EXECUTIVE SUMMARY
According to the State Service of Special Communication, since February 24, there have been 825 attacks on websites in Ukraine. The intensity of attacks remains high throughout the war — 548 resource hacking attempts were made in the 2nd quarter of the year. 1
The State Service of Special Communication notes that attackers do not use hacking methods that are difficult to track. And about 60-70% of attempted interventions were simple phishing mailings. 90% of all attacks are carried out by military hackers of the russian federation and belarus, whose activities are financed by the authorities. 2 Unlike the hacker groups associated with the Main Directorate of the General Staff of the Ministry of Defense of the russian federation (GRU) – in fact, russian military intelligence, hackers from the Foreign Intelligence Service of russia are believed to operate more covertly. 3
In June 2022, the SSU warned against and neutralized more than 140 cyber incidents and cyber attacks. 4 And in general, since the beginning of the full-scale aggression of the russian federation, the SSU neutralized more than 1.2 thousand cyber incidents and cyber attacks on the information systems of state authorities and critical infrastructure of Ukraine. 5
The operational center for responding to cyber incidents of the State Center for Cyber Protection of the State Service of Special Communication has published a report on the results of the System of Vulnerability Detection and Response to Cyber Incidents in the 2nd quarter of 2022. 6
In total, 19 billion events were processed, collected with the help of means of monitoring, analysis and transmission of telemetric information about cyber incidents and cyber attacks. The number of registered and processed cyber incidents increased to 64.
The main goal of hackers is cyberespionage, disruption of the availability of state information services and even destruction of information systems with the help of wiper programs.
In the 2nd quarter of 2022, a significant increase in the activity of hacker groups regarding the distribution of malicious software was recorded, which includes both data-stealing and data-destructive programs. Compared to the first quarter of 2022, the number of information security (IS) events in the «Malicious software code» category increased by 38%.
Most cyber incidents are related to hacker groups funded by the government of the russian federation. Current hacker groups that attacked the information resources of Ukraine:
In the 2nd quarter of 2022, the main targets of hackers from the russian federation were the Ukrainian mass media, the Government and local authorities. 6
After the start of the criminal aggression against Ukraine, russia significantly increased its hostile cyber activities against the EU countries and the whole world, which creates risks of side effects, misunderstandings and escalation of tension in the global dimension. This is stated in the Declaration of the High Representative of the EU on behalf of all the countries of the European Community, which was published on July 19 on the website of the European Council. 7
One of the main hacktivist groups that «embarrass» russia and its cyber security technologies remains Anonymous. One of Anonymous’s divisions, the MeshSec Turkish Hacktivist Crew, hacked a total of 2,785 russian websites. 8
In its attacks, the international hacker group Anonymous is guided by six main methods 9:
Ukraine in Cyberspace
International Interaction
At this year’s Madrid Summit, the Alliance updated the Comprehensive Assistance Package for Ukraine. In the field of cyber security, NATO will pay attention to building Ukraine’s capabilities, providing the necessary equipment and training personnel, as a result of which Ukraine should acquire the ability to protect its infrastructure from the most modern cyber attacks. 10
The State Service of Special Communication and the Government Office of the Republic of Slovenia for Information Security in the Cyber Defense Sector have signed a Memorandum of Agreemennt. The document will provide an opportunity to join forces for the development and distribution of new technologies that contribute to the introduction of a secure global information space; as well as the development of joint approaches in countering cyber-aggression. 11
The State Service of Special Communications and Information Protection has signed a Memorandum of Agreement on cooperation in the field of cyber security with the Cyber Security and Infrastructure Security Agency of the US Department of Homeland Security (CISA). The USA, together with Ukraine, are the countries against which the largest number of cyber attacks are carried out. Therefore, the exchange of experience and joint efforts in countering cyber-aggression will enable both states to protect their own information resources much more effectively. 12
