Cyberattacks instead of Tanks: Ukraine Suffers Another Attack in Cyberspace

Navigation and useful materials

The world was expecting a large-scale armed invasion of Ukraine on February 16, but the country suffered another cyberattack instead, on a major scale and scope.

The State Special Communications Service and other agencies held a joint briefing on the cyberattack on Wednesday (February 16th).

What do we know as of now? Experts have found that the attack:

• took place using a combination of the methods and technologies: UDP flood, SYN flood, MAC flood, BGP hijacking, DNS Amplification etc
• cost millions of dollars        
•  is considered the largest in the history of Ukraine
• had been prepared in advance
• was coordinated by a third party   

Who was behind the attack? From the experience of previous attacks:

• they are carried out by governments directly through special services, or through criminal hacker groups under their control
• special infrastructure is created for them in advance    
• Russia and its satellites are most interested parties in the decline of Ukrainian infrastructure. 
• SBU believes that it is actually Russian special services that may be involved in the attack    

As of now, the following objects have become targets of this attack:

• applications Privat24, Oshchadbank 24/7, Monobank  
• Diia public service portal
• government websites, in particular, the Ministry of Defence, the Armed Forces, the SBU, external intelligence services
• website of the Centre for Strategic Communication and Information Security

The key goal of the attack is to demonstrate the omnipotence of foreign intelligence services and the weakness of the Ukrainian government, and to sow panic and chaos in society.

It should be noted that the attack began fake texts sent en masse about disruptions in the functioning of banks. Because of them, Ukrainians rushed to check bank applications or withdraw money at ATMs. This effectively increased the power of the attack, creating an additional load on the systems. Which, in turn, helped the aggressor implement its plans.

What are the consequences? Fortunately:

• no thefts or data leaks took place 
• the work of the systems was quickly restored 
• the situation is currently fully under control 

What is important to remember?

This is not the first nor even the second cyberattack on Ukrainian websites and infrastructure. Since the beginning of the Russian military aggression, Ukrainian online resources have regularly faced attacks. Some cyberattacks were so massive that they have already become teaching material for cyber specialists worldwide.

The aggressor uses such attacks when they run out of other “arguments” for pressure.

Can you protect yourself?

Russia is putting huge resources into cyberwarfare; they have even successfully attacked the United States and hacked politicians’ emails. Therefore, no one can guarantee 100% protection of information that is connected to the network.

For Ukraine and the world, though, this new cyberattack, if the Russian trace proves true, can be considered an attack against Ukraine, since websites of government agencies have been targeted. This means that Russia must bear responsibility and sanctions for it.