Apart from the above-mentioned cases, T4U identified also the number of daily attacks on individuals. The users in the East Ukraine are targets of cyberattacks more often than users in the rest of Ukraine. The nature of attacks largely remains the same. An unproportioned number of users were targets of phone scams and social network account hijacking.
T4U detected that also phone frauds are widespread in all Ukraine. Usually, a person receives a phone call from “a friend” (or a relative) who informs a person concerning some troubles of its relative/friend (e.g., imprisonment), and the attacker requires sending money to a specific account. During the research activities, T4U also noted demoralizing and lying SMS sent to the soldiers on the front, and their relatives (e.g., “Your commander surrendered. Come home!”; “Your husband is dead.” or various vulgarisms, etc.) The mentioned findings confirm that this method is one of the usual instruments of information war as well.
Analogous approach has been detected also in connection with Russia aggression in NATO countries. Similar information attacks were carried out against families of pilots of Dutch F-16s participating in the Baltic Air Policing mission (patrolling Baltic air space during 2017). They had been receiving bothering phone calls. According to the damaged ones, the callers had Russian accents, and they were collected personal information about individuals deployed in the Baltic states to disseminate highly personalized disinformation or intimidation.
Generally, the attackers are looking for personal data for using them in calls or SMSs, which adds credibility and looks even more frightening. One of the ways of stealing such information is the creation of controlled wifi in desired areas (e.g. front lines) with free access, no field registration and unlimited data. It shows that free wifi and free cheese are offered only in mouse traps, which is especially true along the front line.
Considering the above-mentioned findings and results of analyses provided by T4U’s cyber experts, training personnel in cybersecurity is essential. The research showed that higher attention should be paid to the problem of IT security closer to the eastern border of Ukraine. This finding contrasts with the attitude in the Central European countries which do not consider the issue of cybersecurity with such a priority. It illustrates that the Eastern Ukrainian situation with continuous cyberattacks and information warfare brings higher security awareness.
However, considering the T4U’s experience, the fact that people give higher importance to cybersecurity does not mean that they understand it correctly, i.e., the usual answer on the question regarding the most important aspect of cybersecurity was the presence of a specialized anti-virus program. The IT expert of T4U confirms that anti-virus is not, by far, the most crucial part of IT security and might be even harmful in some situations. An essential point for a standard user is possession of a system with as few known vulnerabilities as possible. Known vulnerabilities (already fixed by the vendor but not patched by user) are the most common objects of attack.
The second most crucial issue concerning the IT security of a standard user is a backup of data. In the opinion of IT expert of T4U, it helps to resolve attacks by ransomware because a user can recover the data from backup instead of paying the ransom.