For upwards of a decade, cyberattacks and general risks to online security have been originating from Russia — all increasing in both frequency and obviousness in their association with the Russian government. Now, with Russia’s invasion of Ukraine, the Kremlin’s cyberwarfare efforts have explicitly boiled over into physical warfare.
Continue reading “The State of Russian Ties in UC&C”
Phishing and Further Forms of Fraud: How to Stay Safe from Online Scams
Despite all that, however, cyberattackers still lurk online, eager to make good on any combination of trust, fear or just outright ignorance. Often, these bad agents are successful not because they directly penetrate system security but because they can pull off one frighteningly common hoax.
Continue reading “Phishing and Further Forms of Fraud: How to Stay Safe from Online Scams”
Russian Cyberattacks: The Most Secretive Security Risks, Uncovered
Today, the arms race has shifted from better ways of creating ever-more-dangerous bombs to better ways of bypassing digital security. Much like the nuclear focus from before, however, one of the main adversaries in this ring is Russia, whose efforts to infiltrate digital databases have extended everywhere from political organizations to power plants — all the while proving as effective as they are elusive.
Still, government intelligence from around the world has been able to track and identify many of these Russia-originating threats. In the process, these agencies have uncovered both the identities of these groups and their most common methodologies for cyberattacks.
Now that Russia has made physical incursions on the world, it can’t be understated how vital it is for digital communications experts to understand how these groups operate. To keep yourself safe, it’s all the more important you know what threats are out there.
Snake
One of the foremost figures in the Russia-based digital rogue’s gallery, Snake is a hacking collective believed to have been in operation since 2004. The association is considered by Germany’s Federal Office for the Protection of the Constitution (BfV) to be “the Holy Grail of espionage” and is given the highest possible ranking on the Advanced Persistent Threat (APT) index.
The first known attack by Snake was conducted in December 2017, when malware infecting the German Foreign Ministry began commanding their computers to contact spoofed websites. This allowed Snake to collect data from the ministry’s servers and access classified documentation.
Fortunately for investigators, however, the cyberattackers left two usernames in the hacked databases: “Vlad” and “Urik,” which despite their vagueness, proved to be enough of a lead to trace the attacks back to the Russian company Center-Inform. Since Center-Inform has known ties to Russia’s Federal Security Service (FSB), intelligence communities around the world have largely concluded that Snake operates as a Russian state-sponsored cyberattack group.
Both the German BfV and the Canadian signals intelligence agency CSE describe the malware created by Snake as “genius” in design. This praise mainly speaks to how effective the malware is at conducting actual cyberattacks: once it’s infected a computer, it takes very little effort or expertise for a hacker to use it for illicit data collection.
Of course, that’s only the case if devices get infected at all — but as other examples show, that initial infection doesn’t always come from a forced entry into systems.
Fancy Bear
If you paid much attention to American politics circa 2016, this name may already be familiar to you. Fancy Bear, also known as APT28 or Sofacy, exploded into the mainstream after being linked to the cyberattacks conducted on the Hillary Clinton presidential campaign, the Democratic National Committee and the Democratic Congressional Campaign Committee in 2016. However, the group is believed to be responsible for other attacks between 2014 and 2018 on high-profile entities, including the World Anti-Doping Agency, the Organization for the Prohibition of Chemical Weapons and the Spiez Swiss Chemicals Laboratory.
Fancy Bear’s targets aren’t limited to the United States and western Europe — or even to organizations. Other notable victims of the group’s cyberattacks include journalists from Russia, Ukraine and Moldova who wrote critically about Vladimir Putin. Between 2014 and 2016, amid Russian incursions on Ukraine and Crimea, cyberattacks associated with Fancy Bear even hit Ukrainian artillery units and rendered them inoperative.
The targets of Fancy Bear being largely those within Russian state interests, it’s easy to assume they’re associated with the Kremlin. But more definitively, investigations carried out by the cybersecurity firm CrowdStrike, the UK’s Foreign and Commonwealth Office and the US Special Counsel have linked Fancy Bear to the Russian government and Russia’s GRU intelligence agency.
