Ukraine's Cyber Agency Reports Q2 Cyber-Attack Surge

The frequency and volume of cyber-attacks targeting Ukraine have surged over the second quarter of the year, according to a new report by the country’s State Service of Special Communications and Information Protection (SSSCIP).

Cyber-attacks have been increasing since Russia’s invasion, but there has been a rise in the second quarter of 2022, which saw 19 billion events processed by Ukraine’s national Vulnerability Detection and Cyber Incidents/Cyber Attacks System, the cyber agency reports. The number of registered and processed cyber incidents increased from 40 to 64.

There was also a “significant increase” in malicious hacker group activity in the distribution of malware, with the number of events in the “malicious code” category increasing by 38% compared with the first quarter of the year.

“The main goal of hackers remains cyber-espionage, disruption of the availability of state information services and even destruction of information systems with the help of wipers,” the SSSCIP said.

The number of critical events originating from Russian IP addresses decreased by 8.5 times compared with the first quarter. This is thanks to safeguards put in place by electronic communication networks and internet access services, which blocked IP addresses used by the Russian Federation, according to the SSSCIP.

Currently, the largest number of events are coming from source IP addresses in the USA, but this doesn’t mean attacks are coming from the area: IP addresses aren’t a reliable form of attribution since they can be spoofed. 

In fact, the “absolute majority” of registered cyber incidents are related to hacker groups funded by the Russian federation government, including GRU-affiliated Sandworm and Gamaredon, the SSSCIP said. In the second quarter of 2022, the main targets were the Ukrainian mass media and government and local authorities. 

The report shows how secure architecture and best practices are “at least as important, or perhaps even more important, than security technology,” said Ian Thornton-Trump, CISO at Cyjax. “There are great blue team lessons to be learned here.”

As the war continues, Thornton-Trump predicts Russian cyber-attacks could ramp up further. “Russia will use every means available to achieve victory, and cyber-attacks form an important part of their political and military operations.

“The tempo of the attacks may increase and even decrease with the ebb and flow of the physical battle. I’m sure we will see the rapid weaponization of vulnerabilities, especially Android, Microsoft and web browsers to try and make the attacks more effective against Ukraine defenders.”

What’s Hot on Infosecurity Magazine?