Press "Enter" to skip to content

A review of the cybersecurity situation related to Ukraine

I’m back after a week off, and the larger story to acknowledge is the Russian invasion of Ukraine and the ongoing conflict.     This is a technology show, and in particular, one focuses on those delivering IT services, so my coverage will focus on stories through that lens. 

Which leads to the security fallout.

The conflict is undoubtedly occurring online, with data released on Monday, Feb 28, by CheckPoint showing a 196% increase in cyber attacks on Ukraine’s government and military sector. Worldwide, government and military bodies showed no similar increase, however.

Check Point also observed a notable 4% increase in attacks directed at Russian organizations more generally, compared with a 0.2% increase in attacks directed at Ukrainian organizations. Globally, other regions have experienced net decreases in attack volumes.   

Significantly, Check Point analysts also reported that volumes of phishing emails in East Slavic languages have increased sevenfold, with one-third of these originating from within Ukraine and targeting recipients in Russia.  Also noted were data wiping attacks against firms with a strong business presence in Ukraine – ESET and Broadcom’s Symantec.  

The conflict specifically impacts services in those countries; however, as Bleeping Computer reported on key Russian websites and state online portals have been taken offline by attacks claimed by the Ukrainian cyber police force.

The release of new malware strains in Ukraine coincided with the start of Russia’s military attacks, security researchers at ESET and Microsoft found.   Following the launch of HermeticWiper on Feb. 23, a second attack was launched against Ukrainian government systems on Feb. 24 from a wiper called IsaacWiper, ESET researchers said. A new version of IsaacWiper, containing debug logs, was dropped on Feb. 25, a move that could signal the original wiper failed to erase data of the targeted systems, ESET researchers said.

Microsoft researchers on Feb. 24 detected a round of cyberattacks targeting Ukraine’s digital infrastructure hours before the launch of missile attacks against the country, according to a blogpost from Brad Smith, vice chair and president of Microsoft

The Conti ransomware group, which has been mentioned numerous times on this show, has also been targeted during this timeframe, leaking a collection of internal chat messages which researchers believe are authentic – and very useful.  

Despite this, reports now indicate that a larger cyberwar is not occurring.      Per reporting in the protocol, generally, hackers and cybersecurity activists working on behalf of Ukraine have the upper hand so far.

The conflict may also impact cyber insurance.  Credit ratings giant Fitch said last week that cyberattacks linked to Russia’s invasion of Ukraine might be a test for language commonly used in cyber insurance policies that exclude damages caused by acts of war 

Why do we care? 

This conflict is the first to include a broadly online component.    This is going to be a developing story, and there is no reason to believe this is free and clear – although all signs seem to point to the conflict being localized.