Gisec 2022: Cyber attacks on Ukraine are intensifying, experts say

Security experts suggest current events could signal beginning of a cyber war

Powered by automated translation

Ukraine continues to face a barrage of cyber attacks from Russia and cyber criminals who support the war, computer security experts have said.

Hackers are allegedly aiming at Ukraine’s infrastructure, private companies and non-profit organisations as part of a hybrid war on the country, which involves online attacks.

Experts at the Gulf Information Security Expo and Conference (Gisec), which runs until March 23 at the Dubai World Trade Centre, described to The National the different types of digital attacks that Ukraine is facing.

Because of Internet of Things, everything works on the internet… the whole disruption just to the entire banking and healthcare system, no one can go online, then all of a sudden, the country goes down very quickly
Jason Steer, Recorded Future

“What we are starting to see in Ukraine is really the first step towards a hybrid type of war, where cyber is a key component of what's going on,” said Camille Charaudeau, vice president of product strategy of a French digital risk protection company CybelAngel.

Reports suggest Russia had launched hacking operations against Ukraine even before it invaded the country on February 24, but people working in the cyber security field have said the attacks are intensifying.

“Usually it starts with cyber and then goes deep into more traditional types of war. Ukraine is really an example of what many were anticipating in that area,” said Mr Charaudeau.

A week before the invasion, at least 10 Ukrainian websites stopped working because of distributed denial-of-service attacks, including those of the Defence Ministry, Foreign Ministry, Culture Ministry and Ukraine’s two largest state banks.

Customers at Privatbank and Sberbank reported problems with online payments and banking apps.

And several hours before the invasion, Microsoft had detected a new round of offensive and destructive cyber attacks aimed at Ukraine’s digital infrastructure.

"We remain especially concerned about recent cyber attacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organisations and enterprises," Microsoft said in a blog at the time.

"We have also advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets."

Russia has also been targeted by cyber attacks since the conflict began. On February 25, online hacking group Anonymous declared on Twitter that it was officially in a cyber war against the Russian government. Multiple Russian government databases have since been erased or replaced with pro-Ukrainian text.

The group's news account also tweeted footage showing that they had hacked into Russian streaming services Wink and Ivi, plus live TV channels Russia 24, Channel One, Moscow 24 to broadcast war footage from Ukraine.

Hackers continued to aim at Ukrainian military institutions, manufacturers and several other Ukrainian government agencies days after the invasion.

Mr Charaudeau said private and non-profit organisations are also being attacked, even global companies with a presence in the country were at risk.

CybelAngel is one of many cybersecurity companies that has been offering intelligence and defensive assistance to Ukrainian companies, including those in the healthcare, finance, oil and gas and retail sectors.

“What we see in Ukraine is that there are a lot of assets that are exposed, which means there may be confidential credentials and mentions of their projects that are exposed and accessible.

“As soon as we detect this, we proactively contact these organisations and let them know how that could be used against them during a type of cyber war.”

He said cyber criminals could prompt competitive espionage by leaking industrial or economic intelligence from a company.

Ransomware is another possibility, where an attacker blocks an organisation from their own data and asks for money in exchange for its return.

Jason Steer, chief information security officer at Recorded Future, an American intelligence company, said that attacking a country’s infrastructure is well-known a strategy in cyber war.

“The types of systems you’d want to compromise would be telecommunications, voice, 4G and 5G internet providers," he said.

“These [voice and internet communication] are the two biggest because they are trying to identify location of systems and devices and that becomes really powerful.

“Because of Internet of Things, everything works on the internet… the whole disruption just to the entire banking and healthcare system, no one can go online, then all of a sudden, the country goes down very quickly.”

After most of Ukraine lost internet access, billionaire Elon Musk opened up his Starlink satellite internet network to the country.

However, the SpaceX founder warned users that the broadband service could be aimed at.

"Important warning: Starlink is the only non-Russian communications system still working in some parts of Ukraine, so probability of being targeted is high. Please use with caution," he tweeted.

He also asked users to "turn on Starlink only when needed and place antenna away as far away from people as possible" and "place light camouflage over antenna to avoid visual detection."

Updated: March 21, 2022, 4:20 PM