Several Ukrainian government websites were attacked and went offline on Wednesday amid concerns of an imminent Russian invasion. More cyberattacks on the country’s cyber infrastructure extended into Thursday morning local time, signaling a precursor to the reports of Russian shelling and the resultant breakdown of diplomatic ties between Kyiv and Moscow.
Mykhailo Fedorov, Ukraine’s minister for digital transformation, confirmed reports of the distributed-denial-of-service (DDoS) attacks on his Telegram channelOpens a new window . Consequently, the websites of the Ukrainian Cabinet of Ministers, the foreign affairs ministry, infrastructure, education, and even the country’s parliament, went offline or functioned slowly. Fedorov also said some banks were affected but refrained from naming them.
Here’s a look back at today’s simultaneous DDoS attacks against the websites of Ukraine’s parliament, foreign ministry, and executive cabinet.#UkraineRussiaCrisisOpens a new window pic.twitter.com/68CBCXjqw3Opens a new window
— Doug Madory (@DougMadory) February 23, 2022Opens a new window
DDoS attacks generally involve hackers overwhelming the target network/servers/other infrastructure with high traffic and disrupting normal operations. Soon after the cyberattacks began, the government diverted official traffic to another provider to alleviate the impact of the outage.
Additionally, the research division of cybersecurity company ESET discovered that threat actors are also wreaking havoc across Ukraine’s digital infrastructure using a new malware that wipes out system data. The malware, dubbed HermeticWiper, was installed on hundreds of machines in Ukraine.
“The wiper drops a legitimate clean driver signed by a certificate issued to EaseUp Partition Master to handle the wiping functionality,†noted Symantec. Vikram Thakur, the company’s technical director, told reporters that HermeticWiper was used to target a financial institution in Ukraine and Ukrainian government contractors in Latvia and Lithuania.
The Wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd 3/n pic.twitter.com/sGCl3Lbqc1Opens a new window
— ESET research (@ESETresearch) February 23, 2022Opens a new window
HermeticWiper can erase important files, including the Master Boot Record (MBR), which locates where the operating system is stored on a computer and is used for booting it in the RAM. A successful attack would render target systems inoperable. HermeticWiper is similar to the WhisperGate malware that hit Ukrainian organizations earlier in February, except unlike WhisperGate, HermeticWiper doesn’t masquerade as ransomware.
See More: Destructive Malware That Hit Ukraine Can Target U.S. And U.K. Organizations, Warns Microsoft
HermeticWiper boasts a digitally signed certificate by Hermetica Digital Ltd, a company based out of Cyprus, thus giving it legitimacy and the ability to avoid antivirus systems. Cybercriminals often steal digital certificates to carry out malware distribution undetected.
However, Hermetica Digital was established in March 2021Opens a new window , and it doesn’t have a website. Malicious actors possibly set it up specifically for these and perhaps other cyberattacks. It also signals a high level of diligence and sophistication on the part of the unknown threat actors.
Cyberattacks aim to subvert the victim by tipping over critical infrastructures such as power and communications, destabilizing the population through disinformation, spying on the government, or simply confusing the general populace.
It is unclear if the DDoS attacks originated from Russia, whose troops have already moved into separatist regions of Ukraine, thus further aggravating the geopolitical scenario.Â
In response to Ukraine’s request yesterday, the European Union said it is sending a cyber response team to help the country thwart cyberattacks. A cyber coalition, named Cyber Rapid Response Team, consisting of experts from six countries, i.e., Lithuania, Netherlands, Poland, Estonia, Romania and Croatia (all NATO members) was assembled for this purpose.
In response to #UkraineOpens a new window request 🇱🇹🇳🇱🇵🇱🇪🇪🇷🇴ðŸ‡ðŸ‡· are activating LT-led Cyber Rapid Response Team, which will help 🇺🇦institutions to cope with growing cyber threats. #StandWithUkraineOpens a new window pic.twitter.com/posfmv3rVTOpens a new window
— Lithuanian MOD (@Lithuanian_MoD) February 22, 2022Opens a new window
Presently, none of this has spilled over to organizations outside of Ukraine yet. However, experts at Harvard Business Review (HBR) feel they may. “The implications for business of conflict in Ukraine — whether conventional, cyber, or hybrid — will be felt far beyond the region’s borders. As a business leader, you’ve likely already assessed whether you have people at risk, operations that might be affected, or supply chains that might be interrupted.â€
“The security and intelligence teams at several major multinationals indicated to us that they are anticipating Russian cyberattacks and assessing the potential for second and third-order effects on their operations.â€
“Some companies noted that they are anticipating an increase in attacks and scams in conjunction with the Ukraine crisis, with risk assessments typically contingent on whether the company has direct links to Ukrainian national banks or other critical infrastructure,†they added.
Sam Curry, the chief security officer at Cybereason, told Toolbox that organizations should “be on HIGH alert. Call the employees or associates that you call for in a crisis and have them ready, because they may get called in multiple directions in a crunch. If you don’t have anyone on your staff filling this role, call any cyber people you know and seek their advice.â€
He cites the importance of organizational leadership in such key moments. “Think about your priorities at the moment and pass that information to peers and employees. For instance, ‘we care about people’s safety first, then about data security, then about this service being available,’ and so on. That’s leadership that people can use if things go wrong. Identify the critical services that are ‘single points of failure’ for your business. If they go down, the business stops. Have a plan for ‘what to do if.’â€
As such, the trio at Belfer Center suggests coordination amongst geopolitical, cybersecurity and physical security to:
- Identify hidden supply chain dependencies on Ukraine-based engineers, coders, or hosted services
- Connect with all peer networks and vendors, and identify at-risk ones to reduce the chance of cyber intrusions
- Patch up existing vulnerabilities
- Ensure business continuity in case threat actors manage to infiltrate and takedown systems
“The first rule is that a cyber or IT problem quickly becomes a business problem,†the HBR experts addedOpens a new window .
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!