Financing of the Cyber Sphere
The Government of Ukraine provided UAH 1.2 billion for software updates and other measures to create a safe cyberspace.1
russia in Cyberspace
«Hacker Intentions» of the russians
The KillNet group intends to attack the largest manufacturer of weapons for the United States and NATO, Lockheed Martin Corporation (in particular, the HIMARS MLRS of the American HIMARS MLRS). 13
The Ministry of Digital Affairs of the russian federation is going to legalize white hackers. 14
Cyberspies associated with russia’s foreign intelligence service carry out cyberattacks on NATO member states using cloud services to avoid detection. 3
Weakening of the Cyber Sphere
In russia, the record for the duration of DDoS attacks was updated several times in the second quarter. 15
The Ministry of Digital Affairs of russia is discussing with IT companies the separation of cyber security into a separate branch, since information security, being a part of the IT industry, enables specialized enterprises to take advantage of the benefits provided for the industry. 16
DETECTED ATTACKS
Cyber Attacks on Ukraine
Dos/DDos:
Phishing/malware:
Spreading fakes:
Leakage of the information:
Other:
Cyber Attacks on russia
DDoS
The russian site of the IKEA company has been hacked. 36
The official website of the Ministry of Finance of the russian federation has been hacked. 37
More than 1,550 russian online resources have been attacked by the IT army of Ukraine in the period from June 27 to July 24 38, 39:
Attack statistics from disBalancer (the Liberator DDoS attack tool) for the first five months of the cyber war 40:
Deface and Replace of Information:
Leakage of the Information:
Cyber Attacks in the World
On July 1, 2022, the Department of Justice provided new strategic plan, were ransomware attacks and cybercriminals named as a key objective. In a statement, the department said it intended to beef up its cybersecurity technological capabilities and to more aggressively pursue those who put U.S. government information or assets at risk. The Justice Department aims to improve its ransomware attack response by September 2023 by promising to significantly increase the percentage of reported ransomware incidents from which investigative actions are conducted within 72 hours and by increasing the number of ransomware matters in which seizures or forfeitures are occurring by 10%. The DOJ will also enhance cybersecurity and fight cybercrime through four key strategies: deterring, disrupting, and prosecuting cyber threats; strengthening intergovernmental, international, and private-sector partnerships to fight cybercrime; safeguarding Justice Department data and information; and enhancing cyber resilience within the private sector and other government agencies. 54
A new report released by the State Service of Special Communications and Information Protection of Ukraine claims that while the months leading up to and immediately following the invasion included a flurry of 40 distinct critical cyberattacks, the frequency and volume has risen substantially over the second quarter of the year. 55
The KrebsOnSecurity team provided a deanonymization report on the owner of the RSOCKS proxy botnet. The RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple russian- language cybercrime forums. KrebsOnSecurity has identified its owner as a 35-year-old russian man, was born in Omsk and living abroad who also runs the world’s top spam forum RUSdot. RUSdot is the successor forum to Spamdot, a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years. The actor’s darknet moniker known as Stanx, and real-world identity – Denis Kloster. 56
Due to the latest report of the Digital Shadows team, over 24 billion account usernames and passwords have been exposed by cyber-thread actors, as of this year. That’s a 65 percent increase from 2020. The top 50 most common passwords are incredibly easy-to-guess and simply use the word “password” or a combination of easily remembered numbers. Offline attacks usually produce the best results for cracking passwords; 49 of the top 50 most commonly used passwords could be cracked in less than a second. Adding a special character to a basic ten-character password adds about 90 minutes to that time. Adding two special characters boosts the offline cracking time to around 2 days and 4 hours. 57
Main ways and recommendations to protect companies and institutions the insider threats and mitigate risks of illegal sharing of sensitive information:
The Cyber Digest has been prepared by GC3 analysts based on open source information (OSINT).
Senator business center, 32/2, Dukes of Ostrozhsky, Kyiv
+38 (050) 428 44 68 (Ukraine), +1 (786) 755 8398 (USA)© 2023 GLOBAL CYBER COOPERATIVE CENTER (GC3). All rights reserved