Staying Safe in Times of Cyber Uncertainty

Practical Steps To Staying Safe

The following recommendations are intended to provide a set of initial best practices that are relevant to multiple potential attack vectors.

State-Sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage

Check Point Research (CPR) warns of threat groups worldwide using Russia and Russia-Ukraine war-themed documents to spread malware and lure victims into cyber espionage. In a new report, CPR profiles three ATP groups named El Machete, Lyceum, and SideWinder, who were found to be running spear-phishing campaigns on victims in five countries. The attackers used decoys ranging from official-looking documents to news articles and job postings. After examining the lure documents, CPR found malware capable of keylogging, screenshotting, and executing commands.

Resurgence of Increased Cyber Attacks on Both Russia and Ukraine, a Month into the War

One month after the war started on 24th February 2022, both Russia and Ukraine saw increases in cyber-attacks of 10% and 17% respectively. CPR has also observed a 16% increase in cyber-attacks globally

Cyber Attacks from Chinese IPs on NATO Countries Surge by 116%

Last week, Check Point Research (CPR) observed an increase in cyber attacks aimed for NATO countries that were sourced from Chinese IP addresses. CPR examined the trend before and after Russia’s invasion into Ukraine, learning that cyber attacks from Chinese IPs jumped by 116% on NATO countries and 72% world-wide.

Donations To Help Ukrainians Move To Darknet, Many Fraudulent

Check Point Research (CPR) sees a trend where advertisements that request donations to Ukrainians are appearing on the Darknet.
Although some advertisements are legitimate, many are fraudulent. CPR provides examples of both.
All advertisements are requesting donation funds in the form of cryptocurrency.

Cyber Attacks on Government Organizations beyond Ukraine Surge by 21%

In the first three days of combat, cyber attacks on Ukraine’s government and military sector increased by a staggering 196%. Since then, cyber attacks on Ukraine’s government and military sector decreased, dropping 50% in the last 7 days. CPR suspects that hackers have made a shift towards taking advantage of other governments focused on the conflict.

Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up… Sort Of

On February 25th, 2022, Conti released a statement of full support for the Russian government — coupled with a stern warning addressed at anyone who might consider retaliating against Russia via digital warfare.

Fake News of Cyber Attacks Fast-Spreads, as Conflict between Russia and Ukraine Escalates

As the physical conflict between Russia-Ukraine escalates, Check Point Research (CPR) warns of hacktivist groups falsely claiming successful cyber attacks on both sides. CPR investigated recent claims by three hacktivist groups, AgainstTheWest, KelvinSecurity and Killnet, and proved that their claims were lies. Alleged cyber attacks on Russia’s largest search engine, Yandex, and two other targets – a Russian nuclear facility and a hack on Anonymous’ website – have been discredited by CPR.

Telegram Becomes a Digital Forefront in the Conflict

Check Point Research (CPR) tracks activities happening on Telegram and shares an overview of observations on Telegram around the current conflict in Eastern Europe. On the day Russia invaded Ukraine, CPR documented a 6-fold increase in Telegram groups themed on the war

How The Ukrainian Conflict Has Polarized Cyberspace

The conflict in Eastern Europe is advancing. People everywhere are deciding who they will support. The same dynamic happens in cyberspace.
Hacktivists, cybercriminals, white hat researchers or even technology companies are picking a clear side, emboldened to act on behalf of their choices.

Cyber-Attacks Trends In The Midst Of Warfare – The Numbers Behind The First Days Of The Conflict

Check Point Research (CPR) releases data on cyber-attacks observed around the current conflict in Eastern Europe.

How to Prevent Ransomware Attacks

Ransomware attacks have been used successfully during times of uncertainty, to cripple businesses and disrupt critical infrastructure. Organizations caught unprepared could be left with the choice between paying a ransom demand and writing off the stolen data entirely.

However, there are always measures which any organization can take, in order to minimize their exposure to and the potential impacts of a ransomware attack.

Protection Against DDoS Attacks

Our research teams have seen an uptick in DDoS attacks. Traditional security solutions are not equipped to protect against zero-day threats like destructive DDoS attacks. Application layer attacks including HTTPS floods and DNS attacks can cause devastating attacks to the unprepared organization. Learn more about protections that you can put in place, to protect your organization from DDoS attacks effectively.

Misinformation and phishing attacks prevention

We should expect threat actors to employ traditional and novel forms of social engineering. These could include emails and text messages that lure victims to malicious sites or to download files with embedded attacks. learn more on how to protect against phishing attacks