What makes Fancy Bear stand out among cyberattackers is its methodology. The group typically obtains its data not through forced infiltration but through social engineering: It creates websites that deceive users into inputting confidential data, and many of its campaigns have been the result of phony communications that trick recipients into providing login credentials (known as “phishing” or, in the case of targeting one important person or account, “spear phishing”). Once targets click on these websites or input their credentials, Fancy Bear will infect a device with software that illicitly collects data from the device itself and the adjoining network.
Fancy Bear is quite effective at what it does, even capable of carrying out multiple hacking campaigns simultaneously. However, it’s far from the only Russia-associated group to use such techniques.
Cozy Bear
Another Russia-linked entity known to make heavy use of phishing is Cozy Bear, also called APT29 or The Dukes. In operation since at least 2008, Cozy Bear is believed to be associated with Russia’s Foreign Intelligence Service (SVR) and targets government networks throughout Europe, especially NATO member nations. Other targets of the group include think tanks and, reportedly, the Democratic National Committee in the United States.
Cozy Bear’s most impactful cyberattack came in 2020 with the massive SolarWinds data breach. SolarWinds, a technology firm in the United States, was covertly infiltrated by Cozy Bear affiliates to plant data-gathering malware in the company’s main system. This hack soon spread to thousands more victims as SolarWinds unknowingly distributed the altered code via a patch update — passing the exploit onto major customers, including Microsoft, Intel and the US Department of Defense.
Like Fancy Bear, Cozy Bear uses spear-phishing as its primary means of entering systems, with enormous campaigns attempting to solicit credentials from major figures in target organizations. The group is known for dogged persistence in these efforts as well and will typically launch fresh efforts against established targets if access is shut off.
Sandworm
While this group is often known by its Dune-referencing name, it’s also called Voodoo Bear in some circles (apparently, someone in cybersecurity quite enjoys an ursine naming convention). But whatever name the group is given, Sandworm ranks among the most infamous of Russia-linked cyberattackers.
Reportedly associated with GRU, the group carried out the single most extensive cyberattack in history with its NotPetya malware attacks, which in 2017 simultaneously hit France, Germany, Italy, Poland, the UK, the United States and especially Ukraine, costing the victims a combined $10 billion in damages.
In more recent efforts, Sandworm has developed malware called Cyclops Blink, which malicious agents have placed on network devices produced by the IT security vendor Watchguard. According to US intelligence agencies, Cyclops Blink is likely a successor to Sandworm’s own VPNFilter program; years earlier, VPNFilter infected network routers and spread to half a million machines, turning them into a global botnet controlled by Sandworm and, by extension, the GRU.
But, what was the ultimate goal of VPNFilter? Or, for that matter, of Cyclops Blink? Concerningly, we don’t actually know. As likely as it is that Sandworm has installed this malware for surveillance purposes, it’s just as possible that they’re setting up a digital infrastructure for covert Russia-originating communications. Similarly, the reason could be to lay the groundwork for a massive disruption of affected networks — it’s worth remembering, after all, that Sandworm was able to take down significant parts of Ukraine’s electrical grid in 2015.
The good news is, in the case of Cyclops Blink, Watchguard successfully patched the vulnerability Sandworm used for entry, and users can wipe the malware by clearing their machines and reinstalling the software. However, the example still illustrates that personal hardware can be made into unwitting tools for cyberattacks.
Best Practices & Lessons Learned
As shadowy and unstoppable as all of these groups want to be seen as, the fact remains that none of their methodologies are a guaranteed means of entry. Even when skilled cyberattackers lurk online, a combination of best security practices and smartly designed software is bound to keep you safe.
Chief among these best practices is to be educated against phishing attempts. This means not clicking suspicious links, not responding to spam emails and never replying to messages with your login credentials or account recovery info. Just by steering clear of shady websites and files, you’ll be keeping yourself fairly safe, but you should also consider further securing any important accounts with two-factor authentication or single sign-on.
In terms of system infrastructure, moving from on-premises hardware to the cloud will also offer significantly improved online protection. Consider how often cyberattackers have used malware and exploits in hardware to carry out their efforts: when a system moves to the cloud, this risk is largely mitigated, both because vulnerabilities are patched as soon as the associated hotfix is deployed and because there’s no longer any traditional “hardware” to infect.
