Phishing at centre of cyber attack on Ukraine infrastructure

The Ukraine security service (SBU) says it has thwarted a cyber attack by Russian intelligence on the information and telecommunications systems of the country’s judiciary.

According to the SBU, the attack had begun by sending emails with fake accounting documents attached to them designed to trigger stealthy information stealing malware when opened, reports the Unian information agency.

The malware was connected to control and command servers with Russian IP addresses, an SBU report said, adding that the plan of the Russian intelligence, according to experts, was to “hinder the stable functioning” of Ukraine’s judicial information system.

“Thanks to joint efforts with the State Judicial Administration and the State Special Communications Services, we managed to localise the effect of the cyber attack and prevent its further spread,” the SBU said.

Moreno Carullo, co-founder and chief technology officer (CTO) of industrial cyber security firm Nozomi Networks, said the attacks on Ukraine’s telecommunications systems highlighted that attackers were once again relying on phishing as a means to target critical national infrastructure (CNI).

“It is therefore extremely important that staff within critical infrastructure organisations are taught to recognise phishing emails and not to click on links or open attachments from unknown sources,” he said.

“Every organisation is an attractive target because in cyber space they are just a point of contact on the internet that can be exploited to reach an end goal”

According to Carullo, phishing is one of the major attack vectors cyber criminals and other attackers use to target critical infrastructure.

“This was demonstrated in our recent study around GreyEnergy, another piece of malware which was targeting critical infrastructure in Ukraine via phishing,” he said.
 
“Today’s determined attackers are showing no signs of slowing down, so teaching staff to ‘think before they click’ is key to defending against these types of attacks.”

Defending CNI from cyber attacks is not only about resisting attacks, but also about being resilient to ensure a quick recovery, according to Mike Gillespie, managing director and co-founder of security consultancy Advent IM.

An unwillingness to accept that cyber attacks are a real threat to critical national infrastructure by UK political and CNI business leaders has resulted in a lack of resilience, he told the CNI security track of the International Security Expo 2018 in London.

In addition to an unwillingness by many organisations to invest in resilience, Gillespie said many organisations were failing to recognise that all of them are potential targets for cyber attacks.

“Many organisations say they are not an attractive target, but every organisation is an attractive target because in cyber space they are just a point of contact on the internet that can be exploited to reach an end goal,” he said.

According to Gillespie, the UK needs to address its corporate security culture, the lack of understanding of information assets, and the “abject inability” to keep critical infrastructure safe.

He cautioned that no technology is the solution on its own, saying the approach needs to be “holistic” and must include leadership in developing a security culture and awareness that is led from the top by example.