War in Ukraine without impact on cybersecurity in Portugal. Cybercriminals and State Agents Are Top Threats – Computers
The wave of computer attacks that took place in Portugal and that affected Impresa, Vodafone and Continente, did not pass by the analysis of the National Cybersecurity Center (CNCS). The centre, which the mission to promote security in cyberspace Portugal, indicates that “the beginning of the set was the occurrence of a milestone of cyberattacks with impact and media relevance in our country”.
The information is part of the context report, published by CNCS. “Some of these attacks were claimed by the collective psus$ that are characterized by the absence of political ideology and financial motivation, focusing on gratuitous vandalist actions”, the same document adds.
The recent invasion of Ukraine, part of the Russian Federation, is seen as having a high impact in the international context. The European Union and member states raise their alertness and readiness, also in cyberspace, and the European Network of Cybersecurity Incident Response Teams and ENISA (European Union Agency for Cybersecurity) share information on malicious activities and indicators of commitment (IoC) related to this conflict.
According to the agency, of actions and public information companies, it allows to define a recruitment framework for actions of new companies and citizens as a conflict of recruitment, of actions and companies of public administration, among which the competition of this accomplishment countries that abound in economies .
Even so, “in Portugal, to date, no
The CNCS, indicating that “it is considered important as a reference to the interest of the European Union of the European Union, as well as the neutrality of the country”.Fewer Hacktivists and More Cybercriminals
The activities of Hacktivists have lost strength in the face of the growth of other attackers, and in 2019 and 2020, cybercriminals and state agents, such as the National Cybersecurity Center (CNCS) at the April observatory, will be highlighted.
“Cyberspaces are financed or groups that receive economic gains, although they can be indicated for security by States”, indicating that “State agents are those who benefit the most for geographical reasons”, although sometimes also economic”.
In the list of threat agents or CNCS, Hacks add an ideological message, cyber-offenders, who tend to be motivated by personality, defenders, who act to attack a victim or create an interruption in systems for reasons and negligent Insiders, users who , unwittingly compromising your organization through careless action without a conscious reason.
Recommendations for implementation by companies and Public Administration bodies
CNCS points out some threats to citizens and organizations that they should be aware of, including DDoS (Distributed Denial of Service) attacks, account and service chain compromise (through a compromised vendor or service), ransomware , vulnerabilities, cyberespionage and phishing.
In order to prevent or reduce the impact of these threats, the Center shares some measures to be taken, which we reproduce here in full.
a) Evaluation of
: every attempt at implementation and evaluation, so a need for organization of that allows you to assess the possible problems that you can solve.b) Activation of Multi-Factor Authentication (MFA): The organization uses the authentication protection factor more when accessing its online accounts and its personalization functionality. Consider, for example, an implementation of files, such as smart cards and FIDO2 (Fast IDentity Online) security keys.
c) Password management: keep your passwords secret and secure (use a phrase of 12 characters or more, with no obvious terms) that, with malicious intent, access your protections with secure passwords. The CNCS also encourages all organizations to use it
password management off whenever possible.d) Update of
: ensure that all Software organizations are up to date. Also make sure that all actions with the security fix of terminals and servers are performed regularly. It is also important to encourage workers who use their personal devices for personal purposes and to upgrade them and the equipment they take care of with what they install.e) Incorporate a cybersecurity supply chain: implement security measures with respect to third party access to your networks and internal systems. If you apply these measures, a third party is compromised and used, such as your organization’s capacity, will improve your organization’s response to potential solutions.
f) Protection of services a cloud: implement appropriate security measures on the platforms a cloud (for example, use the best care with passwords and encrypt sensitive information).
g)
data (backup): given the highest number of attacks from , is to highly increase the frequency of backups of critical data. It is important to ensure that access to backups is controlled, limited and registered, and three different ones, which is the 3-2-1 rule, that is, the making of copies: two are made on supports, the third is kept off.h) Network segmentation: The intent to target the network’s network, to qualify over network control for display and advertising traffic for other advertisements.
e) Centralization of Historic: so that it is possible to detect and react quickly to a
is that the Historic of all systems are channeled to a central system that correlates them.j) Combating
: make all employees aware not to click on links or attachments of emails and suspicious SMS messages, nor to share their data in response to such messages.k) Security of the e-mail: prevent the entry of emails malicious through the prediction of anti-on here.
. If technical, follow the accessible, available regarding SPF DKIM and DMARl) Content Delivery Network (CDN): protect your organization from distributed service attacks using a content delivery network. This measure will allow the distribution of content on different servers.
m) Access block: block or severely limit Internet access to servers or other devices that are frequently used, as they can be exploited by threat actors to establish backdoors.
n) Training and awareness: promote, consciously and healthy cyberspace and employee training through responsible use of cybersecurity training.