Cyberattacks of unclear (but probably Russian) origin hit Ukrainian websites. The FSB “liquidates” REvil. And the US moves toward an approach to open-source software security.
Russo-Ukrainian tension has moved US authorities to issue an alert on the threat of Russian cyber operations. That alert came as the continuing effort to address Log4j vulnerabilities has raised concern about open-source software security.
Cyberattacks deface Ukrainian government websites.
Reuters reports that a “massive” cyberattack hit Ukrainian government websites yesterday. Websites operated by the Ukrainian Cabinet and at least seven ministries were affected. Some of the defacements told their Ukrainian audience to “be afraid and expect the worst.” The message, posted in Ukrainian, Russian, and Polish (all of which related Slavic languages are commonly spoken in Ukraine) read, in the Record’s “rough translation“:
“Ukrainian! All your personal data has been sent to a public network. All data on your computer is destroyed and cannot be recovered. All information about you stab (public, fairy tale and wait for the worst. It is for you for your past, the future and the future. For Volhynia, OUN UPA, Galicia, Poland and historical areas.”
The attacks seem to be simple defacements, an influence operation, and not the data-destruction and doxing the message claims. Note the implicit attempt to suggest that Poland and Ukraine have a historical dispute over Ukraine’s western territories. The Moscow Times reports that Ukraine’s SBU said that services had been restored to normal within hours of the attacks.
While it’s impossible at this stage to rule out hacktivism or provocation by some third party, the Ukrainian Foreign Ministry points to the obvious suspect: Russian intelligence services: “It’s too early to draw conclusions, but there is a long record of Russian (cyber) assaults against Ukraine in the past,” a spokesman told Reuters. Russian officials haven’t commented so far on yesterday’s case, but they’ve denied involvement in other past incidents that have been widely attributed to Moscow’s organs. Those include, in the AP’s tally this morning, 2014 attacks on electoral systems, attacks on regional power grids in 2015 and 2016, and the NotPetya attack of 2017.
Cyberattacks have been generally expected as part of gray zone operations and battlespace preparation as tensions n the region rise. Dice offers a representative example of such expectations, and CyberScoop discusses a probable role for Belarus as a Russian ally and cat’s paw in any such cyber operations.
Saryu Nayyar, CEO and Founder, Gurucul, wrote to offer some general reflections on what nation-state operations mean for organizations’ presence in cyberspace:
“Nation state threat actors continue to take an active involvement in destabilizing infrastructure, governments, and businesses whether for profit or pure political objectives. Security can no longer continue to be an insurance policy. It must become a critical part of the infrastructure at every step. World governments must start funding and investing in cyber security training, educational programs, and awareness. In addition, without continuous evaluation and investment in next generation security technologies that optimize security operations, threat actor groups will continue to be able to disrupt governments and economies.”
Alleged Ransomware Extortionists