News

Inside the World of Cybersecurity and the Daily Threats We Face

by

Cybersecurity plays a pivotal role in our everyday lives, and while we may not realize it, we face daily online risks and attacks.

Whether it be efforts to protect government databases, or your password from Instagram, the cybersecurity industry is one where more than $100 billion is poured in to keep online information safe.

Hand–in-hand with cybersecurity comes hacking. When you think of hacking, you may think of pop culture versions such as in the TV drama Mr. Robot, or the 2001 movie Swordfish, but its culture is filled with different pockets that we may never think about.

On a global scale, we’ve recently seen the hacking collective known as Anonymous make a resurgence during the conflict between Russia and Ukraine.

The Anonymous group says it has hacked more than 1,500 Russian websites, causing them to crash or go offline since the conflict began on Feb. 23.

On March 6, Anonymous said it took control of Russian streaming services Wink and Ivi, as well as the TV channels Russia 24, Channel One, and Moscow 24. With control of these media outlets, the hacker group broadcast footage of the fighting occurring in Ukraine — which had not been accessible to the Russian people.

While the Anonymous cyber attacks on Russia may not be critical — as representatives of the group have said through social media they do not want to be seen as a threat — they are in response to hacks that Russia set forth in Ukraine, with hackers finding their way into Ukrainian military, energy and other networks.

“We are involved in the biggest Anonymous op ever seen,” Anonymous said through Twitter. “That being said, we are worried that some governments will indeed see us as a threat and create some scenario to make us look bad (false flag). We only want peace, not war.”

On the other side, Russia is an example of a country that has had its own history of hacking. Although it has not always been at a geopolitical level, Russia was well-known for financial fraud hacking, according to cybersecurity specialist Ralph Echemendia.

“Russia, to be honest, and take you back…10 years ago, which isn’t really all that long in the big picture… if you said ‘Russia’ and ‘cyber hacking’ at a geopolitical level, I would have said, ‘No, you’re crazy,’” Echemendia said. ”Russia was known for one thing, and one thing alone on the criminal side of things, they pretty much own the hacking market when it comes to credit cards and financial fraud. They controlled it. The mob, if you will, was Russia. All the best Russian hackers were doing this and that was it. Never, never would have crossed my mind that just beyond, you know, high-level intelligence type of stuff… you said Russia, I thought cybercrime.”

Echemendia is a California native, known worldwide as the “Ethical Hacker,” and for more than 20 years has helped tech businesses, entertainment businesses in the cybersecurity space, and used his knowledge to inform the general public of what is happening in the online world we rely on so much. He has also consulted for multiple notable hacking movies and shows such as Mr. Robot and Snowden.

He added that the hacking we are seeing of Russia brings concerns on a critical infrastructure level, with the country already showing its ability to hack Ukraine’s two biggest banks, as well as its military sites and defense ministry, according to the White House.

“The biggest concern we already have seen in the past is attacks on critical infrastructure like power, hospitals, things of that nature,” Echemendia said. “There’s so many different technologies in use in those environments, but critical infrastructure like power and then like I said, health care is one of the big concerns because power for the most part, you know, we just had an incident, what, less than a year ago, right? So that’s, that’s the big concern, is that Russia has what we call ‘advanced persistent threats.’”

The U.S. believed that Russian government hackers known as “SVR” were behind SolarWinds cyber attacks that were discovered in 2021, which led to sanctions on Russian financial institutions and tech companies back on April 15, 2021.

SolarWinds is a software development company, and through the company, the hackers were able to access U.S. government information related to the Department of Homeland Security and the Treasury Department, according to the White House.

“The vulnerabilities in today’s release are part of the SVR’s toolkit to target networks across the government and private sector,” Rob Joyce, NSA director of cybersecurity, said on April 15. “We need to make SVR’s job harder by taking them away.”

Everyday Hacking

The most common way to extract personal information from the general public is still email phishing tactics.

While tech companies have created malware and phishing detection for consumers, a hack can still happen to anyone, even prominent people in the entertainment industry.

“The ones that people know about, the most common thing is a lot of, like, phishing attacks, right? Where you get an email, or an email looks legit, and it comes from a seemingly legit person or even someone you know, and it guides you to something,” Echemendia said. “ I can tell you that, for example, I’ve worked in Hollywood movies and one of the directors that I’ve worked with… his email got hacked that way, and then they sent everyone who he’s ever communicated to an email saying,’Hey, I need you to take a look at this video and tell me what you think.’ You get an email from an award-winning director saying, ‘Take a look at the video,’ you’re going to click on the link, and the link was obviously malicious and going to a site that was doing further gathering of information.”

Social media also has become a source for hackers to access your information through methods that require one to be very trusting.

You’ve probably seen friends suddenly gain an interest in too-good-to-be-true cryptocurrency investments and chances are that they are too good to be true.

Before you know it, they are promising to send you $500, or asking you to input a specific email address in your account, or sending you to a website that asks you to log into your social media accounts. All these methods are used to take over your account and use your identity to then continue the cycle of gaining information from your circle of friends and family who use social media.

“I mean, the crazy part is, I know 14-year-olds who can do that,” Echemendia said about social media hacking. “It’s really all about common sense. And a lot of the companies are doing what they can to verify trust, right? Like, we get that little lock on a browser. That is a mechanism of trust on a website. So everybody’s doing what they can. Google does quite a bit on their site. For example, warn you if you’re on a site that is not trusted, and many other organizations. It’s a lot harder today than it was 10 years ago to get an email into your inbox in Gmail that’s spam.”

Still, even with tech companies doing all they can to prevent users from being hacked, it happens, and there are certain things to look out for.

Every October, the FBI updates Americans on hacking threats for Cybersecurity Month and gives tips for staying ahead of the hacks.

The first step the FBI lists is to keep your devices, apps and software updated as they frequently update security measures.

“Turning on automatic updates makes the process easier,” FBI Special Agent Gabriel Gundersen said in a YouTube public service announcement.

The FBI noted that a common way that people get hacked online is by clicking on links, attachments in texts, emails, or social media posts. If the message is not from a person you know or trust, any link or attachment should not be clicked on.

One issue that most consumers do not think about is how much personal or financial information they are giving out.

“Don’t give anyone personal information unless you initiate the contact, and you are certain the person is legitimate,” Agent Gunderson said.

Another tip is to regularly check your passwords and store them using a reputable password management app. There are several free and paid password management apps in both the App Store and Google Play store, such as Bitwarden, 1password, Lastpass, Dashlane and Keeper.

In more extreme cases, you can also use a passphrase that the FBI says are a “long series of otherwise unconnected words that mean nothing to a hacker but something memorable to you.”

The last tip from the FBI Cybersecurity team is to use multi-factor authentication. Many of the apps we use encourage multi-factor authentication, which go beyond the password and provide other ways to identify yourself when logging into an app or website.

For example, Google’s two-step authentication requires you to set up a secondary login access point through either text messaging or email. This gives an extra layer of protection that is not as easy to hack as a singular password would.

If a hack leads to identity theft, fraud or loss of money, the FBI said local law enforcement should be contacted, as well as reporting the fraud to the bureau’s internet crime and complaint center.

“Trust your gut,” FBI Special Agent in Charge Eliza Odom said in another cybersecurity PSA. “As the old saying goes, if a deal sounds too good to be true, it probably is.”

Highlights