The 13th of April, Cyber News


A large-scale cyber attack on Ukrainian energy sector has been prevented

The government Computer Emergency Response Team CERT-UA, which operates under the auspices of the State Special Communications Service, reports about a cyber attack by the Sandworm Group (UAC-0082) on Ukrainian energy facilities using malware Industroyer2 and CaddyWiper. It is known that the victim organization has suffered two waves of attacks. The initial compromise took place no later than February 2022. And on Friday evening, April 8, 2022, the attackers planned to disconnect electrical substations and disable the company’s infrastructure. However, the implementation of the malicious plan has been prevented. To find out if there is a similar threat to other organizations in Ukraine, information, including samples of malware, have been given to international partners and companies in Ukrainian energy sector. Special thanks to the Government Team for Responding to Computer Emergencies of Ukraine CERT-UA to Microsoft and ESET. Follow the link to read the details

The number of cyber attacks on the energy sector has increased to 200,000 during 40 days

“Over the last 40 days of the war, the number of cyberattacks has exceeded 200,000. For comparison: for the whole last year we had 900 thousand attempts to attack the infrastructure. ” This was stated at a briefing in Ukrinform by Deputy Minister of Energy for Digital Development, Digital Transformations and Digitization Farid Safarov. In particular, about 20,000 attempts to hit the information infrastructure of the Ministry of Energy were recorded last week. The largest number of attacks was on the electricity sector, which Safarov attributes to attempts to prevent the synchronization of Ukrainian energy system with the European energy system. Attacks took place both on the resources of NPC Ukrenergo and on oblenergos. Details – follow the link

The Ministry of Energy wants to create two branch cybercenters

Deputy Minister of Energy for Digitalization Farid Safarov said that Ukraine would establish sectoral cybercenters to protect critical energy infrastructure: “Within our agreement with the National Security and Defense Council, in cooperation with CERT-UA, the Security Service of Ukraine sectoral cybercenters have been set up to monitor the situation and take action to protect critical infrastructure. ” According to him, the relevant draft decision has already been sent to the Cabinet of Ministers. Safarov said that it had been proposed to turn the cyber centers into centers created by Naftogaz Ukrainy and Ukrenergo. The Naftogaz Cybercenter will be responsible for the oil and gas sector, and the Ukrenergo Center will be responsible for the electricity sector. According to him, the creation of such industry centers will significantly strengthen the cybersecurity of energy facilities, which are the most vulnerable group of critical infrastructure. At the same time, energy companies at the primary level must also take cybersecurity measures, said the Deputy Minister. Details – follow the link

The Rivne Vecherne website has been attacked almost 300 times since the start of the full-scale war

From February 24 to April 12, 249 cyberattacks were being carried out on the Rivne Vecherne website. Most of them came from China and russia. This was announced by the editor-in-chief of the Rivne Vecherne website, Bohdan Slonets. According to him, 95% of attacks have been repulsed, but the attackers managed to make the site inaccessible for a short time by direct DOS and DDoS attacks. The total time the site was offline was 24 minutes. Most attacks created problems while downloading posts. According to the site editor, the attacks occur when the media reports the threat of an attack from belarus, which has a border with Rivne region. According to the platform “Similarweb”, in March, site traffic increased significantly and now stands at 2 million. Details – follow the link



The sites of the city hall and the Duma of Volgograd are being attacked by hackers

Websites of the city administration and the Duma have been attacked massively by DDoS attack in Volgograd. On the fifth day, April 8, the official pages of these authorities are not opened due to an avalanche of requests from different IP addresses. However, the press service of Volgograd administration claims that on the morning of April 12, the site managed to resume operations for a short time. Currently, the city administration portal is again unavailable. It is known that both portals are served by the city information center – ICU “GIC”. It is noteworthy that the official website of the municipal budget institution “City Information Center” also does not work. Details – follow the link

Protection of the users in Vkontakte from hacking and theft of personal data through pirated programs

The innovation will help to protect personal data from use and leaks, as well as to prevent hacking through potentially dangerous programs that can be used for malicious activity, spam and the collection of confidential information. The updates are part of VK Protect global initiative to protect VK ecosystem services. Details – follow the link

Rostelecom-Solar estimates that 75% of vulnerabilities in companies could be closed with patches

There are the simplest ways to eliminate them, including patch management for 75% of the vulnerabilities found in the infrastructures of Russian organizations. However, they still remain open, according to a report by Rostelecom-Solar. Some infrastructures have well-known vulnerabilities, for which updates were released several years ago. In the current context, closing such vulnerabilities is becoming a critical condition for organizations to have basic cybersecurity, experts warn. “Regular monitoring of vulnerabilities could significantly increase the cyber security of organizations. Exploits for old and known vulnerabilities are publicly available, and it is not difficult for attackers to use them. And today, as the number of cyberattacks on russian companies grows, the likelihood that hackers will find a weak spot in the infrastructure increases many times over. As a result, the absence of such a simple thing as an upgrade could result in financial and reputational losses for the organization, as well as stopping key business processes, ” – said Maxim Bronzinsky, Head of Rostelecom-Solar’s Vulnerability Management. Details – follow the link

russian Ministry of Foreign Affairs announces tenders to create IT infrastructure for monitoring phishing sites

Two tenders for the supply of software and equipment to create an IT infrastructure designed to monitor phishing sites, with an initial maximum contract price of 59.08 million and 53.26 million (112.34 million) rubles, posted on the public procurement portal from 8 April 2022. The goals of the new competitions are “supply of equipment and transfer of non-exclusive rights to use software to create an IT infrastructure of the information system.” Delivery time – until May 20, 2022. At the same time, the documentation of one of the tenders indicates a ban on the supply of software and equipment from foreign countries, except for the EAEU countries, as well as “the so-called DPR and LPR.” According to the Coordination Center of .RU / .РФ domains, the most popular sites for phishing attacks, which most often imitate fraudsters, are the only portal of state services, Oschadbank, Avito. Details – follow the link



The world largest hacker forum for trading of stolen databases has been closed

The US government has blocked the RaidForums forum, which has more than 530,000 registered users. This is stated by the US Department of Justice. The site has been closed by law enforcement agencies in the United States, the United Kingdom, Sweden, Portugal and Romania during Operation TOURNIQUET, coordinated by Europol. According to the indictment, RaidForums was “a well-known market for cybercriminals to sell and buy hacking data.” The department said it had received court approval to seize three different domain names that hosted the RaidForums website: raidforums.com, Rf.ws and Raid.lol. The size of the RaidForums market, according to the US Department of Justice, included hundreds of such data, containing more than 10 billion units of credentials of individuals residing in the US and other countries. Details – follow the link