Over a dozen Ukrainian government website have been down since Friday, following a cyber-attack that also targeted the embassies. Among the embassies impacted were the UK, US and Sweden, as well as the foreign and education ministries. It is still unclear who is behind the attack. Before the website went down a message appeared on the screens of those affected with a warning that said “prepare for the worst.” A spokesperson has said previous cyber-attacks had originated from Russia, who has not yet provided a comment.
It has been confirmed that as of now no personal data has been leaked, and no content has been changed. Foreign policy chief, Josep Borrell has stated that the EU’s resources are all going toward helping Ukraine deal with this incident.
George Papamargaritis, MSS Director, Obrela Security Industries said that: “currently, it is unclear who is responsible for the attacks, but caution has to be taken when attributing cyber-attacks to a specific country or group operation. A hasty attempt at identification could lead to false attributions of responsibility. Cyber attacks are highly decentralised and in most cases, the actors utilise multiple levels of cross-country access to hide their origin, identity and intent. This is especially true in cyber attacks that affect the integrity and confidentiality of systems and data, attacks that are often carried out by highly sophisticated adversary groups. These adversaries follow a chain of command which crosses country restrictions and may involve multi-national groups with varying levels of knowledge related to the mission objectives. Revealing the originating actors is achieved through cross-country investigation and co-operation, which is crucial as a chain of custody. As such, any actions made in response to a low-confidence attribution of responsibility should be carefully considered, even if the intent is to demonstrate readiness.”
Javvad Malik, lead security awareness advocate at KnowBe4 also commented on the incident: “These attacks show signs of being a coordinated state-backed operation. It highlights the importance for all organisations and countries to take cyber security seriously and invest in the appropriate controls to help prevent, detect, and respond to any attacks. Many times, state-backed actors will also use standard attack methods such as social engineering, taking advantage of unpatched software, or weak credentials. Detection controls could have also helped spot data being inappropriately accessed and exfiltrated. In today’s day and age, protecting data isn’t just about protecting data, but it’s about protecting people.”
“Although this looks like a nation-state attack, it perfectly illustrates how supply chains and networks make everybody vulnerable. In this case, it only needed a breach in one arm of the Ukrainian government to take whole swathes of it down,” said Jamie Akhtar, CEO and co-founder of CyberSmart. “It’s a timely reminder to all of us to be mindful of our interconnectedness, whether that’s in our personal online lives or at work. And it’s also a reminder that the best way to prevent cyberattacks of this nature is through cooperation between businesses, partners or state departments.”
Peter Draper, Director of EMEA, Gurucul says that: “In terms of attribution, the current and historic tensions between Ukraine and Russia suggest that this was Russian State sponsored attack. However, it seems less hardcore than previous Russian state sponsored attacks which have been seen in the wild. There are many hacker groups within Russia and this attack seems more likely to have come from one of the lesser groups and potentially more patriotic focused than trying to do real damage. This attack may be evidence of a campaign that ran over a few years, where the groundwork for the attack was laid during the annexation of Crimea. Now hackers could be exploiting the vulnerabilities they had access to because it was convenient for them to do so.”
Ken Westin, Director, Security Strategy, Cybereason, concludes:”The reported cyberattacks against several Ukrainian government websites and possibly the U.S., UK and Swedish embassies is the natural progression of propaganda, analogous to leaflets being dropped from airplanes to trigger fear amongst a population. Website security is often more lax than in other areas and often hosted outside of a network which is more tightly secured. Websites of course are Internet facing and historically less likely to be patched which makes them easy targets for compromise. This attack achieved its objectives, as the media has further amplified the compromises and the average person may not understand the difference between a website defacement and a more serious intrusion. What is needed is a measured response and a broader and more extensive investigation to see if the attack resulted in material loss because at this time, details are scant and it would be inappropriate to assume anything.”