Join today’s leading executives at the Data Summit on March 9. Register here.
A Ukrainian agency said on Saturday that government websites have been hit by continuous distributed denial-of-service (DDoS) attacks, which the agency blamed on “Russian hackers” since the Russian invasion on Feb. 24.
However, “despite all the enemy assets involved, the locations of the central government agencies are available,” Ukraine’s State Service for Special Communications and Information Protection (SSSCIP) said in a tweet.
Since the invasion, the Ukrainian government has focused much of its public communications on the Russian-induced military conflict on the ground. However, the tweets were an admission that Ukraine has also faced attacks on the cyber front. It also appeared to be the first time cyber-attacks have been attributed to threat actors in Russia since the invasion began.
DDoS attacks on military and financial institutions in Ukraine that took place prior to the invasion, on February 15-16, were blamed on the Russian government by officials in the US and UK. DDoS typically tries to force websites or networks offline by overwhelming servers with traffic.
‘Non-stop’ attacks
in his tweets on Saturday, the SSSCIP said that “Russian hackers continue to attack Ukrainian information sources non-stop,” and have been doing so “since the beginning of [the] invasion.”
The agency specified that the attacks were DDoS attacks “mainly” targeting the websites of the Ukrainian Parliament (Verkhovna Rada), President Volodymyr Zelenskyy, the Cabinet of Ministers, the Ministry of Defense and the Ministry of Internal Affairs of Ukraine.
The “Most Powerful” DDoS Attacks on Ukrainian Government Sites peaked at more than 100 Gbps, according to the SSSCIP. While well above the average size of a DDoS attack, Radware research shows that the largest DDoS attack recorded in the first three quarters of 2021 was 348 Gbps — or 3.5 times the size of the most powerful DDoS attack. attacks against Ukraine.
The DDoS attacks on Ukraine are “absolutely no records”, said Chris Partridgea security professional who tracked cyber-attacks during the Russia-Ukraine conflict.
“But I think it’s a good sign that Ukraine has been able to repel some of these attacks from Russia,” Partridge said in a message to VentureBeat.
In the recent attacks, “all residents could do was replace the front pages on some local authorities’ sites,” the SSSCIP said in a tweet before to add: “We will persevere! On the battlefields and in cyberspace!”
Meanwhile, hackers in the Ukrainian IT military and hacktivist groups like Anonymous continue to hit back with DDoS attacks on Russian targets.
At the latest check, numerous government, financial and media websites targeted by the Ukrainian IT military saw 0% or 10% uptime in Russia, according to data posted by Partridge on GitHub.
Anonymous attack
On Sunday, Anonymous claimed on Twitter that it had replaced the live feeds of several Russian TV channels and streaming services with video footage of the war in Ukraine, along with an anti-war message.
Jeremiah Fowler, co-founder and senior security researcher at Security Discovery, told VentureBeat that its cybersecurity research firm captured a video of a Russian state television channel that was hacked to display pro-Ukrainian information. “I would flag this claim” [from Anonymous] as true, as they most likely have come to other channels as well,” Fowler said in an email.
As part of a recent investigation into the efforts of hacker groups like Anonymous to launch cyber-attacks against Russia, Fowler said he was able to locate an Internet and cable provider’s database in Russia of ports and paths, and source locations from which shows are streamed from.
“It’s very possible that someone could hijack the feed and trick or fake the channel into believing it’s taking programs from the legitimate source and showing viewers different video footage instead,” Fowler said.
The cyber effort to help Ukraine is also getting help from the US cyber command, The New York Times reported Sunday. The agency’s “cyber mission teams” are currently operating from Eastern European bases “to disrupt Russia’s digital attacks and communications,” the Times reported.
Since the US Cyber Command is part of the Department of Defense, the question arises as to whether this makes the US a “competitor,” the report said. From the New York Times report:
Under the US interpretation of the laws of cyber conflict, the United States can temporarily suspend Russian capacity without committing an act of war; permanent disability is more problematic. But as experts acknowledge, when a Russian system goes down, Russian units don’t know whether it’s temporary or permanent, or even whether the United States is responsible…
Government officials are understandably tight-lipped [about what Cyber Command is doing], says ongoing cyber operations, which have been moved from an operations center in Kiev to one outside the country in recent days, are some of the most secretive elements of the conflict. But it is clear that the cyber mission teams have been monitoring a number of known targets, including the activities of the GRU, Russia’s military intelligence operations, to try to neutralize their activities.
Guidelines for the US
In the US, the federal Cybersecurity and Infrastructure Security Agency (CISA) has also advised on vulnerabilities that could be related to threats emanating from Russia, possibly in retaliation for Western sanctions against Ukraine. Last Thursday, CISA added 95 vulnerabilities to the Known Exploited Vulnerabilities Catalog.
It’s unusual for the agency to add “more than a handful” of vulnerabilities to their catalog at once, said Mike Parkin, senior technical engineer at Vulcan Cyber. Given the situation in Ukraine, “these additions are likely an effort to prevent cyberwar activities from being spread to US organizations covered by the CISA guidelines,” Parkin said.
The 95 vulnerabilities added to the CISA catalog on Thursday all have short deadlines for remediation by federal agencies — in March, noted Viakoo CEO Bud Broomhead. And most are in common systems, including 38 for Cisco products, 27 for Microsoft products and 16 for Adobe products, Broomhead said.
So far, there is “no direct evidence that state, state-sponsored or other threat actors who are friends with Russia have attacked US assets, there is no reason to believe they will not,” Parkin told VentureBeat. †[But] given that there is already extensive cyberwar activity between Russia and Ukraine and their supporters on both sides, it is very likely that allies on both sides will become targets of the cyber conflict.”
Many of Russia’s allies also view the US as an adversary on some level, and have their own well-equipped and well-funded cyberwarfare capabilities, he said.
“With all that, it’s likely that CISA included threats that were previously not considered risky as threat actors look for additional attack vectors,” Parkin said.
VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more
This post Ukraine: We have repulsed ‘non-stop’ DDoS attacks from Russia
was original published at “https://venturebeat.com/2022/03/07/ukraine-weve-repelled-nonstop-ddos-attacks-from-russia/”