The threat of russian cyberattacks on both Ukrainian systems and European partners remains high, because the concept of russian “hybrid war” involves the use of all types of influence on the country against which russia carries out aggression. Therefore, we must constantly be ready for new attacks by the russians, all the time strengthen our own defense – including in cyberspace.
This was emphasized by the head of the State Service of Special Communications and Information Protection of Ukraine, Brigadier General Yury Shchygol, during a press conference at the Ukraine-Ukrinform Media Center.
The main system that provides cyber protection of state bodies is the System of Protected Access of State Bodies to the “Internet” network (SPAI). Consumers of this system are about 200 state bodies, including bodies of the security and defense sector of the state. SPAI stops and blocks the lion’s share of cyber attacks, including in automatic and semi-automatic mode.
“SPAI, the operation of which is ensured by specialists of the State Service of Special Communications, is one of our reliable shields, which ensures the cyber stability of the state, stops and blocks attempts at interference, DDoS, infection and distribution of Malware, etc. We are talking about thousands of such cyber attacks every day. Every day we repel from 5 to 40 powerful high-level DDoS attacks. In December, we stopped and blocked 395 such attacks. Also, in December alone, the System recorded and informed consumers about 170,000 attempts to exploit vulnerabilities on state information resources that we protect. Cyber defense is our daily work,” Brigadier General said.
In addition, the State Service of Special Communications investigates the most complex cyber incidents in other state bodies and critical infrastructure facilities. This is exactly the kind of work our CERT-UA Government Computer Emergency Response Team is doing. In addition, it also investigates incidents in the private sector – only here it is about 200-300 cyber incidents per day, which are investigated mainly in a semi-automatic mode.
According to the data announced by the head of the State Service of Special Communications, in 2022 the Government Computer Emergency Response Team CERT-UA registered 2,194 such cyber incidents. A quarter of them were directed against the Government and local authorities. Also, the most attacked industries include energy, the security and defense sector, telecom and developers, the financial sector, and logistics.
Annual statistics show that russian terrorists do not distinguish between military and civilian targets in cyberspace, as Yuriy Shchygol noted. The main goal of russian attacks on Ukrainian cyberspace is the destruction of critical information infrastructure, espionage (obtaining intelligence on logistics, weapons, plans and operations of the Security and Defense Forces), as well as informational and psychological operations and disinformation aimed at undermining confidence in the capabilities of state authorities, security and defense forces, the spread of panic among the population.
Traditionally, the most common practice used by russian military hackers in Ukraine is to distribute malware that steals credentials or destroys information systems. Such attacks make up more than a quarter of all and can be a component of more complex and powerful operations. To prepare such attacks, hackers exploit public trust in the security and defense sector and disguise themselves using themes related to the protection of life and health of citizens and critical infrastructure.1
The IT Army of Ukraine attacked:
Senator business center, 32/2, Dukes of Ostrozhsky, Kyiv+38 (050) 428 44 68 (Ukraine), +1 (786) 755 8398 (USA)
© 2023 GLOBAL CYBER COOPERATIVE CENTER (GC3). All rights reserved