Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Ukraine: Russians Aim to Destroy Information InfrastructureRussia's Cyber War Coordinated With Invasion, Missile Attacks, Says State Service
Ukraine's top information protection agency says Russian cyberattacks are focusing on destruction of critical information infrastructure, spying and disinformation.
See Also: Assessing Cyber Risk for the Defense Industrial Base
To destroy information systems, the Russian state-sponsored hackers have widely used data stealer and data wiper malwares, Yurii Shchyhol, head of the State Service of Special Communications and Information Protection of Ukraine, said in a press conference on Tuesday. "Such attacks make up over a quarter of their total number and may be a part of more complex and powerful operations," he says.
The most attacked sectors are energy, security and defense, telecommunications, technology and development, finance, and logistics, according to Shchyhol.
The SSSCIP positioned the Secure Internet Access System to counter this aggression and ensure the cybersecurity of Ukrainian public authorities. Shchyhol said the system, which blocks the majority of cyberattacks, is currently used by almost 200 public authorities, including those from the national security and defense sector.
The system, operated by the SSSCIP professionals, "is one of our reliable shields that ensures cyber resilience of the state, stops and blocks intrusion attempts, DDoS, spyware infection and distribution, etc.," Shchyhol says.
Ukraine faces thousands of cyberattacks every day, and authorities say they manage to repel up to 40 powerful high-level DDoS attacks daily. In December last year, they blocked 395 such attacks.
The agency says it documented seven new types of viruses or other malware in 2022. The SSSCIP did not immediately respond to Information Security Media Group's request for more information on these newly identified malware variants.
The delivery of malware is often done using phishing mails that contain urgent language to trigger an immediate response. Government employees are favored targets.
Phishing is closely followed by vulnerability exploitation as an initial access vector. Nearly 170,000 software vulnerability exploitation attempts were observed in December but these were detected and blocked, the agency says.
Shchyhol also attributed the success of Ukraine's cyber resilience to support from the international community and private sector companies including Microsoft and Amazon, which helped Ukraine acquire the needed technological advancements for cyber defense. Above all, the SSSCIP chief credited the success to Ukrainian cybersecurity experts, 90% of which work in the government sector.
Shchyhol also quoted the recently released report of the Ukrainian Computer Emergency Response Team, which documented more than 2,100 cyber incidents in 2022. About one-fourth of the attacks targeted the government and local authorities. But referencing the same report, Shchyhol said that annual statistics demonstrate that Russian attacks on military and civil cyberspace targets are related (see: Ukraine: Russian Hackers' Focus Is Civilian Infrastructure).
Russians have also used cyberattacks as a prelude to missile strikes. "Cyberattacks have become a full-fledged component of the war and also to kinetic actions," the SSSCIP says.
This coordination was corroborated by a new study, "Cyber, Artillery, Propaganda: General Overview of the Dimensions of Russian Military Aggression," conducted by the SSSCIP and experts of the Ukrainian Economic Security Council, the commander-in-chief of the Armed Forces of Ukraine, and experts from the TRUMAN Agency.
The report shows a timeline of all major cyberattacks aimed at various critical infrastructure targets in Ukraine and their correlation with the conventional full-scale invasion of Russia through coordinated missile attacks on institutions that help Ukraine.
One of the few examples mentioned in the report is how Russia conducted DDoS attacks on several banking websites and the Ministry of Defense website not once but twice, and the latest attack happened just a day before the physical invasion on Feb. 23, 2022 (see: Cyberattack Hits Ukrainian Government, Banking Websites).
The report recommends reconsideration of the legal definition of aggression in the 1974 UN General Assembly Resolution 3314. The resolution currently states: "the use of any weapon by a state against the territory of another state," but gives no clear indication on whether "any weapon" includes cyberwarfare weapons.
Another recommendation that the report makes is to declare cyberattacks as war crimes. "International humanitarian law should establish a stricter framework for unconventional attacks," it says.
The SSSCIP says the war has caused significant damage to the information and communication technology infrastructure in more than 10 of Ukraine's 24 regions. And although efforts are underway, it will require $1.79 billion to completely restore the telecommunication sector, which has been the victim of the most targeted cyber and physical attacks in the past year, it says.