DDoS attacks on Ukraine could be masking something else

Ongoing Distributed Denial of Provider (DDoS) cyberattacks on Ukraine, strongly suspected to be the perform of Russian hackers, have pushed its Ministry of Defence (MoU) and two national banking companies offline. However unsophisticated, DDoS assaults continue to be preferred with cybercriminals and are normally made use of to mask additional subtle breaches. Researchers worry this could be the scenario in the Ukraine incident as tensions with Russia go on to rise.

Ukraine DDoS attacks
PrivatBank is one particular of two Ukrainian financial establishments to be specific in a DDoS cyberattack. (Photo by Ethan Swope/Bloomberg by way of Getty Images)

The DDoS assaults commenced yesterday, and crippled MoU on the net infrastructure, as properly as that of two major Ukrainian banking companies, PrivatBank and Oschadbank. The MoU introduced “an extreme amount of requests for every next had been recorded,” on its net portal, incorporating: “Technical operates on restoration of frequent functioning are getting carried out.” A stick to-up statement this morning verified that the wave of DDoS attacks was ongoing.

The Ukrainian Centre for Strategic Communications and Information and facts Protection verified the assaults had impacted the countrywide banking companies. “Ukraine’s greatest condition-owned bank, Privatbank, has been underneath a significant DDoS assault. Users of the bank’s world wide web banking provider Privat24 report challenges with payments and the software in standard,” it reported, adding that shoppers of Oschadbank ended up also critically impacted.

Ukrainians also acquired false facts by means of SMS at the time of the assaults, as reported by the Ukrainian cyber law enforcement. “Information about complex malfunctions of ATMs, disseminated via spam, is not genuine,” it claimed.

What could the Ukraine DDoS attacks indicate?

These assaults are regular with other cyber action focused at Ukraine by Russia, claims Jamie MacColl, research fellow in cyber threats at the Royal United Solutions Institute (RUSI). “This unquestionably suits inside of a pattern of making existence tough for citizens and the authorities by not permitting them to accessibility significant services,” he claims.

While they do not show up to be critical, they could be an indicator that other extra subtle cyber manoeuvres are occurring beneath the area states Justin Fier, director of cyber intelligence and analytics protection business Darktrace. “We occasionally see noisy assault methods like this utilised to distract safety groups although undesirable actors continue being within electronic devices to carry out much more deadly attacks guiding the scenes,” he claims. These secondary attacks can get quite a few types, which include “stealing or altering delicate facts, shutting down vital techniques or just lying dormant until eventually the correct time arrives,” Fier says.

There is a chance that Russian intelligence organizations have penetrated significantly extra sensitive and vital networks in Ukraine states Vlad Styran, co-founder and CEO of Ukrainian security company Berezha Stability Group. “Behind this drama is most almost certainly anything additional refined, we ought to be on superior alert,” he says.

It is also feasible that the assaults were intended to test Ukraine’s defences, to see how its infrastructure would react to long term assaults, carries on Styran. “If it’s not a diversion, it may perhaps be the dry operate, a measurement of the capability required to put it down.”

Tech Keep track of has reported on the ongoing cyber warfare campaign perpetrated by Russia versus targets in Ukraine, and these most up-to-date assaults must not be viewed in isolation, RUSI’s MacColl suggests. “These attacks have by no means truly stopped,” he says. “I think it’s significant to bear in intellect that it is not the imminent threat of invasion that has spurred on Russian cyber activity in opposition to Ukraine, it has been likely on for 8 many years.” He adds: “There will carry on to be cyber incidents like this that are created to retain up force on the Ukrainian govt and its citizens to sow confusion.”

DDos assaults keep on being a common weapon for cybercriminals

DDoS assaults include the crashing of a website by overpowering servers with thousands and thousands of simultaneous hits. A person of the more mature and cruder techniques deployed by cybercriminals, their prevalence spiked in the previous 12 months according to a report released by security corporation Radware.

With quite a few organisations relying on remote operations, teleworking and distant obtain infrastructure all through the Covid-19 pandemic, DDoS assaults have proved a valuable assault approach to concentrate on the back again-stop of the conversation structure of companies.

The Ukrainian financial institutions are significantly from the only economic institutions to encounter these attacks, with the quantity of DDoS assaults on banking companies climbing 30% in the initially quarter of 2021 by yourself. “Attacks on finance modified from rare, superior-volume attacks in December and January to smaller, far more repeated, world-wide assaults in March, impacting additional workplaces and branches of organisations,” the Radware report states.

These assaults are easy for felony gangs to mount, but also fairly very simple for organizations to withstand, Styran states. “It is really child’s engage in,” he describes. “Everyone can do it because it really is inexpensive and fairly accessible in the black industry.” This is why, he says, this week’s Ukraine incident is “not likely that it was just DDoS. DDoS is often a diversion.”


Claudia Glover is a team reporter on Tech Watch.