Cyberattacks targeting Ukraine

by Tony Richardson CISSP

Cyberattacks targeting Ukraine

Intelligence finds that Russia has initiated cyberwarfare techniques against Ukraine as military engagement escalates. Given the potential for similar attacks on US and UK based targets, we want to provide an update on what we know so far, and the steps we are taking to ensure the ongoing fidelity of the cybersecurity services we deliver to you for the protection of your business.

What we know so far: cyberattacks targeting Ukraine

Malware — New malware dubbed WhisperGate requests ransom payment and destroys files even if the ransom is paid.

Website Defacement — 70 attempts have been made to deface Ukrainian government websites with 10 being successful.

Distributed Denial-of-Service (DDoS) attacks — Targets include Ukraine’s armed forces, defence, ministry, public radio, and 2 large banks. Several vital services were turned offline, and people were unable to access their bank accounts, use mobile apps, or issue online payments.

Many suspect a potential attack on the Ukrainian power grid as was executed during the 2015 Russian invasion of Ukraine.

Actions to ensure protection of your business

We are in active communication with all our technology partners to exchange real-time threat intelligence that may impact our operations and are conducting ongoing audits of our infrastructure and processes to ensure defence against possible exploitation from Russian state-sponsored threat actors.

The protection of your business should be a number one priority.

In the short term, we recommend the following:

Remind employees of the role they play in keeping your business secure. For example, employees should actively look out for indicators of a potential business email compromise attack.
Look to security awareness training to improve your security culture.

Be sceptical—Last-minute changes in wiring instructions or recipient account information must be verified.

Double check that URL—Ensure the URL in the email is associated with the business it claims to be from.

Spelling counts—Be alert to misspelled hyperlinks in the actual domain name.

Be sure users have updated their systems and applications to the latest release which typically includes latest security enhancements and patches / updates.

Be sure you have strong endpoint protect from the latest MDR / XDR technology.

Activate multi factor authentication (MFA) where possible.

Make sure your backups are robust, recoverable and accurate. Test recovery.

Ensure your email gateways are protecting you against the multiple phishing attacks proliferating the internet.

If you feel you need help with any of these countermeasures, let me know.