More broadly speaking, of course, it still pays to be using a system that itself utilizes smart security protocols. As far as digital communications are concerned, Wildix distinguishes itself with a structure that’s fully secure by design thanks to a combination of technologies that protect users from infiltration and eavesdropping without VPNs, SBCs or other add-ons. You can read more about Wildix’s security practices in our free white paper.
However you choose to operate, doing so in full security has never been more crucial. As Russia encroaches on Ukraine, they’re likely to relaunch cyberattacks with renewed force — likely roping foreign hardware into their efforts in the process. If you’re looking for some way to work against these war efforts, it truly can start with understanding Russia’s most common methods of cyberattack and keeping your devices safe against them.
For more tips on cybersecurity and digital safety, subscribe to receive our magazine for free!
Women in Tech: Claire Baker, Chalvington Group
We’re talking today with Claire Baker, managing director of the Chalvington Group. The company had its origins in the company her father, Melvyn Baker, set up in the ‘80s, and he’d go on to create a telecommunications arm called Chalvington Communications to better serve a wider range of customers with the emerging technology of the early 2000s. Claire joined her father after she completed her BA in Business Studies at the University of North London, and after the various companies merged in 2012, she became the managing director. The company currently has 1,500 clients in the UK, generating £3.8 million in turnover as of 2020 and is a key partner with Wildix in the UK.
You’ve been immersed in the world of communications tech for well over 20 years. What are the key changes you’ve seen since the 2000s?
Claire: The most notable changes are in connectivity and cloud-based solutions. ISDN2/analogue technologies became extremely stale, and the industry was in need of some va-va voom. I feel the investment that has been made in connectivity infrastructure has given telecoms a new lease of life. Don’t get me wrong — VoIP has obviously been available for years but only in areas where you can ensure decent connectivity, which were, until quite recently, few and far between
The explosive growth of the internet created new opportunities, but they also involved new risks, particularly as companies struggled to predict which emerging technologies would thrive and which would fall by the wayside. How did you mitigate those risks, and what long-term strategies do you use to ensure your services are likely to remain relevant?
I’m lucky to have a really good team of IT and telecoms engineers around me who live and breathe new tech. Like any other business, we made some poor choices early on and learnt from those mistakes. Our process is to select a number of manufacturers, put the equipment or software through its paces, create a top three based on what we know would be important to our customers and then these are presented to the relevant managers and directors to make the ultimate decision. This formula has been tried and tested over the years.
There’s been a big push within tech, in general, to include more women in more senior positions. What challenges does the industry have regarding that, and how could they be solved?
Men sometimes believe women aren’t technical. Naturally, there are technical situations that I wouldn’t be familiar with at a grassroots level, but that’s why I have a trusted team around me, some of whom have worked with my father for the best part of 20 years. However, I have always been a firm believer that you don’t necessarily need to know how to do the job to be a good leader — but you need to be able to get work done through others.
Everyone comes into a new business with expectations, and some turn out to be accurate and some less so. What expectations did you have when you became a managing director, and how accurate were those expectations?
What I can say is to be successful, a managing director should be able to manage and advance a business’s strategic objectives and be the face of the business. However, within a small to medium-sized enterprise this, in real life, is far from what takes up most of my time. I find I wear multiple hats, which isn’t necessarily what someone would maybe expect from an MD.
My main focus is on the oversight of the company’s high-level operational and customer-facing problems. We only thrive if we’re competent and able to keep our customers through the service we provide. Processing efficiency and reviewing our operating systems is another, together with the training and development of my senior management team to deliver the company’s values.
How the Great POTS, ISDN and PSTN Switch-Off Will Affect Your PBX
Copper cable is out, which has major ramifications for many businesses that rely on analog or digital PBX phone systems. Unfortunately, small businesses often aren’t aware that their current PBX infrastructure is fundamentally incompatible with the upgrade to fiber caused by the great POTS and PSTN switch-off.
The POTS and PSTN Switch-Off Problem
Major telephone infrastructure providers such as Openreach in the UK, Verizon in the United States and TIM in Italy already use optical fiber technologies rather than analog copper cable as a core part of their networks. However, a lot of the old-style copper cable remains in the last mile. This creates a major bottleneck when it comes to providing ultra-fast services to the consumer: Copper cable is slow and obsolete — hence the POTS and PSTN switch-off.
