DEFENCE OF THE COUNTRY SPECIAL PROJECT
UA

CYBERATTACKS ON UKRAINIAN BUSINESSES CONTINUE: HOW TO PROTECT YOURSELF

SPONSORED BY OCTAVA DEFENCE
03 May 2024
Israel is a nation surrounded by enemies not only physically, but also in cyberspace. Hybrid threats, attacks on government agencies and communications companies have made data protection a part of the Israeli defence doctrine.
A large domestic need has spawned a slew of startups and transformed Israel’s cybersecurity sector into a profitable business. Today, Israel is the world’s second largest provider of such services. Annual exports amount to US$3.5 billion, while local companies are taking over the lion’s share of global cybersecurity investments.
Ukraine has no choice but to walk the same path. Domestic companies and government agencies also find themselves in a situation of constant threat. However, Ukraine’s enemy is richer and more experienced, and the cyberspace under its protection much more expansive.
Russian cyberattacks have demonstrated that Ukraine needs to think about data protection in the same way it thinks about protecting the sky. And this line of thought should be employed by each individual company.

Russian cyberattacks continue

Since the beginning of the full-scale invasion, every Ukrainian has felt the consequences of Russian hackers’ activities. It all started back in January 2022, when 15 websites of government agencies went down at once under a massive cyberattack. To sow panic, hackers posted the following message on one of the affected sites.
Translation of the image:
"Ukrainians! All your personal data has been uploaded to a public network. All data on the computers is being destroyed and cannot be recovered. All information about you has become public, so be afraid and expect the worst. This is to punish you for your past, present, and future. For Volyn, for the OUN-UPA, for Galicia, for Polesia, and for historical lands".
Last December, the Russians managed to shut down the Kyivstar mobile operator for two days. This left half of the country without communication, and the company suffered billions of hryvnias in losses. Early in 2024, hackers attacked the Parkovyi Data Centre, disrupting the operations of Naftogaz, Ukrainian Railways, Ukrposhta, and the Shliakh system.
According to the Switzerland-based CyberPeace Institute, 3,255 cyberattacks, including 574 against Ukraine, were launched from January 2022 to December 2023.
Source: CyberPeace Institute, Switzerland
Websites of the government agencies that provide services to citizens and handle a large amount of data suffer the most. In terms of the number of attacks, the financial sector is next, followed by the media, IT companies, and the energy industry. All of these sectors are vulnerable and need to be protected before all else.
DDoS is the most frequently used type of cyberattacks. Simply put, it floods the website by sending millions of requests each second. Such attacks can render a website unavailable for a few hours. This might paralyse the provision of key public services or shut down an online railway ticket service in the city during hostilities, generating panic.
Attacks using wiper malware are more deadly. They infect computers with a virus capable of destroying data. Unless the company or organisation has quick access to backups, this could shut it down for a long time. Either way, this results in losses.
Computers are often hacked to steal data for intelligence purposes. For example, the Russians are known to use data on the places of residence of veterans of the 2014-2018 Anti-Terrorist Operation to carry out repressions in the occupied territories. This is the kind of data that is being handled by government agencies. Such attacks can go unnoticed, unless an organisation monitors cyberthreats on a regular basis.
Attacks on Ukrainian media are also widespread. The Russians pursue quite an obvious purpose here by hacking the news websites and social media accounts to spread their propaganda. For example, after hacking Ukrainska Pravda’s account on X (formerly Twitter), the invaders started spreading fake news about the "defeat" inflicted by the Russians on the elite units of the Ukrainian Armed Forces in Avdiivka.

