even worse, to coerce us into uploading a virus-infected file which via our computer will give them access to company infrastructure. It can also happen that a hacker locks our files and henceforth the files of the entire company.
I am talking about the so-called " ransomware” attack. This is the kind of virus that is installed on a system that enables the hacker to encrypt all the files that are located on that device. Encrypted files cannot be accessed by users – they cannot be opened, cannot be viewed nor copied – these files are locked. This was the reason why many of the businesses suffered huge losses in 2020, Tulev explained.
"We also saw a new version of Ransomware 2.0. What's typical of ransomware is that hackers locked our files and demanded a ransom. To get the files recovered, we had to pay a ransom. Typically, the amount varied - about 0.2 - 0.3 bitcoins (one bitcoin today is exchanged for over 50,000 dollars).
"In 2020, hackers changed their tactics – before locking your files, the moment they accessed your PC, they steal all the valuable information about them, retrieve it, locked your files, and then blackmail you for money, and additionally, so that they could incentivize you to pay the ransom, showed you some of the information they had already managed to upload from your machine.
If this is a company laptop that has a lot of confidential information about the company (customer data, etc.) it is quite startling for the company. A very large number of companies were thinking about paying these ransoms.
And this is the worst possible approach – never take steps to pay a ransom because hackers act on this principle. If they get some money it's great, but even if they get the ransom they don‘t profit by giving you the key to unlock your files. So you just waste thousands, and virtually no one guarantees you that you will get your files back.
Worse still, even if the hacker is not paid, he has already taken information that is sensitive and sells it on the Dark Web or to competitors so that he can monetize his attack," Tulev warned.
A ransomware-type hacking attack, in addition to a financial expression, can have a human one. In the summer of last year, it became clear that one of the hospitals in Germany, where at that moment a woman was lying on life support sytems, was hacked and ransomware was able to lock down the entire infrastructure of the hospital and hence lead to these systems’ failure. As a result, the woman died – the expert gave an example.
We have seen in 2020 that these hacking attacks have not only financial implications, but also claim human lives. Bulgarians are a nation that boasts high-tech skills, along with Romanians and other Eastern bloc countries. I can't say we're one of the frontrunners, but we're certainly not lagging behind in technical knowledge. The profile changes.
We've also seen that over the past year there's been a spike in the so-called state-sponsored hacking (a country that controls hacking groups). We have seen such hacking groups, controlled and sponsored informally, allegedly funded and supported by the governments of Iran, North Korea, China, which allegedly carry out multiple hacking attacks on companies in Western Europe and the US.
So, if we talk about organized crime groups, Bulgarians are not ones of the often mentioned. Rather, we saw from the operations that GDBOP conducted, how they arrest hackers who were part of such organized criminal groups, but not leading ones, Recalled Lyubomir Tulev.
Only a month ago we saw how in the media space GDBOP shared info about an operation on the territory of Bulgaria that led to stopping a server that was used by an organized criminal group in order to be able to carry out ransomware attacks, i.e. a large part of these attacks took place from a server that was located on the territory of Bulgaria and a Bulgarian who controlled this server was part of such an organised crime ring.
Bulgarians are part of such organized criminal groups, but others are the ringleaders, stressed the cyber expert.
We need your support so Novinite.com can keep delivering news and information about Bulgaria! Thank you!