Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Cyberattacks Knock Out Sites of Ukrainian Army, Major Banks

A series of cyberattacks on Tuesday knocked the websites of the Ukrainian army, the defense ministry and major banks offline, Ukrainian authorities said, as tensions persisted over the threat of a possible Russian invasion.

A series of cyberattacks on Tuesday knocked the websites of the Ukrainian army, the defense ministry and major banks offline, Ukrainian authorities said, as tensions persisted over the threat of a possible Russian invasion.

Still, there was no indication the relatively low-level, distributed-denial-of-service attacks might be a smokescreen for more serious and damaging cyber mischief.

At least 10 Ukrainian websites were unreachable due to the attacks, including the defense, foreign and culture ministries and Ukraine’s two largest state banks. In such attacks, websites are barraged with a flood of junk data packets, rendering them unreachable.

“We don’t have any information of other disruptive actions that (could) be hidden by this DDoS attack,” said Victor Zhora, a top Ukrainian cyberdefense official. He said emergency response teams were working to cut off the attackers and recover services.

Customers at Ukraine’s largest state-owned bank, Privatbank, and the state-owned Sberbank reported problems with online payments and the banks’ apps.

Among the attackers’ targets was the hosting provider for Ukraine’s army and Privatbank, said Doug Madory, director of internet analysis at the network management firm Kentik Inc.

“There is no threat to depositors’ funds,” Zhora’s agency, the Ukrainian Information Ministry’s Center for Strategic Communications and Information Security, said in a statement. Nor did the attack affect the communications of Ukraine’s military forces, said Zhora.

It was too early to say who was behind the attack, he added.

Advertisement. Scroll to continue reading.

The ministry statement suggested Russian involvement: “It is possible that the aggressor resorted to tactics of petty mischief, because his aggressive plans aren’t working overall,” the Ukrainian statement said.

Quick attribution in cyberattacks is typically difficult, as aggressors often try to hide their tracks.

“We need to analyze logs from IT providers,” Zhora said

Oleh Derevianko, a leading private-sector expert and founder of the ISSP cybersecurity firm, said Ukrainians are always worried that such “noisy” cyberattacks could be masking something more sinister.

Escalating fears about a Russian invasion of Ukraine eased slightly as Russia sent signals Tuesday that it might be pulling back from the brink, but Western powers demanded proof.

The cyber aggression is nevertheless typical of Russian President Vladimir Putin, who likes to try to keep his adversaries off balance.

“These attacks are ratcheting up attention and pressure,” said Christian Sorensen, the CEO of the cybersecurity firm SightGain who previously worked for U.S. Cyber Command. “The purpose at this stage is to increase leverage in negotiations.”

Ukraine has been subject to a steady diet of Russian aggression in cyberspace since 2014, when Russia annexed the Crimean Peninsula and backed separatists in eastern Ukraine.

On Jan. 14, a cyberattack that damaged servers at Ukraine’s State Emergency Service and at the Motor Transport Insurance Bureau with a malicious “wiper” cloaked as ransomware. The damage proved minimal — some cybersecurity experts think that was by design, given the capabilities of Russian state-backed hackers. A message posted simultaneously on dozens of defaced Ukrainian government websites said: “Be afraid and expect the worst.”

[ Read: Microsoft Uncovers Destructive Malware Used in Ukraine Cyberattacks ]

Serhii Demediuk, the No. 2 official at Ukraine’s National Security and Defense Council, called the Jan. 14 attack “part of a full-scale Russian operation directed at destabilizing the situation in Ukraine, aimed at exploding our Euro-Atlantic integration and seizing power.”

Such attacks are apt to continue as Putin tries to “degrade” and “delegitimize” trust in Ukrainian institutions, the cybersecurity firm CrowdStrike said in a subsequent blog post.

In the winters of 2015 and 2016, attacks on Ukraine’s power grid attributed to Russia’s GRU military intelligence agency temporarily knocked out power.

Russia’s GRU has also been blamed for perhaps the most devastating cyberattack ever. Targeting companies doing business in Ukraine in 2017, the NotPetya virus caused over $10 billion in damage worldwide. The virus, also disguised as ransomware, was a “wiper” virus that scrubbed entire networks.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Bill Dunnion has joined telecommunications giant Mitel as Chief Information Security Officer.

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

More People On The Move

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...