How Russia is using cyber methods in its attack on Ukraine

Cyberspace is the perfect arena for a proxy war. With Nuclear war out of the question, cyber warfare is the first weapon of choice for the 2nd cold war. Cyber attacks on the NATO Alliance have become more frequent ever since Russia began its invasion of Ukraine. NATO Cyber Rapid Reaction teams are on high alert to come to the aid of any of the allies who may come under attack. However, their focus is to safeguard their own operations and military communications. Industry experts around the world are concerned about the increased likelihood of cyber attacks even on businesses that are not directly handling anything sensitive. “The US and UK have separately also issued warnings of the risk of the conflict of Ukraine spilling over into cyber-attacks against businesses and government systems.” (Gordon Corera, Security Correspondent, BBC News)

Are Other Countries also at Risk?

Although the UK ranks third in the list of most powerful cyber nations in the world, the threat to businesses in the UK looms large. For instance, according to the BBC the FCDO (Foreignm Commonwealth and Development Office) recently became the target of a “serious cyber-security incident”. A third party cyber-security firm, BAE Systems Applied Intelligence, had to be called in for “urgent support”. The Stack revealed, quoting a tender notice on the government site, that the FCDO paid the BAE £467,325.60 for their assistance. The new Government Cyber Security Strategy, released in January 2022, notes that the UK’s “legitimacy and authority as a cyber power is however dependent upon its domestic cyber resilience, the cornerstone of which is government and the public sector organisations that deliver the functions and services that promote the UK’s economy and society.” Between September 2020 and August 2021, the NCSC was called in about 300 times to deal with a cyber security attack on the public sector. This means that roughly every day, a private business in the UK falls victim to a cyber attack so severe that they are unable to deal with it themselves and the government has to step in.

Should E-commerce Businesses in the UK be worried?

Businesses that are at the greatest risk are the ones that have a big online footprint. Ecommerce tops this list. Not only is the Ecommerce model reliant exclusively on the internet, but also the information exchanged is sensitive since it includes the bank details of the parties involved. “We faced significant delays during the first few days of the Russian invasion because of hacked courier services and the shutting down of payment gateways as a precautionary measure,” says Tim Anderson, the Operations Manager at Ejobber Limited, which is a London based IT hardware and Software Reseller.

What are the Threats to E-commerce Businesses?

The most common techniques used by cyber criminals to target your e-commerce business are as follows:

1. Phishing: A phishing attack tricks people into clicking a malicious link or providing sensitive information such as login credentials. Emails appearing to be sent from trusted contacts are sent requesting the recipient to urgently share sensitive information. When the recipient opens such an email, malware is planted on their system which gives the sender access to the databases stored on the receipt’s computer.
2. DDoS Attacks: DDoS (Distributed Denial-of-service) attacks uses botnets to overwhelm a business’ website by sending multiple requests till the system crashes.
3. Brute-force Attacks: This type of threat uses a password-guessing program to gain access to the system. E-commerce sites are particularly at risk. If the admin panel of an online store is compromised, the business will sustain heavy losses.
4. SQL Injection: SQL (Structured Query Language) injection happens when a server using SQL domain-specific language is inserted with a malicious code, allowing access to the hacker to modify data on the system.
5. Supply Chain Attacks: Ecommerce businesses are particularly vulnerable to cyber attacks because of their supply chains. Even if one party that forms the part of the supply chain has weak cyber defence, the whole chain may become compromised. “One area of focus is the need to enhance software supply chain security.” (Justin Fier, Director of Cyber Intelligence and Analytics, Darktrace). Emil Sayegh, CEO of Ntirety, predicts that the year 2022 will see an increase in supply chain cyberattacks.
6. Remote Employees: Post pandemic, a lot of businesses have continued to employ people remotely or overseas. If the PC being used by a remote employee is not properly secured, it might compromise the whole network.
7. Cloud and Outsourced Services: As more and more businesses shift to cloud computing and utilise third-party infrastructure, it gives hackers a bigger radius to attack. The damage, too, is magnified as multiple stakeholders suffer losses simultaneously.
8. Mobile Devices: According to the Kaspersky Global Research and Analysis Team (GReAT), the year 2022 will see a substantial increase in the APT attacks on smartphones.
9. Network Appliances: Hackers may target VPN appliances, such as SOHO routers, to hijack VPN sessions

How Can You Protect Your Ecommerce Business?

You can protect your Ecommerce business by ensuring the following:

1. Use Strong, complex passwords;
2. Implement two-factor authentication;
3. Teach employees to identify suspicious emails;
4. Run a web application test to check your system for any weaknesses. During the test, a cyber security expert will try to penetrate your network and inform you of any loop holes in your security measures;
5. Invest in cyber insurance;
6. Secure all links of your supply chain;
7. Equip remote employees with proper cyber security software. If you provide access to your network while outsourcing a project, make sure that the third party is trustworthy and has secure PCs.

Conclusion

E-commerce businesses must adapt to the evolving cyber threats if they are to survive and grow in the year 2022. It is easy to ignore cyber security and focus more on revenue generating areas, e.g. sales and operations, but with increased risk of cyber threats, every E-commerce business should review their cyber security measures and invest in developing an adequate cyber security strategy.