However, copper cables are powered, and fiber-optic cables are not. This is partly where the problem lies with old-school PBX telephone systems.
PBX: An Infrastructure Problem
A PBX is a private branch exchange. This essentially allows users to share a number of external phone lines through the use of extensions. The PBX routes an incoming number to a main switchboard, where it can be answered, or if an extension number is inputted, it can route it to the right person directly.
On-premises PBX phone systems are usually built into the fabric of a building, with many buildings of the ‘80s, ‘90s and early 2000s having extensive cabling run throughout the walls to facilitate this. These systems were a useful solution for the time, and they went from requiring a manual operator to having automated systems.
But there are several major issues with these systems: They work with copper cabling, and they have a limited feature set. Sure, you can forward calls, queue and put people on hold. But it’s not easy to integrate other systems into the PBX, such as instant messaging or video calling. Even worse, simply moving to a digital ISDN telephone system won’t work; that’s being discontinued too.
Moving to IP: PBX Upgrades
It may be possible to get your current analog PBX to accept an IP input, and there’s a wide range of options to do so. However, as many technology enthusiasts know, as products reach end of life, the equipment to maintain them becomes much more expensive, and replacements are equally as pricey.
Those who remember the analog TV switch-offs of the 2000s and early 2010s may remember that they could get adaptors for their old analog TVs, but these are now notoriously unreliable. Worse, those TVs are unable to accept the full feature set available. The accepted solution now is to go digital.
The same applies to analog PBX telephone systems. Cable upgrades, repairs and overall maintenance costs will only get higher compared to a digital system. Even worse, a physical system means it’s harder to route a call to someone who’s not at their desk without another layer of switching.
Who Should Consider a PBX Signal Converter?
Businesses that have lots of phones and no real need for enhanced connectivity may wish to consider a converter. This might include:
- Hotels with in-room phones
- B&Bs
- Motels
- Businesses with only one phone attached to their PBX
The last use case typically refers to businesses where a PBX system was installed many years ago but they now primarily use mobile devices to conduct business. However, even then, they may wish to consider an upgrade, thinking about how a unified approach to communication may benefit their business. And the hospitality industry can definitely benefit from the wider range of services offered by a cloud-based PBX and its associated unified systems.
On-Premises PBX vs. Cloud PBX
The two main challengers to analog PBX telephone systems are on-premises IP PBX systems and cloud-based PBX telephone systems. These use the same essential internet technology but in different ways:
- On-premises PBX: Major capital expenditure but that’s offset partly by lower operating costs. It typically requires a dedicated team of IT support staff to maintain.
- Cloud-based PBX: Third-party solution, often with limited capital expenditure and slightly higher operating costs. Maintenance is done by the third party, and unified systems can easily be included along with potentially unlimited scalability.
Larger businesses that already have dedicated PBX systems often prefer the on-premises solution, although it can be difficult to quickly expand if they’re moving to new offices. Setup can be tricky as well. For agile large businesses that need flexibility, a cloud-based solution often works better than an in-house system, especially as their workforce becomes more distributed due to remote working.
Smaller businesses usually find that cloud-based PBX solutions are more in line with their budgets and their existing IT commitment, letting them leave most of the work to the third party.
When Are Copper Networks Shutting Down?
As with any technology rollout, there’s a range of dates across different countries. Plans also vary depending on how the incumbent or dominant telephone provider plans to switch over to fiber, and there are substantial commercial and logistical hurdles to doing so.
-
- United States: On-going, with different companies operating at vastly different speeds
- United Kingdom: Full PSTN switch-off by December 2025
- Italy: 65% shutoff by 2023 but doubts remain about full copper switch-off
- France: Switch-off by 2030 with local switch-offs occurring from 2021.
- Spain: Full copper switch-off by 2025
Ultimately, as copper networks continue to be switched off across the globe, company PBX systems will need to be upgraded. And cloud solutions such as Wildix can be rapidly deployed across thousands of systems in a few easy steps.