For several years now, Ukraine has joined the global initiative to draw attention to cyber security and from October 1 to 31 holds the «Cyber Security Month».
This year, this event is particularly important: russia has unleashed a full-scale bloody war against Ukraine and is trying to destroy us not only with tanks, shells, and missiles, but also by attacking in cyberspace. 1
«The illegal and brutal aggression committed by the russian federation has radically changed the situation in Ukraine … the reality is that the russian federation has turned even a connection into a weapon that should work in the interests of welfare and development», – with such a statement Yury Shchygol, the Head of the State Service of Special Communications spoke at the Conference of the International Telecommunication Union (ITU). 2
State institutions, critical infrastructure facilities, the military, and the civilian population are under the «sight» of hostile hackers. 1 Every Ukrainian can become a target, a window through which hackers will get into the information system of a state body or company whose activities are critical for millions of people. Therefore, it is everyone’s duty to follow the rules and recommendations on cyber security developed by the state. 3
Since the beginning of the year, the government computer emergency response team CERT-UA, which belongs to the State Service of Special Communications of Ukraine, has registered more than 1,700 cyberattacks. 3 Despite numerous cyberattacks on critical information infrastructure, russian hackers failed to achieve any strategic goals. 4
Immediately after the start of the war, the domestic cyber community went into an active counteroffensive on the cyber front and forces the enemy to spend serious resources on its defense. 5
Thanks to close cooperation between the EU and other international partners in the field of cyber security and cyber defense, Ukraine has demonstrated a remarkable ability to resist cyber attacks and protect its critical infrastructure. 6
The country’s cyber resilience is the result of the joint work of all sectors of society. Its key component is the involvement of the Government, public organizations, academia, the private sector, and society in general in this process. Oleksandr Potiy, the deputy head of the State Service of Special Communications of Ukraine, said this at the conference «Building the Resilience of Society by Increasing Public Awareness of Cyber Threats and Increasing the Role of Cyber Education» in the Polish representative office of the OSCE in the city of Lodz. 7
At the international conference «Formation of Cyber Security», Oleksandr Potii noted that the current decrease in attacks from the russian side can be explained by the “period of preparation” for future ones. 8
«We are 100% sure that even after the end of the war, the number of cyber attacks will increase exponentially. After all, we live in a new world, when they may not drop bombs, but they will hack critical infrastructures, so the private sector should help the state,» – cyber security expert, co-founder and CEO of Cyber Unit Technologies Yehor Aushev. 9
According to Oleksandr Potiy, several important lessons can be learned from this cyber war:
UKRAINE IN CYBER SPACE
Development of the Cyber Sphere
Prevention of Cyber Attacks
RUSSIA IN CYBER SPACE
Problems of the Cyber Sphere
Attempts to Increase Cyber Resilience
«Hacker intentions» of the russians
Cyber Attacks on Ukraine
Cyber Attacks on russia
The IT Army of Ukraine attacked:
Cyber Attacks in the World
Pro-russian hacktivist groups started targeting Ukraine supporters, likely with support from the Kremlin. They have been targeting a wide swath of industries and sectors, including aviation, energy, financial, government and public safety, technology, media and telecommunications sectors. In July and August 2022, numerous hacktivist groups accelerated their nefarious activities. The most impactful Ukrainian-specific incidents detected by Intel 471 were conducted by major pro-Russian hacktivist groups:
Due to the very nature of state-sponsored cyber attacks, there is limited conclusive evidence that the Kremlin is directing or supporting the aforementioned hacktivism. The Kremlin distances itself from any malign activity so as not to risk breaching NATOs Collective Defence treaty, Article 5.
More than $2 billion in digital currency has been stolen in hacks this year according to the crypto tracking firm Chainalysis, putting the overall industry on a pace for its worst year of hacking losses and shaking faith in the experimental field of decentralized finance, known as DeFi.
Many of the thefts have stemmed from flaws in the computer programs — known as “smart contracts” — that power DeFi.
The White House
The White House intends to kickstart the development of the label to inform consumers which IoT devices meet adhere to the «highest cybersecurity» standards and, in turn, are more resilient to hacking attempts. Among the first devices to be labeled are technologies considered to be most at risk by the White House, such as routers and home cameras.
Cyber Police of Ukraine
The cyber police in cooperation with foreign partners (Europol, the «No More Ransom» project and the «BitDefender» company) created a special web platform – www.nomoreransom.org – to help companies affected by hacker attacks with information encryption carried out by a transnational criminal group, which was revealed at the end of last year. Based on the results of the analysis of the seized media, numerous private keys from ransomware attacks were obtained. These keys enable the affected companies and institutions to restore previously encrypted data.
The average company with data in the cloud has 157 000 sensitive records exposed to everyone on the internet by SaaS apps sharing features, representing $28 million in data-breach risk, according to a new report «The Great SaaS Data Exposure» by Varonis. The study highlights how hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous amount of cloud data exposed to insider threats and cyberattacks. For the report, researchers at Varonis analyzed nearly 10 billion cloud objects (more than 15 petabytes of data) across a random sample of data risk assessments performed at more than 700 companies worldwide.
Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. «This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns,» Mandiant said in a new report.
Global Сyber Сooperative Сenter (GC) continues working with companies, law enforcement and research organizations to neutralize cyber crime.
Senator business center, 32/2, Dukes of Ostrozhsky, Kyiv+38 (050) 428 44 68 (Ukraine), +1 (786) 755 8398 (USA)
© 2022 GLOBAL CYBER COOPERATIVE CENTER (GC3). All rights reserved