In a June advisory, a collaborative effort between Canada, the United States, Estonia, Japan, Finland, and the United Kingdom, cyber security agencies unite to share new details about the ways and means foreign threat actors use for cyber attacks on civil society targets. The high-risk community of civil society organizations and individuals is defined in the report as nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalists, dissidents, and diaspora organizations, communities, and individuals involved in defending human rights and advancing democracy.
According to industry reports shared in the advisory, state-sponsored targeting of these organizations and individuals comes predominantly from the governments of Russia, China, Iran, and North Korea. Those same industry reports highlight the growing and real cyber security threat to civil society, which they describe as high-risk because:
- Civil society organizations and their staff have a high threat of being targeted by malicious cyber attacks – and are known targets — of state-sponsored cyber actors seeking to undermine democratic values and
- Civil society organizations, despite their vital role in society, often lack the resources and infrastructure to defend themselves against these threats effectively. This vulnerability, coupled with the public nature of their work, makes them particularly susceptible to cyber-attacks.
The San Francisco-based Cloudflare has observed that malicious cyber activity against civil society organizations is “generally increasing.” In Quarter 2 of 2023, NPOs were targeted more than any other industry when looking at malicious traffic to NPO websites as a proportion of total traffic. In Quarter 3 of 2023, NPOs and independent media organizations placed second behind the metals and mining industry, with 17.14% of all traffic to NPOs representing distributed denial-of-service (DDoS) attacks. Similarly, the European Union Agency for Cybersecurity (ENISA) found that targeted individuals within civil society were the second most-targeted sector globally between July 2022 and June 2023.
The tactics employed by these threat actors are not only personalized but also highly sophisticated. They invest significant time and resources into researching each target, setting up trojan-style, fake apps and online app stores housing malicious software. This level of sophistication allows them to access targets’ personal accounts and devices, and even remotely take over a user’s device.
Keep your social media security top-notch by remaining vigilant against online fraud and prioritizing account privacy. Dive into cyber consumer concerns and master protection practices with our interactive mobile app, FRAUDSTER.
Protect yourself from scams with the FRAUDSTER app. It offers real-time scam alerts, educational resources, and interactive training modules to keep you ahead of fraudsters. Available on both Apple and Android devices, it’s your ultimate tool for online security. Explore more at www.FraudsterApp.com. Already using FraudsterApp? Enhance your self-protection skills with just a tap on the training icon.