Cyberattacks in Ukraine: analyzing to prevent

Companies collect and store critical information every day, from customer data to personal financial information. The importance of data security grows as the amount of data increases, and the issue of cybersecurity is one of the main ones in the era of digitalization. The local context makes it especially relevant: according to Check Point Research, in the first 3 days since the beginning of the war, the number of cyber attacks on the state and military sectors of Ukraine increased by 196%.

The threat exists, but after recognizing it, you should think about a solution. In this article based on Microsoft materials, we have analyzed cyber attacks in Ukraine. We will also talk about the types of cyber attacks and share important recommendations for the information security of your business.

The concept of cyber attacks and their main types

First, let’s get the article terminology right:

A cyberattack is an unauthorized attempt to access information systems with the aim of stealing, changing, disabling or destroying information.

The motives for such actions can be different: from trying to get hold of employees’ personal data to destabilizing the business or obtaining financial gain.

The main types of cyber attacks are as follows:

• DDoS (Distributed Denial of Service) attack
  A distributed denial of service attack is a set of actions that can overload system resources and block service requests, thereby partially reducing their performance or completely disabling them. DDoS often precedes another attack.
• Malware
  Any software designed to gain unauthorized access to computing resources or information for the purpose of unauthorized use or harm to the owner of the information. Such actions can lead to the system inoperability.
• Phishing
  The purpose of phishing attacks is to attempt to steal user credentials or sensitive data, such as credit card numbers. In this case, attackers send emails or text messages to users using hyperlinks imitating the original sources.
• Ransomware
  The program blocks access to the system or prevents the data written to it from being read (often using encryption methods). After that, it demands a ransom from the victim for restoring the original state of the system.
• Backdoor Trojan
  The attack creates a vulnerability in the system, allowing the attacker to gain remote and almost complete control. Often used to connect groups of computers into a botnet or zombie network.
• Cross-site scripting (XSS)
  A type of attack in which attackers integrate malicious code into the original website in order to obtain information about the user, often using third party resources.
• DNS tunneling
  The method involves secret communication with the victim computer by integrating commands and data into the DNS protocol.

Analysis of cyber attacks in Ukraine

Having reviewed the main types of cyber attacks, we get back to analyzing cyber activity in Ukraine. Over the past few months, Microsoft has published the following incidents of harmful activity:

• Phishing attacks on Ukrainian soldiers:
  • February 25, 2022 | RiskIQ: UNC1151/GhostWriter Phishing Attacks Target Ukrainian Soldiers
• Recent disk wiping attacks:
  • February 24, 2022 | RiskIQ: HermeticWiper Compromised Server Used in Attack Chain
• Advanced threat actor ACTINIUM which has consistently pursued access to organizations in Ukraine or entities related to Ukraine affairs:
  • February 4, 2022 | Microsoft Security Blog: ACTINIUM targets Ukrainian organizations
  • February 4, 2022 | RiskIQ threat intelligence article: ACTINIUM targets Ukrainian organizations
  • February 4, 2022 | Microsoft Threat Analytics article (requires a license): Threat Insights: ACTINIUM targets Ukrainian organizations
• Destructive malware operation and malware family known as WhisperGate targeting multiple organizations in Ukraine:
  • January 15, 2022 | Microsoft on the Issues Blog: Malware attacks targeting Ukraine government
  • January 15, 2022 | Microsoft Security Blog: Destructive malware targeting Ukrainian organizations
  • January 15, 2022 | RiskIQ threat intelligence article: Destructive malware targeting Ukrainian organizations

The Threat Intelligence Center (MSTIC) assesses that the threat of destructive attacks on organizations in Ukraine remains high in the near future.

Security rules and guidelines

Understanding the threat, we recommend that you review your company’s security posture and implement best practices to increase resilience to today’s threats.

Cyber security hygiene

Organizations must strengthen all systems to proactively protect against potential threats while maintaining basic cyber hygiene principles. Microsoft recommends taking the following steps:

Microsoft Security Best Practices:

Microsoft customers can use best practices for making cybersecurity decisions. Microsoft Security Best Practices are designed to improve your security posture and reduce risk, whether your data center is cloud, on-premises, or hybrid.

Overall, Microsoft continues to detect new threats and improve protection as it analyzes new data. We, in turn, continue to monitor activity in cyberspace and will keep you posted on further developments.

If you need consultation, we are ready to create, implement, and maintain a cyber risk mitigation strategy tailored to your company’s needs. To this end, please contact sales@smart-it.com.