Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime
Russia Says It's Seen 'Unprecedented' Level of Cyberattacks
Also: Anonymous Continues Its Cyberwar Against the Russian GovernmentNow in its fourth week, the Russia-Ukraine war has worsened, with Russian missiles reportedly striking just 43 miles from the Polish border on Friday. But as the Ukrainian military resists Russian advances toward its major population centers, its IT security teams are contending with record cyber incidents - although the same is true of their eastern neighbors, with Russia reporting "unprecedented" cyberattacks on its networks.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
According to a report from The Washington Post, Russia's Ministry of Digital Development, Communications and Mass Media told the country's state-run media agency, Tass, that it is "registering unprecedented attacks on government agencies' websites."
The ministry reportedly says that previous distributed denial-of-service attack strength reached 500GB "during peak moments" but has climbed to 1TB.
"[That means] two to three times stronger than the most serious such incidents recorded earlier," the ministry reportedly said this week.
The ministry reportedly said that alleged DDoS attacks striking Russian networks have involved government and banking sites, including the nation's central bank, the Bank of Russia. The ministry said defense efforts have stepped up to "filter foreign internet traffic," according to the same report.
Ukraine Faces DDoS
Meanwhile, the Ukrainians also say they are continuing to battle DDoS attacks. On Wednesday, the government reported that it has counted 3,000 such attacks since the outbreak of the war - which began on Feb. 24 -including a one-day record of 275.
In a statement, the State Service of Special Communication and Information Protection of Ukraine says: "Russia's aggression, the intensity of cyberattacks against Ukraine's vital information infrastructure hasn't decreased. While Russian missiles are targeting physical infrastructure of communication and broadcasting, Russian hackers are targeting our information infrastructure."
The most popular types of attacks are phishing, dissemination of malicious software and DDoS, the agency says, adding, "The most powerful of [the DDoS attacks] at their peak exceeded 100Gbps."
"Russian hackers most often attacked the information resources of government agencies, institutions and companies in the financial and telecommunications sectors," says Victor Zhora, deputy chairman of the communication and information protection service. "Despite their efforts, all the services are working and available to the consumers. Providers and operators are coping with cyberattacks against their networks.
"The majority of problems in the functioning of networks is related to their physical damage that we still manage to repair."
To help, the government says it has created a national roaming program to assist Ukrainians with "remaining online even if the network of their operator does not temporarily work because of hostilities or damage."
Russia Criticizes NATO Cyber Assistance
Russia's ambassador to Estonia, Vladimir Lipayev, claimed to Tass, the Russian state media agency, on Thursday that Ukraine working with the NATO Cooperative Cyber Defense Center of Excellence in Tallinn amounted to blackmailing Moscow.
Lipayev claimed the move revealed "the West's plans for gradually involving Ukraine in a system of anti-Russian military planning and its integration with NATO infrastructure," while also acknowledging that Ukraine and Estonia had for years already been collaborating on cyber defense.
Anonymous: The Latest
As the ground war has worsened, so too has the conflict's back-and-forth in the digital underground.
International hacking collective Anonymous, which late last month declared all-out cyberwar on the Putin regime, condemning the Ukraine invasion, has now reportedly tapped into CCTV cameras apparently located inside Russia. The hackers reportedly overlaid messages including "Putin is killing children" on the feeds labeled "Behind Enemy Lines," according to VICE.
Some of the live feeds, according to the same report, also carried the text: "352 Ukraine civilians dead. … Slava Ukraini! Hacked by Anonymous." The hack reportedly seized as many as 86 camera feeds.
Alhough some feeds purport to show ordinary Russian locales, Anonymous reportedly removed feeds showing house cameras "out of respect for the privacy of the Russian civilians," according to the same report.
Ramping Up Efforts?
According to recent posts on Anonymous-run social media channels, the collective aims to amplify its hacking efforts.
In an open letter attributed to Anonymous, GhostSec, SHDWSec and Squad303, the hacktivists believe Putin "cannot end the war in Ukraine until he has annexed it, or he is forced to," and thus, the hacktivists have been compelled to act swiftly, according to Homeland Security Today.
Squad303, believed to be hackers tied to Anonymous operating out of Poland, have also reportedly developed a tool - 1920.in - for nonhackers to send Russians millions of bulk text messages about truths around the Russia-Ukraine war.
According to the same report, the team incorporated the ability to send emails to random Russian accounts and Russian WhatsApp users. Altogether, Squad303 contends, some 20 million texts, emails and WhatsApp messages have been delivered to Russians via the tools.
"The crowdsourcing of this citizen cyberwar is extraordinary," Rosa Smothers, a former CIA threat analyst, tells ISMG. "People are [also] sending out Arnold Schwarzenegger's antiwar video, excited to contribute what they can to get the message to the Russian people."
Smothers, who is currently the senior vice president of cyber operations at the firm KnowBe4, adds: "Enabling nontechnical people to contribute will add further momentum. I don't see Anonymous or antiwar volunteers letting up until this war is over."
Wiper Malware
Researchers at the firm Eset have now uncovered another destructive data wiper used in attacks against organizations in Ukraine. This one, dubbed CaddyWiper by Eset's analysts, was first detected on Monday.
The wiper destroys user data and partition information from attached drives and was spotted on several dozen systems in a "limited number of organizations," Eset says.
Researchers say CaddyWiper bears no major code similarities to HermeticWiper or IsaacWiper - two other wiper variants that have been tracked on Ukrainian networks since Feb. 23.
Eset says in its report: "All these campaigns are only the latest in a long string of attacks to have hit high-profile targets in the country over the past eight years. … Ukraine has been on the receiving end of a number of highly disruptive cyberattacks since 2014, including the NotPetya attack that tore through the networks of a number of Ukrainian businesses in June 2017."
"As expected, destructive malware will be the de facto type of malware during the Eastern European conflict because it is designed to not only make targeted technologies inoperable but also unrecoverable," says Nasser Fattah, an adjunct professor of cybersecurity at the New Jersey Institute of Technology. "The goal is to destroy the underlying technology that supports critical business functions.
"Here, the destructive malware is politically driven, where complete system disruption can cause great financial harm, as well as significant human casualties - think water purification systems ceasing to work or hospitals not having electricity."
ISMG Executive Editor Mathew Schwartz contributed to this report.