Reports have emerged that Russian-sponsored cyber attacks have intensified, with organisations and national governments coming under attack.
Russia is renowned for politically motivated cyber crime, with hacking collectives and government-backed hackers often launching attacks to disrupt its adversaries.
These incidents increased dramatically following the invasion of Ukraine, with governments across Europe coming under fire. Poland is the latest country to be targeted, with public domains and state organisations being hit by a wave of DDoS (distributed denial-of-service) attacks.
Victims so far include strategic energy armament providers and other critical service providers.
The first incident highlighted by the Polish government that knocked its parliament website offline. The incident occurred the day after the parliament adopted a resolution that recognised Russia as a state sponsor of terrorist.
Meanwhile, the Russian-backed cyber crime gang GhostWriter has been spotted conducting phishing campaigns targeting Polish citizens. In one attack seen by BleepingComputer, the fraudsters set up websites that impersonate the Polish government website domain (gov.pl) and promote a fake financial compensation scheme.
Source: Bleeping Computer
The website encourages users to follow a link to learn more about the programme, where they are requested to pay a small fee for verification.
“Since the beginning of the Russian invasion against Ukraine Poland has been a constant target of the Kremlin’s hybrid actions, including attacks in cyberspace,” the Polish government explained.
“Recently this hostile activity has intensified. This is the consequence of our commitment to help Ukraine but also of the fact that Poland is strongly advocating in the international arena for providing help to Kyiv.”
The Polish government noted that GhostWriter has also attempted to breach email accounts to collect information and has hacked social media accounts to spread propaganda.
Elsewhere, the operators of PyPI (Python Package Index) – the official third-party software repository for the programming language Python – has warned users about potential phishing activity.
PyPI was compromised last year by scammers, who used compromised credentials to send people malware hidden in email attachments that appeared to be a legitimate project update.
In a series of tweets, PyPI explained that developers received a message claiming that there is a mandatory “validation” process being implemented, and invited them to follow a link to complete the process.
The link takes the user to a phishing site mimicking PyPI’s login page, which steals any credentials entered, it said.
“We have additionally determined that some maintainers of legitimate projects have been compromised, and malware published as the latest release for those projects,” PyPI added.
“These releases have been removed from PyPI and the maintainer accounts have been temporarily frozen.”
Finally, HackerNoon has discovered a new SaaS (software as a service) scam affecting Cloud users. The attack uses multiple stages, in which legitimate Cloud services host fraudulent files.
The first stage of the attack contains the pretext of the scam, such as a PDF containing a fake invoice, which is saved on the Cloud and can be downloaded by users.
HackerNoon notes that the scam is harder than most to detect, because it bypasses the security mechanisms that organisations and Cloud service providers implement to mitigate against phishing.
For example, for the scam to work, the document must be accessible to view in the web browser so that a warning doesn’t appear when opening the downloaded file.
How to prevent phishing attacks
You can learn more about these sorts of scams with IT Governance’s Phishing Staff Awareness Training Programme.
This online course uses real-world examples like the ones we’ve discussed here to explain how phishing attacks work, the tactics that cyber criminals use and how you can detect malicious emails.
You and your team will receive the expert guidance you need to detect phishing attacks and respond appropriately, protecting your organisation from a costly data breach.
The course content is updated quarterly to include recent examples of successful attacks and the latest trends that criminals use.