Yesterday evening, and for the second time this year, Prime Minister M. Morawiecki on the decree to introduce ALFA-CRP alert level 1 across the country. It will be valid until the end of the month. The reason for the announcement, as in January (it lasted from January 18 to 23), is the events in Ukraine. On Tuesday, DDoS attacks shut down the website of Ukraine’s Defense Ministry and Armed Forces, and the websites and services of two major Ukrainian banks – Privatbank and Ošchadbank.

“Hacker attacks on public institutions have been gaining momentum for several years now. To date, the vast majority of them have had only a typical criminal dimension – data theft, extortion and ransomware. It is undeniable that yesterday was in turn linked to the heightened political tension between Ukraine and Russia. The question arises. Immediately whether Polish enterprises are in danger. This is unfortunately not in the question. I think that entrepreneurs also cannot sleep peacefully. Attackers of government systems can use them as a gateway to further actions and infecting businesses” – says Patrija Tatara, cybersecurity expert at Sprint SA

Check also:

How attacks on public institutions threaten companies? Cybercriminals use different techniques depending on the goal they want to achieve:

DDoS – This type of malicious activity was decided by hackers who attacked Ukrainian institutions yesterday. This method is designed to block the operation of systems, sites, and applications. To do this, criminals direct redundant traffic towards their targets, which overloads the links, causing the system to shutdown. Many institutions, including commercial ones, may fall victim to a large-scale attack, as evidenced by the example of Ukraine, which also affected two banks.

Phishing – it is an increasingly used method, a method of stealing sensitive data, including logging into the most important systems, incl. Financial issues. The criminals pretend to be an institution or person that the victims can identify and send them a malicious link from which they can “minor” the data of interest to them. How would it look like in an attack on public institutions? After entering government systems or local government administration, they can use its infrastructure to send false messages to organizations to steal their data. Usually this is email, but they can also use text messages (the so-called SMS) or phone calls (phishing).

Ransomware – Like in the case of phishing, criminals can manipulate the public organization’s system to send links or malware to entrepreneurs. But the goal in this case is not to steal data, but rather to block the devices and systems used by the victims. Then the hackers send them a ransom note.

SQL injection – is malicious code that disrupts user identification on websites and web applications. Thanks to this, criminals gain access to the databases and can freely manipulate them. For example, they can attack a trusted profile login system in this way.

As the Sprint SA expert points out, the largest organizations and companies are most at risk in the event of an attack on public institutions, but we must not forget that hackers also depend on the number of victims, not the quality. Therefore, the SME sector is of interest to them. What entrepreneurs can do to reduce the effects of such attacks is first and foremost to take care of appropriate security software and measures, including encrypting links or using external firewalls. Sometimes hackers give up on the attack, because they face strong security while trying to access the infrastructure.