How viruses find their way onto Ukrainian computers

Most often, this happens due to human error or small, hardly noticeable breaches in the system.
According to Oleksandr Atamanenko, a cybersecurity expert at Octava Defence, email messages represent one of the most popular entry points for hackers. Two types of such messages exist – a malicious program disguised as a useful attachment, or a phishing email. Such a message would encourage the user to follow a link to a clone of a website and enter their account data there, thereby granting access to the malefactors.
It was through phishing that the Russians managed to gain access to Delta, a Ukrainian military situational awareness system, for 13 minutes. Two servicemen took the bait, infecting their devices with malware. Luckily, the intruders were prevented from accessing much information, since each account in this system is granted restricted access to information, while the access for higher-level commanding officers is more heavily protected.
"Passwords may be stolen while working at home, where protection against hacker attacks is weaker. Users sometimes set passwords that are too weak, such as ‘1234’, which are easily hackable. In some instances, viruses enter office computers via a USB flash drive, as was the case with the Stuxnet virus that put brakes on Iran’s nuclear programme. Our government agencies would sometimes exchange information via USB flash drives," noted Atamanenko.
According to him, hackers also take advantage of software vulnerabilities. All the most popular software from even the best IT companies, including the Windows OS, has such security flaws.
Developers release updates almost every month to eradicate these vulnerabilities. However, users often hold off on updating their software until later, enabling exploitation of software flaws by hackers. A single vulnerable computer on the secretary’s desk can become an entry point for a virus.
"Information about certain software vulnerabilities is widely available, it can be bought, for example, on the darknet. Last winter, a vulnerability in Microsoft Outlook surfaced, and the developer released a patch to fix the bug in a few days. I know of a case where this vulnerability was exploited. That is, it took an intruder only a few days to identify the software problem and attack its target before the vulnerability was closed by the developer," Atamanenko emphasised.

Protecting against cyberattacks

Not a single organisation is impenetrable against cyberattacks. Even the Pentagon’s system gets hacked once in a while. The US Government recently held the Hack the Pentagon hackathon, during which 1,400 hackers searched for system vulnerabilities and identified more than 100 of them.
Ukraine has found itself between the devil and the deep blue sea. On the one hand, it is being attacked by ordinary cybercriminals and, on the other hand, by Russian hackers. Companies and government agencies can sift out most threats if they take security seriously.
First of all, the company needs to understand what kind of IT infrastructure it has. Broadly speaking, what exactly it must protect. In an online store, protection would be built around the main website, while in a logistics company – around the vehicle route planning system, etc.
According to Atamanenko, cybersecurity implies a systematic effort. It cannot be done on a piecemeal basis, relying only on online recommendations. It must represent a compact ecosystem that responds to threats with all available tools – from risk assessment, implementation of appropriate security measures, proper configuration of the IT infrastructure, and to appropriate briefing of employees.
Cybersecurity is not a one-time event, but rather an ongoing process that requires investment. Technology is changing rapidly, which means that hacker attacks are becoming more sophisticated. This calls for a proper response through monitoring of IT infrastructure to detect suspicious activity, along with modifications to security methods.
Hiring experts full-time to secure digital infrastructure is usually prohibitively expensive.
"Cybersecurity professionals are very well-paid. A team of such experts may cost a company half a million hryvnias a month [about US$12,500 – ed.], which isn’t easily affordable," pointed out Atamanenko.
Hiring such a team would make sense for larger companies, while smaller companies, which lack a well-developed IT infrastructure, can manage by sharing a single team. This is the reason why cybersecurity professionals can be outsourced.
Octava Defence, one of the leaders in the cybersecurity market, provides services to multiple clients simultaneously at much lower prices for each customer. This involves a classic set of cyber defence services, such as assessment of IT infrastructure and analysis of potential threats, development and implementation of security solutions. And all this – with due regard given to the specifics of each organisation’s operation.
Monitoring events in the IT infrastructure, responding to identifiable indicators of a hacker attack, and investigating suspicious incidents are essential to present-day cybersecurity. To this end, Octava Defence has developed SOC — the first commercially available surveillance system in Ukraine, offering real-time collection of data on cyberthreats, finding prompt solutions to problems, and reporting to the customer.
Octava Defence’s staff comprises analysts who are aware of global trends and are guided by international security standards, being one step ahead in anticipating threats.
The protection of Ukrainian cyberspace must be based on the protection of each computer in every company. Finding a reliable partner is the first step in this process.
©2000—2024, Ukrainska Pravda. Please add a reference (hyperlink for online publications) when using our publications.