Join online with today’s leading executives at the Data Summit on March 9th. Register here.
Ukraine’s government agency said Tuesday’s Distributed Denial-of-Service (DDoS) attack against military and financial institutions in Ukraine was “the largest DDoS attack in the country’s history.”
Ukraine’s state service of special communications and information protection of Ukraine said in a statement posted online that Ukraine had “successfully thwarted” the attack. The DDoS attack targeted targets, including the websites of the Ministry of Defense and the Armed Forces of Ukraine, as well as the web services of a private bank and Oschadbank.
DDoS attacks typically try to bring down websites or networks by squeezing web server traffic. The Ukrainian agency said in a statement that “the main purpose is to spread panic among Ukrainians and destabilize the situation in the country.” “In fact, it was a massive stress test that Ukraine was enduring.”
The DDoS attack comes as Russia gathers an estimated 150,000 troops near Ukraine, US President Joe Biden said Tuesday. Russia has in the past been known to use cyber-attacks as part of military operations in Georgia and Ukraine, including the Crimean peninsula. Most recently, Ukraine blamed Russia for the January attacks that left dozens of government websites inaccessible or distorted.
Cyber security experts say that if Russia plans to invade Ukraine, it will undoubtedly use cyber-attacks as a core part of its strategy – as the country has done in previous military operations over the past decade and a half.
NATO Secretary-General Jens Stoltenberg said there was no evidence that Russia was withdrawing its forces near Ukraine, citing claims by the Russian military that it was beginning to retreat. According to the BBC, Stoltenberg said: “We see no sign of de-escalation on the ground.”
‘Traces of foreign intelligence’
Ilya Vituk, head of the cyber security department for Ukraine’s Security Service (SSU), discussed the incident during a news conference on Wednesday, which was reported by news outlets, including the New York Times.
The Ukrainian agency’s statement, posted online, also includes Whituk’s remarks, saying that with Tuesday’s DDoS attack, “there is a target of foreign intelligence services.”
“Based on current realities, the country that is interested in damaging Ukraine’s image is Russia,” Vityuk said, according to a version of the statement posted online. “However, this should be established in the relevant investigation.”
A separate statement from SSU, however, raises further doubts about possible Russian involvement. “According to preliminary information, Russian special services may be involved,” the statement said, according to the translation.
A Kremlin spokesman denied Russian involvement in the DDoS attack, according to a New York Times report. “We know nothing about it, but we are not surprised that Ukraine continues to blame Russia for everything,” said spokesman Dmitry S. Peskov, the report said. “Russia has nothing to do with any DDoS attacks.”
The attack targeting Ukrainian servers on Tuesday was indeed a powerful DDoS attack, according to the findings of cyber firm CrowdStrike.
“Telemetry acquired during the attack indicates a large volume of traffic of three orders of magnitude more than the regularly observed traffic,” Adam Meyers, senior vice president of CrowdStrike’s intelligence, said in an email statement.
In the attack, 99% of the traffic involved HTTPs requests, indicating that the attackers were trying to hijack Ukrainian servers, “Meyers said.
Impact on Western countries
However, “there is no evidence at this time to target Western institutions, but disruptive or destructive attacks targeting Ukraine are likely to have a collateral effect,” he said. “This could affect companies with a presence in Ukraine, which do business with Ukrainian companies or have a supply chain component in Ukraine, such as code development / offshoring.”
On Tuesday, Biden touched on the possibility of the impact of Russian cyber attacks on the US
“If Russia attacks the United States or its allies through asymmetrical means, such as disruptive cyber attacks against our companies or critical infrastructure, we are ready to respond,” Biden said.
In an email to VentureBeat on Tuesday, Justin Fear, director of cyber intelligence and analytics for the cyber firm Darktress, said DDoS attacks could also be a “diversion from something else, such as a stellar cyber attack.”
On Darktress, “Based on our customer base, we sometimes need loud attack techniques like this to distract security teams when bad actors stay in the digital system to carry out more deadly attacks behind the scenes,” Fier said.
This could include stealing or altering sensitive data, shutting down critical systems, or “simply shutting down until the right time.”
Cyber response from Ukraine
The Ukrainian agency’s statement provided additional details on how to defend against the DDoS attack:
After the government computer emergency response team CERT-UA received reports of disruptions on a number of government websites, some information resources were suspended to prevent the attack from spreading. Modern powerful systems were also used to counter DDoS attacks. This prevented attacks on other sites, including the websites of Ukraine’s security services, foreign intelligence services, etc.
“We have significantly reduced the level of malicious traffic by restricting access control lists and setting policies on anti-DDoS attacks. Our cleaning centers are functioning. So, despite the fact that the attack is still going on, and its average power reaches ten gigabits per second, the situation is completely under control: web resources continue to work, “said Victor Zora.
Serhiy Demduk, Deputy Secretary of the National Security and Defense Council of Ukraine, praised the response of the state cyber security system to the latest cyber attack. At the same time, national cyber security actors worked 24/7 not only in Ukraine but also in partner countries, including the USA and European countries, to reduce the consequences of cyber attacks, which he described as “informational and psychological”.
Ukraine’s security service is “investigating the DDoS-attack fact, which does not exclude the involvement of special services of the invading country,” the statement said.
Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more