Since the Beginning of the War, Cyber Police Have Repelled 83 Enemy Attacks
Since the beginning of the full-scale invasion of the russian federation, Ukrainian cyber police officers have repelled 83 enemy cyberattacks and warned another 300.
This was announced by Deputy Head of the National Police – Chief of the Criminal Police Mykhailo Kuznetsov during a briefing at the Media Center Ukraine – Ukrinform.
“Together with other law enforcement agencies, the consequences of 83 hostile cyberattacks were repelled and eliminated, and more than 300 cyberattacks that were in the preparation stage were also prevented,” he said.
In addition, according to the official, since the beginning of martial law, the cyber police have conducted more than 950 searches.
Cyber police officers also identified more than 1,700 servicemen of the russian federation, who are involved in the commission of war crimes on the territory of Ukraine, and identified more than 850 propagandists of the “russian world”.
During the full-scale invasion of the russian federation, the cyber police identified 50 collaborators, 44 of whom have already been notified of suspicion, Kuznetsov added.1
russian Hackers Continue to Attack Ukraine – State Service of Special Communication
Specialists of the Governmental Computer Emergency Response Team of Ukraine CERT-UA, which operates under the State Service of Special Communication, registered 203 cyber attacks in July.
Cyber-group Offers DDos Attacks for $80 an Hour – But Only Against russia and belarus
A forum specializing in cyberattacks against russia and belarus has appeared on the scene – and while it charges for the service it also appears to be strongly partisan in nature, according to infosecurity firm Digital Shadows.
DUMPS is a Russian-language platform that advertises distributed denial of service (DDoS) attacks starting at $80 per hour – the main difference between it and other similar forums being that it strictly targets only entities in the two pariah countries.
“All topics within the forum must be aimed towards activity directed against russia and/or belarus,” said the Photon research wing of Digital Shadows. “Much of the activity centers towards sharing data leaks, advertising DDoS attack services, forged and stolen identity documents, and anonymous and bulletproof hosting services.”
The data-leaks section of the forum appears to be the largest, with others covering carding, initial access brokering, and spamming found to be empty at the time of Photon’s investigation.
“Users shared data stolen from russia-based government and private institutions,” said Photon. “This includes several well-known and important russian government institutions and utilities providers.”.3
Emotet Continues its Reign as the Most Widely Used Malware
Emotet seems to be on vacation with a 50% reduction in its global impact this July. However, it still affects 7% of organizations worldwide.
Emotet’s peak has possibly ended, but its threat hasn’t gone anywhere. Check Point Research (CPR) says it constantly discovers new features and improvements in Emotet’s capabilities, such as its latest credit card stealer module developed and adjustments done in its spreading systems.
Emotet, an advanced, self-propagating, and modular Trojan continues to dominate CPR’s monthly top malware charts with a global impact of 7%. Emotet is used as a distributor to other malware and avoids detection.
“This botnet continually evolves to maintain its persistence and evasion. Its latest developments include a credit card stealer module, meaning that enterprises and individuals must take extra care when making any online purchases. In addition, with Microsoft now confirming that it will block macros by default, we await to see how malwares, such as Snake Keylogger, may change their tactics,” said Maya Horowitz, VP Research at Check Point Software.
Emotet is followed by Formbook, which impacts 3% of organizations worldwide, and XMRig, an open-source CPU mining software used to mine Monero cryptocurrency, with a 2% global impact.
Formbook, an Infostealer targeting the Windows OS, harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its command-and-control server.
CPR said that “Web Server Exposed Git Repository Information Disclosure,” “Apache Log4j Remote Code Execution,” and “Web Servers Malicious URL Directory Traversal” were the most commonly exploited vulnerabilities in July.4
Senator business center, 32/2, Dukes of Ostrozhsky, Kyiv+38 (050) 428 44 68 (Ukraine), +1 (786) 755 8398 (USA)
© 2023 GLOBAL CYBER COOPERATIVE CENTER (GC3). All rights reserved