Ruslan - stock.adobe.com
Ukrainian authorities are investigating a series of distributed denial of service (DDoS) attacks that targeted the country’s Ministry of Defence, as well as a number of financial institutions, in a series of incidents on the afternoon of Tuesday 15 February.
The attacks rendered the Ministry of Defence’s website inoperable for a time, forcing it to resort to communicating via social media, and compromised access to consumer internet banking services at PrivatBank and OschadBank. Mirohost, a provider of hosting services, also seems to have been a target.
In a statement, the Cyber Unit of Ukraine’s National Police Force said: “Attackers carried out powerful DDoS attacks on a number of information resources of Ukraine. At the request of one of the state-owned banks, the cyber police launched an investigation.
“In particular, interruptions in the work of web services of state-owned banks were recorded. The websites of the Ministry of Defence and the Armed Forces of Ukraine were also attacked.
“As of 19:30, the work of banking web resources has been resumed. A working group of experts from the main actors of the national cyber security system is taking all necessary measures to counter and localise the cyber attack.
“According to this fact, the Main Investigation Department of the National Police opened a criminal case under Articles 361 (unauthorised interference in the operation of automated systems) and 363-1 (intentional mass dissemination of telecommunications messages), which led to disruption of automated systems of the Criminal Code of Ukraine.”
DDoS attacks, which are conducted by flooding target systems with incoming messages, connection requests or malformed packets to the extent that they are forced to slow or shut down, are an easily accomplished and highly visible form of cyber attack, and can be used as a distraction by sophisticated threat actors to do more damage behind the scenes.
However, although the attacks come at a time of heightened tension between Russia and Ukraine, and just days after the European Central Bank (ECB) and other regulators instructed financial institutions to strengthen their cyber security defences, Ukrainian officials have not attributed any blame for the attacks.
In a statement posted to social media, Ukraine’s Centre for Strategic Communications and Information Security said: “It is possible that the aggressor resorted to the tactics of petty mischief, because, by and large, their aggressive plans do not work.”
Justin Fier, director of cyber intelligence and analytics at Darktrace, said the authorities had taken a sensible decision in not rushing to apportion blame.
“We must be careful at this stage to point fingers,” he said. “Misattribution in cyber is a dangerous game, and any miscalculation can be detrimental. This attack could be another actor taking advantage of an already tense situation in the region.
“It is alarming but unsurprising to see attackers hit their financial systems, especially when the global economy is facing significant pitfalls – the stakes are higher for defenders, and attackers can maximise damage. The cyber industry has been anticipating an attack of this nature in recent weeks, and until further details emerge, all organisations must be vigilant and heed the cautions issued by national federal agencies.”
For critical sectors outside of Ukraine, Sandra Joyce, EVP and head of Mandiant Intelligence, echoed previous advice to prepare, but not panic. “Concerns are reasonable and valid,” she said. “We are concerned that as the situation escalates, serious cyber events will not merely affect Ukraine. But while we are warning our customers to prepare themselves and their operations, we are confident we can weather these cyber attacks.”
Joyce said the risk to targets outside Ukraine would be heightened if further Western sanctions are imposed on Russia in the event of an outright invasion, as both the UK and US governments have promised.
She also warned defenders of the dangers of falling victim to fear, uncertainty and doubt. “Within the context of this crisis, we will have to be careful consumers of information – suspicious to the possibility of active measures designed to fool us,” she said. “The media will also be especially challenged – they will be asked to shed light on active measures while adversaries simultaneously attempt to leverage them to launder their narratives and content.”
Read more about the cyber crisis in Ukraine
- Even though the average organisation is an unlikely target for a Russian state cyber attack, here’s why security teams still need to watch what Russian threat groups are up to.
- The National Cyber Security Centre is urging UK organisations to take steps to bolster their cyber security resilience in response to the ongoing Ukraine crisis.
- Security experts have been poring over the WhisperGate malware with which alleged Russia-backed entities targeted Ukrainian government websites.
- A fresh alert from the US Department of Homeland Security may have IT security teams jumpy over the possibility that their organisations could be targeted by Russian state actors.
- More cyber attacks like those perpetrated against targets in Ukraine are to be expected, and they may become more destructive.
- Speculation mounts that Russia is behind a cyber attack that defaced Ukrainian government websites amid growing international tension.
- Kyiv claims that a hacking group in Belarus – a close ally of Russia – was responsible for hacking Ukrainian government websites amid threats of military action.