Russia’s Digital Weapons Refined Against Ukraine

Uploaded on 2017-10-12 in GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE--Europe, INTELLIGENCE-Hot Spots-Russia, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

The Petya virus, targeting Microsoft Windows-based systems, spread like wildfire across Europe and, to a lesser extent, America, affecting hundreds of large and small firms in France, Germany, Italy, Poland and Britain.

While many Europeans saw the June cyber attack as just another wild disruption caused by anonymous hackers, it was identified quickly by experts, like Victor Zhora CEO of Infosafe, as another targeted assault on Ukraine. Most likely launched by Russia, it was timed to infect the country’s networks on the eve of Ukraine’s Constitution Day.

The cyberattack started through a software update for an accounting program that businesses use when working with Ukrainian government agencies, according to the head of Ukraine’s cyber-police, Sergey Demedyuk. In an interview with VOA in his office in the western suburbs of Kyiv, Demedyuk said, “every year cyberattacks are growing in number.”

“Sometimes when targeting a particular government agency or official, they mount complex attacks, first using some disguising action, like a denial-of-service attack, and only then launch their main attack aiming, for example, at capturing data,” he said.

Ukraine’s 360-member cyber police department was formed in 2015. The department is stretched, having not only to investigate cybercrime by non-state actors but also, along with a counterpart unit in the state security agency, defend the country from cyberattacks by state actors. Demedyuk admits it is a cat-and-mouse game searching for viruses and Trojan horses that might have been planted months ago.

Eye of the digital storm

Since the 2014 ouster of pro-Russian President Viktor Yanukovych, Ukraine has been in the eye of a sustained and systematic digital storm of big and small cyberattacks with practically every sector of the country impacted, including media, finance, transportation, military, politics and energy. Sometimes, the intrusions are highly tailored; other times, more indiscriminate attacks like Petya are launched at Ukraine.

Russian officials deny they are waging cyber warfare against Ukraine. Zhora, like many cybersecurity experts, acknowledges it is difficult, if not impossible most times, to trace cyberattacks back to their source.

“Attribution is the most difficult thing. When you are dealing with professional hackers it is hard to track and to find real evidence of where it has come from,” he said. “But we know only one country is the likely culprit. We only really have one enemy that wants to destroy Ukrainian democracy and independence,” he added.

Ukraine’s president, Petro Poroshenko, has been less restrained in pointing the finger of blame. Last December, he said there had been 6,500 cyberattacks on 36 Ukrainian targets in the previous two months alone. Investigations, he said, point to the “direct or indirect involvement of [the] secret services of Russia, which have unleashed a cyberwar against our country.”

Ukraine’s cyber-police head agrees. Demedyuk says his officers have been able to track attacks, especially denial-of-service intrusions, back to “Russian special services, tracking them to their own facilities and their own IP addresses.” But the original source of more complex intrusions, he said, are much harder to identify, with the hackers disguising themselves by using servers around the world, including in Asia and China.

Digital weapons refined

Digital intrusions have seen data deleted and networks crippled with real life consequences. And digital weapons are being refined often with the knowledge gained from each intrusion.

Zhora cites as an example of this evolution the difference between two large cyberattacks on the country’s electricity grid, the first in December 2015 and the second at the end of last year, which cut off energy to hundreds of thousands of people for several hours.

With the first attack the hackers used malware to gain access to the networks and then shut the system down manually.

“They sent an email and when someone opened it, the payload was downloaded and later it spread across the network and they used the path created for the hackers to get to the administrator’s work station and then in a live session switched off the subsystems overseeing electricity distribution,” he said.

But with the 2016 attack no live session was necessary.

“They used a malware which opened the doors automatically by decoding specific protocols and there was no human interaction. I think they got a lot of information in the first attack about the utility companies’ networks and they used the knowledge to write the malware for the second intrusion,” he said.

Digital threats to US

In his speech midweek in Washington, Coats specifically cited possible digital threats to America’s critical infrastructure, including electrical grids and other utilities, saying it is of rising concern.

“It doesn’t take much effort to imagine the consequences of an attack that knocks out power in Boston in February or power in Phoenix in July,” he said.

After the second cyberattack on Ukraine’s electrical grid, a group of American government and private sector energy officials was dispatched to Kyiv, where they spent a month exploring what happened, according to Ukrainian officials.

One lesson the visitors drew was that it would be much harder in the US to switch the grid back on after an intrusion. The Ukrainians were able to get the electricity moving again by visiting each substation and turning the system on again manually, an option apparently more challenging in the US, where grid systems are even more automated.

“Virtual attacks are every bit as dangerous as military ones, we are living on a battlefield,” Zhora said.

Ein News

You Might Also Read:

Who Is Behind Petya?:

Ukrainian Security Call in FBI, NCA & Europol:

 

« Kaspersky Says We Can Trust Him
In Demand: New Tech Against Drone Attacks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

Entersekt

Entersekt

Entersekt is an innovator in push-based authentication and app security.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

TheGreenBow

TheGreenBow

TheGreenBow is a trusted VPN software company. We help organizations and individuals become cyber-responsible. For this, we design and develop reliable and easy-to-use solutions.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

RiverSafe

RiverSafe

RiverSafe is a professional services provider specialising in Cyber Security, Data Operations and DevOps, putting security at the heart of everything we do.

Vigilant Ops

Vigilant Ops

Vigilant Ops is a leader in Software Bill of Materials (SBOM) Automation. A proactive approach to cybersecurity with continuous vulnerability monitoring.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.

Harmony Intelligence

Harmony Intelligence

Harmony builds cutting-edge defensive AI products that safeguard people and critical infrastructure around the world from AI-powered threats.

Garantir

Garantir

Garantir is a cybersecurity company that provides advanced cryptographic solutions to the enterprise.

Western Balkans Cyber Capacity Centre (WB3C)

Western Balkans Cyber Capacity Centre (WB3C)

WB3C is a programme founded by France, Slovenia and Montenegro with the mission of building a secure and connected Western Balkans region through enhancing its cyber capabilities and resilience.

CyberSentriq

CyberSentriq

CyberSentriq provides an unmatched combination of proactive AI-driven email and web security, advanced data protection, and operational resilience.