In addition to the humanitarian, financial and economic consequences, the conflict in Ukraine has also brought with it an increase in phishing and disinformation. We therefore advise you to be extra vigilant.
Unfortunately, cybercriminals take advantage of events such as wars to scam people. For example, they may pose as someone in need of financial help to try and persuade you to transfer money.
Disinformation, aimed at manipulating people, is currently rampant on social media and other news channels. Be vigilant and follow these tips:
- Avoid donating to unknown users. If you want to support a good cause, donate directly via the website of a trustworthy organisation.
- Watch out for usernames on social media that consist only of random letters and numbers. These accounts may be managed by bots rather than legitimate users.
- Stay informed by following reliable news sources. If you see a sensational headline, dig a little deeper to check if the news item is genuine.
Beware of malware
The Centre for Cybersecurity Belgium (CCB) has published an analysis of the situation on its website. Among other things, the CCB warns of wiper malware (IsaacWiper, HermeticWiper, WhisperGate), a malicious software that is currently circulating in Ukraine and that can delete users' systems and their data.
Targets are Ukrainian companies and organisations, but it is only a matter of time that variants will emerge that get to us. More information about this malware can be found on the website of the Cybersecurity & Infrastructure Security Agency (CISA).
Fake messages, reporting an unusual attempt to log into someone's account from an IP address in Russia, are also circulating. When users click on the link in the message, they are directed to a page with the intention of having them download malware and/or share personal information, which is then misused for social engineering.
Phishing is one of the main techniques used by cybercriminals to spread such malware. So be extra alert when you receive messages (e-mails, text messages, messages via social media, etc.) that ask you to click on a link or open an attachment.
A few basic principles
Regardless of the current situation, it is important to always observe a few basic principles for good cyber hygiene:
- Make regular backups and test the 'restore' function regularly, not only for files but also for entire systems/servers
- Patch vulnerabilities immediately and then test them
- Make sure as many end users as possible use MFA (multi-factor authentication) to log into remote accounts (cloud or home work)
- Create awareness among your users: inform them about the risks and give them tips to protect themselves