ISA Cybersecurity is horrified by Russia’s invasion of Ukraine. In addition to the unconscionable destruction and loss of life, we recognize that cyber attacks against Ukraine are causing disruption in the country, and could spread to other parts of the world including Canada.
Russian aggressions have not been limited to land, sea, and air. Co-ordinated DDoS and malware attacks against Ukraine have occurred along with the military incursion:
– Computer systems at the Ukrainian Parliament and Cabinet of Ministers, the Ministry of Foreign Affairs, Ministry of Defense, Ministry of Internal Affairs, and National Coordination Centre for Cybersecurity at the National Security and Defense Council among others have been targeted. Financial institutions like Ukraine’s largest bank Privatbank had their online services disrupted shortly before the invasion, and were attacked again during the initial hostilities. Privatbank now uses “slide to verify” challenges in an effort to separate human from bot traffic.
– A new malware strain called HermeticWiper has been detected in hundreds of machines across dozens of organizations in Ukraine. CISA has issued a bulletin about this novel malware that abuses legitimate drivers from disk management software to corrupt and destroy data on target computers. State-sponsored threat actors Sandworm are also aggressively deploying different strains of malware like Cyclops Blink to compromise and seize control of target computers.
The response by Ukrainian authorities has been swift, and most services are running again. Internet and mobile support remain operational, though government agencies and banks continue to be flooded with DDoS traffic in an effort to disrupt their operations and hamper communications.
While there are no current credible, imminent cyber threats beyond direct Ukrainian targets, this could change at any moment given heightened global tensions. Russian President Vladimir Putin has threatened significant reprisals against any country implementing sanctions against his country. Hacker group Anonymous has “declared war” against the Putin regime, increasing the risk of indiscriminate counterattacks. Even organizations that are not direct targets of retaliation could be affected by supply chain or infrastructure compromise. Attacks could take the form of DDoS, ransomware, or simply cyber strikes designed to disrupt and damage assets, without seeking financial payoff.
ISA Cybersecurity is on heightened alert for potential state-sponsored cyber threats. We continue to monitor the situation closely and, as always, we are responding rapidly to protect our customers against any emerging threats.
We urge you to strengthen your internal defenses to prepare for potential cyber attacks as well.
Immediate steps you can take to mitigate risk and enhance your cybersecurity posture:
– Heighten your vigilance and monitoring for suspicious activities or threats
– Patch known vulnerabilities
– Ensure your cyber incident response plan is up to date. If you do not have one, create one immediately
– Follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management
– Refer to the Canadian Centre for Cybersecurity (CCCS) and the “Shields Up” portal developed by the Cybersecurity Infrastructure Security Agency (CISA) in the United States for additional bulletins and updates
ISA Cybersecurity condemns the invasion and all acts of violence. We hope for a quick and peaceful resolution to the situation – meanwhile, we are showing our support for Ukraine by making a donation to the Canadian Red Cross’s Ukraine Humanitarian Crisis Appeal.
If you have questions or concerns, please contact us at firstname.lastname@example.org or 1-877-591-6711.