As tensions continue to rise between Russia and Ukraine, threat actors have targeted both the Ukrainian government and other Ukrainian organizations. Denial-of-Service (DoS) attacks took down the Ukrainian Defense Ministry and Military’s websites. Similar attacks were deployed against PrivatBank and Oschadbank, two large banks in Ukraine. Although security experts have not currently confirmed that Russia was behind these attacks, Ukraine firmly believes Russian state actors are responsible.
Technical Detail & Additional Information
What is the threat?
Denial-of-Service attacks occur when an attacker successfully puts a service, website, or device into a state where it is unusable. In this case, these attacks were deployed against websites by flooding them with traffic to the point that they crashed. This makes the Ukrainian banks’ websites unusable for example, which directly impacts all bank activities and all of the banks’ customers.
Why is it noteworthy?
Whenever one nation launches a cyber-attack against another, this does not just increase cyber risk for involved nations, but it also impacts global cyber risks. While the attacks reported in this advisory were not sophisticated or difficult to mitigate, threat actors have previously used these attacks as a tactic to create a diversion to lay the groundwork for a more sophisticated and potentially more damaging attack. As a result, users should remain vigilant and pay close attention to the news cycle, especially since Russia is thought to be responsible for the SolarWinds and Colonial Pipeline attacks of 2020 and 2021.
What is the exposure risk?
There is not currently an active threat which organizations need to keep an eye on or apply patches to, but there is always a chance that this type of situation can lead to that being the case. This situation has actually maxed out the Cyber Attack Predictive Index (CAPI), a tool created by Johns Hopkins Information Security Institute, with a score of 25. As this situation progresses, new vulnerabilities and attacks may appear in the wild, so it is important to keep an eye out for any emerging threats. The Barracuda MSP team will continue to monitor for any suspicious activity.
What are the recommendations?
Barracuda MSP recommends keeping an eye out for any news that comes out pertaining to this situation, particularly to the types of attacks that might be launched. If a product that you used in your organization has any vulnerabilities exposed, be sure to apply updates so that patches are applied. Additionally, keep an eye on any suspicious traffic that may be coming from outside of the country to your organization. As always, Barracuda MSP will be closely monitoring the situation and sharing information pertaining to any potential threats that it might pose.
References
For more in-depth information about the recommendations, please visit the following links:
- https://hub.jhu.edu/2022/02/15/russia-ukraine-maxes-out-cyber-attack-predictive-index/
- https://fortune.com/2022/02/16/ukraine-russia-cyberattack-banks-crisis/
- https://fortune.com/2022/02/15/markets-rally-russia-troops-ukraine-ruble-bitcoin-stocks/
- https://cyberheatmap.isi.jhu.edu/
- https://fortune.com/2022/02/15/russia-duma-putin-ukraine-donetsk-luhansk-donbas-recognition-georgia-south-ossetia/
This post was based on a threat advisory issued by our Barracuda Managed XDR team. For more info on how to best prepare your MSP business to protect clients from cyberthreats, visit the Barracuda Managed XDR page.