Liberia: Russia Cyber Attacks A Global Warning!

Published at: 02/26/2022 - 15:00 / Updated at: 02/26/2022 - 15:01
N
Article by Jimmy N Nyanwapolu

.... Editor note: The views expressed in this article are the author’s own and do not necessarily reflect Daily Observer's editorial stance.

. Daniel E. Browne

I find it critical, urgent and necessary to write and publish this article due to the recent distributed denial of service (DDOS) Cyber Attacks by Russia on Ukraine and as Liberians how we can protect our own financial institutions.

First let’s define what a Cyber Attack is. A Cyber Attack can be described in computer or simplistic terms as when a perpetrator or user uses a computer to attack another computer, usually a server, website or Router via the Internet. The attacking computer is the culprit and the attacked computer, Server, Website or Router is the victim. The user that initiates the attack is called a hacker who, when captured, will usually be imprisoned or subjected to huge fines.

Why do we see a rise in Cyber Attacks especially from Russia? These attacks are usually not for bragging rights but geared towards reciprocity on countries for the economic sanctions and hardship imposed by the US and the United Nations. These Cyber Attacks come at a price to paralyze a country's Banks, military operations or institutions. 

Let’s go back to the recent DDOS Cyber Attack on Ukraine by Russia few weeks ago – This attack, while it does not steal any data at all, is a distributed denial of Internet use or service geared towards flooding the Intended websites on the internet with so much request exponentially, that renders the servers unable to respond to the valid request of customers, hence, bringing the intended website to a halt. As we saw, Banks and military operations in Ukraine were affected a few weeks ago and I suspect there might be more, i.e SQL injections etc.

A DDOS attack is a malicious program written by a hacker and released to the internet sending data requests to internet-connected computers that will redirect these requests to other computers exponentially to a targeted website or IP address. 

A DDOS Cyber Attack is synonymous to a thousand persons trying to pass at the same time through a small door where a security mechanism is in place to validate and approve passage or entry. This will cause a huge bottleneck and the system will fail.

Note: An SQl Injection Cyber Attack has far more crippling and disastrous effects to any county, banks, or institutions. This is a far step above the DDOS attack as SQL injections have to do with actual Data being stolen and manipulated.

Most often the individual or hacker responsible will be difficult to locate and apprehend. This is mainly due in part to the rapid deployment of the internet worldwide use and implementation over the years which makes an IP trace near to impossible, as the malicious program could have been released to the internet from any source, for example, a public library, café, private home, resort, etc.

What’s important is how can countries’ banks and institutions mitigate these Cyber Attacks:

  1. Mask Website External IP address -  make non broadcast able
  2. Mask Perimeter Router's IP Address – make non broadcast able
  3. Firewall your SQL Servers or DB servers  - Help Block SQL Injections
  4. Keep up to date Patch OS for Microsoft Servers 
  5. Harden the Operating System for all Websites Servers on Internet
  6. Implement and constantly review Security Audit trails
  7. Regularly Change and implement special characters in passwords for Websites and Routers 
  8. Use Policy that will enforce passwords length
  9. Banks and Military Security institutions Implement Mandatory leave for IT Security personnel 
  10. Ensure high level AES 128 or 256 bit Encryption on all Remote Access connections
  11. Install intrusion detection systems
  12. Implement Sandboxing Whitelist and Blacklist IP addresses
  13. Implement a Cyber Security Program 

The Author:

Daniel E. Browne, MSEM, CNE, MCSE, PKI, CISSP is the CEO of Global Computer Communications Inc, a Liberian owned Information Technology firm. He is the son of the Late Archbishop George D. Browne of the Episcopal Church in Liberia. He has over 35 years of Information Technology experience in IT Infrastructure and Cyber Security. He holds a CISSP Certification and is also a member of ISACA, an international professional association in the USA focused on IT governance. He can be reached via phone: 0555874227.