Ukraine has been hit by a swathe of distributed denial-of-service (DDoS) attacks that have targeted financial institutions as well as the nation’s Ministry of Defence and Armed Forces networks.
This follows a number of attacks reported at the end of January which affected numerous Ukrainian official websites.
Netblocks, a global and independent internet monitor group, confirmed on 15 February the loss of service to multiple banking and online platforms in Ukraine which were consistent with a DDoS attack.
Ukraine’s Centre for Strategic Communications and Information Security posted on Facebook on 15 February that during the DDoS attack against PrivatBank, some services including ATMs were not working. They have since been restored.
Work is underway to recover both banking systems. Oschadbank is working in a stable mode. At the time of writing the PrivatBank website appears to be live after a period of time where it was only displaying the message “WAF is watching you)”.
It is unknown who carried out the attacks but amid the ongoing crisis the finger tends to point to Russian-backed actors as perpetrators. Cyber-attacks have already played a major role in the conflict between the two nations.
While many look to financial institutions as leading in cyber security, they are also top targets for cybercrime.
The Centre for Strategic and International Studies says: “Financial institutions are leading targets of cyber-attacks. Banks are where the money is, and for cybercriminals, attacking banks offers multiple avenues for profit through extortion, theft and fraud, while nation-states and hacktivists also target the financial sector for political and ideological leverage.”
Cyber in warfare
In analysis published on 8 Frebrary on the prospect of war in Ukraine, International Institute for Strategic Studies senior fellow for Russia and Eurasia Nigel Gould-Davies wrote that Russia’s build-up is part of a comprehensive strategy which includes “snap military exercises in Belarus; a series of naval exercises around the world; a cyber-attack on Ukraine; and depletion of gas storage in Europe”.
It would not be surprising to many that these cyber-attacks are part of the Russian offensive toward Ukraine. For many Russia, alongside China, are seen to be at least tolerant of cyber-criminals on the provision their actions do not impact Russian organizations.
Outside of Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) in the US, the UK’s National Cyber Security Centre and Poland’s digital ministry have all issued various statements and warnings that as a result of the growing tensions between Russia and Ukraine organizations are vulnerable to cyber-attacks.
One cyber security firm, Cybereason, noted in a recent blog written by CEO and co-founder Lir Div that cyber attacks should be expected whether a Russian invasion of Ukraine happens or not.
“If an invasion does not occur, we can still expect that cyberattacks against Ukraine and allied nations will likely persist.”
The EU, NATO member states and the US is particularly vulnerable to cyber attacks outside of Ukraine in the event of an invasion, wrote Div.
On 16 Febrary, the CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) released a joint Cybersecurity Advisory (CSA) highlighting regular targeting of US cleared defense contractors (CDCs) by Russian state-sponsored cyber actors.
According to the CISA, the actors have targeted both large and small CDCs and subcontractors with varying levels of cyber security protocols and resources.
Update: The original version of this article was updated following the CISA joint advisory release