Ukraine cyber teams responded to more than 2,000 attacks in 2022

The Computer Emergency Response Team of Ukraine (CERT-UA) responded to 2,194 cyber incidents during 2022, 25% of them targeting the government and local authorities, with the defence and security, energy, financial services, IT and telecoms, and logistics sectors also paying a heavy price for Russia’s aggression.

The statistics were disclosed this week by brigadier general Yurii Shchyhol, head of the State Service of Special Communications and Information Protection (SSSCIP) of Ukraine, under which CERT-UA operates.

Shchyhol said that CERT-UA was currently investigating between 200 and 300 potential cyber incidents every day affecting the private sector.

Meanwhile, the country’s Secure Internet Access System for Public Authorities (SIASPA) is now in use at approximately 200 public authorities, working to block automated and semi-automated cyber attacks.

“The SIASPA operated by the SSSCIP professionals is one of our reliable shields that ensures cyber resilience of the state, stops and blocks intrusion attempts, DDoS, spyware infection and distribution, etcetera,” said Shchyhol.

“There are thousands of cyber attacks like this every day. We repel five to 40 powerful high-level DDoS attacks daily, 395 attacks were stopped and blocked in December. Also, in December alone, the system registered and informed the consumers of 170,000 attempts to use vulnerabilities at the state information resources we are protecting. Cyber defence is our daily work.”

As Russia’s war approaches its first anniversary, Shchyhol said the threat of cyber attacks waged by Moscow against Ukraine and its allies remained extremely high, and it was important for organisations to remain alert and to continuously enhance their cyber security defences.

He said the primary objective of Russian cyber attacks were to destroy critical information infrastructure, to gather intelligence, and to conduct psychological warfare, spread panic and undermine the confidence of ordinary Ukrainians in their government.

The most widespread tactic seen by SSSCIP and CERT-UA to date has been the distribution of destructive malware that steals data and destroys information systems – a number of new destructive malwares were identified at the onset of the war. Such attacks make up a quarter of those seen and often form part of more complex hybrid operations.

Shchyhol said that those behind them generally exploit public confidence in the security and defence sector, and spread by exploiting themes associated with public health and critical infrastructure.

Another key function of the SSSCIP in the past 12 months has been to keep Ukraine’s telecoms networks, in particular its mobile communications infrastructure, up and running.

Shchyhol revealed that as of 17 January, mobile networks were available across approximately 77% of Ukraine’s land area, up over 30% on the period immediately after the war started, demonstrating the hard work and long shifts being put in by Ukraine’s network engineers.

Predictably, networks in the embattled east of the country are the worst affected, with the partially occupied Zaporizhzia, Donetsk and Lunhansk oblasts facing the most frequent service interruptions difficulties, while over 60% of residents of Odesa and Cherkasy oblasts are currently experiencing communications difficulties owing to power cuts. Meanwhile, in the recaptured Kherson oblast, more than 20% of base stations existing prior to the invasion have now been restored to full service.

When disruption does occur, Ukraine’s mobile network operators (MNOs) can now engage with the National Centre for Operations and Technology Management of Telecommunications Networks (NTNOC) to recover their service. The NTNOC runs a list of facilities to which communications services are to be restored within three days of an outage, such as local government bodies, emergency services, and so on.

Since 23 February 2023, the SSSCIP said Ukraine’s MNOs have restored more than 3,200 kilometres of fibre optic cable, recovered or rebuilt 1,200 base stations, added 1,500 base stations, and provided upgrades – including on-site power facilities – at more than 8,000.

As a result, Ukraine actually invested more than eight billion hryvnia (£176.24m) in mobile communications in 2022. The International Telecommunications Union (ITU) believes that £1.44bn will be needed to fully restore the telecoms sector in Ukraine after the war is won.