During the six months of the war, the Government Computer Emergency Response Team of Ukraine CERT-UA, which operates under the State Service of Special Communications, registered 1,123 cyberattacks. Most often, cybercriminals attacked the Government and local authorities. Also among the main targets are commercial and financial institutions, bodies of the security and defense sector, enterprises of the energy sector, transport industry, and telecom – all infrastructure that works for the livelihood of the population. 1
The Cybersecurity Center reports that the enemy continues disinformation campaigns through its groups, and the last month or a half has increased activity on the cyber front. Now one of their priorities is to reach the regional level: administrations, institutions outside of Kyiv, and more precise planning of operations to penetrate critical sectors. 2
During a briefing on August 10 at the Ukraine Media Center, Deputy Head of the National Police, Chief of the Criminal Police Mykhailo Kuznetsov said that since the beginning of the full-scale invasion of the russian federation, the Ukrainian cyber police, together with other law enforcement agencies, repelled and eliminated the consequences of 83 hostile cyber attacks, and also warned of more than 300 cyber attacks, which were at the stage of preparation.
In addition, according to the official, since the beginning of martial law, the cyber police have conducted more than 950 searches.
Cyber police officers also identified more than 1,700 servicemen of the russian federation, who are involved in the commission of war crimes on the territory of Ukraine, and identified more than 850 propagandists of the «russian world». During the full-scale invasion of the russian federation, the cyber police identified 50 collaborators, 44 of whom have already been notified of suspicion, Kuznetsov added. 3
The independence and freedom of Ukraine do not give rest to the russian invaders. The enemy becomes more active on significant government dates. Therefore, it was expected that the attacks by the occupiers would intensify on the eve and on the day of the celebration of the most important national holiday for Ukrainians – Independence Day. In the sphere of increased danger are civil servants, military personnel, and workers of critical infrastructure, who can become an access point to the information systems of the state. 4
Ukraine in Cyberspace
Financing and Development of the Cyber Sphere
Prevention of Cyber Attacks
russia in Cyberspace
The Weakness of the Cyber Sphere
«Hacker Intentions»of the russians
Cyber Attacks on Ukraine
Cyber Attacks on russia
Deface and Replace Information:
– Pension Fund of the russian federation. 41
– Post of russia. 42
– Platform for video communication and remote work – TrueConf. 43, 44
– Cabinet of the central bank of the mythical «dnr». 45
– Russian video conferencing products 46 and propaganda resources. 47
– Party «jUST rUSSIA – pATRIOTS – fOR tHE tRUTH». 48
– Bank services (in particular unistream.ru, koronapay.com, yoomoney.ru). 49, 50
– Job search site SuperJob. 51
– Big rosmedia (in particular ТАСС). 52
Cyber Attacks in the World
Сriminal groups are increasingly defrauding investors with their fraudulent crypto applications. They are reaching out directly to U.S.-based investors in cryptocurrency, claiming to offer legitimate cryptocurrency investment services, and convincing to download fraudulent mobile apps. The FBI identified 244 victims who lost a total of $42.7 million in recent months through these scams. Сybercriminals are taking advantage of the recent trend of innovative financial institutions offering mobile apps to enhance user experience and increase legitimate investment. They use the names, logos, and other identifying information of legitimate USBUSs.
Crypto scams «are more pervasive than ever», according to a report by fraud prevention company Sift. Nearly three-quarters (73%) of the consumers said they see misleading content on at least a weekly basis, and two-thirds (65%) said that they see social networks as the «most dangerous» source of false information. Сrypto exchanges alone had seen a 140% uptick in «abuse» over the first quarter of this year. 53
The U.S. Department of Justice seized about $500,000 from state-sponsored North Korean hackers who use Maui ransomware in their attacks. The seized cryptocurrency was returned to two healthcare providers who paid ransom demands to the group after falling victim to earlier cyberattacks.
DoJ and FBI leaders attribute the identification and funds’ seizure to the providers’ cooperation with law enforcement, which enabled the investigators to trace the cryptocurrency back to money launderers based in China. 54
Microsoft reported that roughly 10,000 businesses were attacked in a months-long adversary-in-the-middle (AiTM) campaign that raked in estimated millions in financial fraud. A large-scale phishing campaign that used AiTM (which is estimated to trace back at least as far as September 2021) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets.
BEC scams caused more than $43 billion in global financial losses in more than 241,000 incidents between June 2016 and December 2021, based on financial institution filings reported to the FBI’s Internet Crime Complaint Center (IC3) unit. There was a 65% jump in identified global financial losses due to BEC scams between July 2019 and December 2021. 55
Europol, the European Union law enforcement agency, announced the figures, according to which, in the last six years (within the No More Ransom project), European cops have helped around 1.5 million people and organizations decrypt files that were locked by hackers with ransomware, saving around $1.5 billion.
As of today, The No More Ransom project offers 136 free decryption tools for 165 ransomware variants, including Gandcrab, REvil, and Maze, according to Europol. 56
T-Mobile has agreed to pay a $500 million settlement for «one of the largest and most consequential data breaches in US history». $350 million will go to the settlement fund and at least $150 million will go toward enhancing its data security measures through 2023.
Check Point Software’s mid-year security report reveals 42% global increase in cyber attacks with ransomware the number one threat. This year, ransomware actors have stepped up to nation-state level, targeting the entire country. The huge potential for financial gain means that ransomware is going to be around for a long time and will only get worse.
The 2022 year started with the continued fallout of Log4j, one of the most serious zero-day vulnerabilities. One of the most era-defining moments of 2022 has been the ongoing russia-Ukraine war. Its impact on the cyber landscape has been unprecedented: cyberattacks entrenched as a state-level weapon.
Top CPR predictions for the second half of the year:
– Ransomware’s fragmented ecosystem;
– More diverse email infection chains;
– Hacktivism will continue to evolve;
– Continued attacks on blockchain and crypto platforms and the first attacks in the Metaverse. 58
The Cyber Digest has been prepared by GC3 analysts based on open source information (OSINT).
Global Сyber Сooperative Сenter (GC) continues working with companies, law enforcement and research organizations to neutralize cyber crime.
Senator business center, 32/2, Dukes of Ostrozhsky, Kyiv+38 (050) 428 44 68 (Ukraine), +1 (786) 755 8398 (USA)
© 2023 GLOBAL CYBER COOPERATIVE CENTER (GC3). All rights reserved