Ongoing Distributed Denial of Service (DDoS) cyberattacks on Ukraine, strongly suspected to be the work of Russian hackers, have pushed its Ministry of Defence (MoU) and two national banks offline. Though unsophisticated, DDoS attacks remain popular with cybercriminals and are often used to mask more subtle breaches. Researchers fear this may be the case in the Ukraine incident as tensions with Russia continue to rise.
The DDoS attacks began yesterday, and crippled MoU online infrastructure, as well as that of two major Ukrainian banks, PrivatBank and Oschadbank. The MoU announced “an excessive number of requests per second were recorded,” on its web portal, adding: “Technical works on restoration of regular functioning are being carried out.” A follow-up statement this morning confirmed that the wave of DDoS attacks was ongoing.
The Ukrainian Centre for Strategic Communications and Information Security confirmed the attacks had impacted the national banks. “Ukraine’s largest state-owned bank, Privatbank, has been under a massive DDoS attack. Users of the bank’s internet banking service Privat24 report problems with payments and the application in general,” it said, adding that customers of Oschadbank were also seriously affected.
Ukrainians also received false information via SMS at the time of the attacks, as reported by the Ukrainian cyber police. “Information about technical malfunctions of ATMs, disseminated through spam, is not true,” it said.
What could the Ukraine DDoS attacks mean?
These attacks are consistent with other cyber activity targeted at Ukraine by Russia, says Jamie MacColl, research fellow in cyber threats at the Royal United Services Institute (RUSI). “This definitely fits within a pattern of making life difficult for citizens and the government by not allowing them to access important services,” he says.
While they do not appear to be serious, they could be an indicator that other more subtle cyber manoeuvres are happening beneath the surface says Justin Fier, director of cyber intelligence and analytics security company Darktrace. “We sometimes see noisy attack techniques like this used to distract security teams while bad actors remain inside digital systems to carry out more deadly attacks behind the scenes,” he says. These secondary attacks can take many forms, including “stealing or altering sensitive data, shutting down critical systems or simply lying dormant until the right time comes,” Fier says.
There is a likelihood that Russian intelligence agencies have penetrated much more sensitive and critical networks in Ukraine says Vlad Styran, co-founder and CEO of Ukrainian security company Berezha Security Group. “Behind this drama is most probably something more subtle, we must be on high alert,” he says.
It is also possible that the attacks were meant to test Ukraine’s defences, to see how its infrastructure would react to future attacks, continues Styran. “If it’s not a diversion, it may be the dry run, a measurement of the capability required to put it down.”
Tech Monitor has reported on the ongoing cyber warfare campaign perpetrated by Russia against targets in Ukraine, and these latest attacks should not be seen in isolation, RUSI’s MacColl says. “These attacks have never really stopped,” he says. “I think it’s important to bear in mind that it’s not the imminent threat of invasion that has spurred on Russian cyber activity against Ukraine, it has been going on for eight years.” He adds: “There will continue to be cyber incidents like this that are designed to keep up pressure on the Ukrainian government and its citizens to sow confusion.”
DDos attacks remain a popular weapon for cybercriminals
DDoS attacks involve the crashing of a site by overwhelming servers with millions of simultaneous hits. One of the older and cruder techniques deployed by cybercriminals, their prevalence spiked in the past 12 months according to a report released by security company Radware.
With many organisations relying on remote operations, teleworking and remote access infrastructure during the Covid-19 pandemic, DDoS attacks have proved a useful attack method to target the back-end of the communication structure of businesses.
The Ukrainian banks are far from the only financial institutions to face such attacks, with the number of DDoS attacks on banks rising 30% in the first quarter of 2021 alone. “Attacks on finance changed from infrequent, high-volume attacks in December and January to smaller, more frequent, global attacks in March, impacting more offices and branches of organisations,” the Radware report says.
These attacks are easy for criminal gangs to mount, but also relatively simple for businesses to withstand, Styran says. “It’s child’s play,” he explains. “Anyone can do it because it’s cheap and relatively accessible in the black market.” This is why, he says, this week’s Ukraine incident is “unlikely that it was just DDoS. DDoS is always a diversion.”
Claudia Glover is a staff reporter on Tech Monitor.