Karlstad University's senior lecturer in cybersecurity about the hacker attack
2024-01-25After the recent hacker attacks in which the university's IT supplier Tietoevry, amongst others, was affected, it becomes clear how quickly organizations can become target of such actions. Meiko Jensen, lecturer in cybersecurity at computer science, helps us clarify the areas of hacking and cybersecurity.
Hi Meiko Jensen. What exactly is a ransomware attack as these attacks are called?
– "Ransomware" refers to a specific type of malicious software that is used by hackers to gain money. It encrypts files on your computer, so that you cannot open them again unless you paid the hackers. In the most recent schemes, the hackers also store a copy of all your files on their servers first, so they can blackmail you with the threat of releasing your sensitive, confidential, or embarassing data publicly. These are known as “double extortion” attacks – just like what the Akira ransomware did to Tietoevry.
– However, in order to run their ransomware, hackers have to find a way into the computer systems of their victims first, which is the part we call "hacking". As this hacking has been rather easy in recent decades, lots of cases of ransomware infections have taken place, most of which have never been published in newspaper articles. With larger and more prominent victim organizations, and with every-day customer IT systems being affected, more and more of such cases have become published, and awareness of these types of attacks raised. Today, defending IT systems against ransomware has become top priority for most organizations worldwide.
How can ordinary users of IT systems and organizations protect themselves against hacking attacks?
– One of the best protection measures to use is to have a copy of your files, e.g. on a USB drive. There, the ransomware cannot encrypt it (as long as it is not plugged in), and you can get your data back after the infection. This approach, known as "offline backup", does not equivalently work for larger organisations with lots of databases and huge dynamic data volumes. Though offline backups still are the most effective industry countermeasure to ransomware infections, organisations need to go further and enforce strong security protection mechanisms in their IT networks, such as application firewalls and intrusion detection systems. Also, security awareness training of all employees is relevant, in order to prevent the hackers from being able to run their ransomware at all.
Is it difficult to perform these types of attacks or is it something many hackers can do?
– Downloading and running ransomware on any computer is really easy, but modern anti-virus products will identify and fend off such attempts in almost all cases. Nevertheless, with little more advanced knowledge, it is possible, even for individuals, to change a ransomware into something less easy to detect.
– What we see these days, however, is a different threat, as the hackers behind such large-scale attacks are full-time workers that do hacking as their daily job. These groups, known as APT groups (for "Advanced Persistent Threat"), typically operate like modern companies, just with the business model of hacking into other organization's systems. They get paid from their ransoms, or from governments that define their targets explicitly and co-fund their activities. These people are experts in hacking, and fending them off your organization can be a really challenging endeavour.
The hacker group Akira is responsible for the latest attack, what do you know about them?
– Although it is often difficult to determine the true origin of a ransomware attack, it is known that many APT groups operate in countries like Russia and China, and target mostly Western organizations. The Akira ransomware, named after the information displayed in the ransom demand, is a relatively new variant of ransomware that has yet to be linked to any known APT group. Therefore, the group behind these attacks got its name from its ransomware. There are indications of hackers operating from Russia, but we do not yet know for sure who these actors were and what agenda they may have pursued beyond money. What we can observe and definitely predict for the coming years is that the threat of ransomware will get worse, with increasingly serious consequences for all IT systems used in our daily lives.
How do you test cybersecurity here at the university?
– Among other things, we work with the Mobile Malware Lab (MoMaLab), where we find out what really happens when you click on that email attachment everyone warned you not to open. If you would run a computer virus on your own computer, at home or at work, just to see what it does, that would be far too dangerous, as the virus could delete data, or spread via network to other computers at the university. Just like a biological virus research lab, the MoMaLab lab consists of special hardware that is designed to contain a computer virus. It createsa secure environment that prevents the malware from spreading to other computers in the local networks. Here, we can run malware in a secure enclosure, analyze its behavior, and research ways to combat it or undo the damage it caused – without compromising our KAU computers, networks, and IT systems. The MoMaLab computers are mobile, so we can take them to any environment you need to run malware in, for example, a training event.
– If you are interested in learning more about MoMaLab, please contact us, Meiko Jensen concludes.
The hacking club wants to prevent future cyberattacks
In the subject of computer science, a hackerspace will soon open where students are encouraged to develop in hacking. Jonathan Magnusson, who runs the KAUotic Hacking Club, explains:
How does this fit in with the criminal attacks that we can read about in the media right now?
– This attack is definitely an example of something that we hope our members can prevent in the future. In order to protect systems, it is important to know how they can be attacked. We usually participate in hacking competitions called Capture The Flag (CTF) events where we use our skills in Computer Science to solve puzzles and challenges in order to find hidden flags. We have come very far in several competitions, sometimes in the top 10.
– The KAUotic Hackerspace will be a hangout where we can have lectures, workshops, and a place to just hang out and be creative. We support students interested in cybersecurity in our club and everyone is welcome to join, says Jonathan Magnusson.