Ground, air, sea, and cyber: Ukrainian websites were hit by another DDoS attack yesterday. Experts believe they will only increase

Cyber attacks against Ukraine are expected to increase even more. Fleeing Kyiv, this morning. Photo by REUTERS/Valentyn Ogirenko

As the Russian attack on Ukraine is now underway with massive ground, air and maritime forces invading the country, a new aggressive act attributed to Moscow is also attacking the Ukrainian cyber sphere.

Taking to Twitter, ESET researchers announced they had discovered a “new data wipe malware” used in Ukraine on Wednesday. The cybersecurity company’s telemetry “shows that it was installed on hundreds of machines in the country." In an official publication released shortly after, the company noted that the attack was spotted in the early hours of Wednesday morning, but compiled in late December - suggesting the attack has been in tthe works for quite some time.

ESET refers to the destructive malware as HermeticWiper, and mentions it follows the DDoS attacks against several Ukrainian websites which took place earlier yesterday. Ukrainian Minister of Digital Transformation, said on his Telegram channel that the Ministry of Foreign Affairs as well as the parliament’s website were down due to a DDoS attack. Last week, the Ukrainian Defense Ministry website was attacked, as well as offline banks.

“We believe that the Russian government is responsible for wide-scale cyberattacks on Ukrainian banks this week. We have technical information that links the Russian Main Intelligence Directorate, or GRU, as known GRU infrastructure was seen transmitting high volumes of communications to Ukraine-based IP addresses and domains,” said Deputy National Security Advisor for Cyber & Emerging Technology, Anne Neuberger, during a special press briefing at the White House.

Neuberger warned that the Russian cyber aggression against Ukraine is only expected to increase, if Moscow takes further military action.

The Russian cyber war against Ukraine has been going on for the past 8 years, since the annexation of Crimea in 2014. The 2017 NotPetya attack is considered by many experts to be the most devastating cyber attack in history. The Kremlin denied involvement, as it had with regards to all other cyber attacks of which it was accused. Over the past weeks, since Russia began amassing troops near the Ukrainian border, the number of cyber attacks has increased exponentially.

International concerns of retaliatory cyber attack

Fears of a Russian backed cyber attack in light of this crisis are not limited to Ukraine. Last week, CISA launched a “Shields Up” campaign, urging augmented cyber security as “Russian state-sponsored cyber actors target defense contractor networks to obtain sensitive US defense information and technology.”

“While there are no specific or credible threats to the US at this time, Russia may consider taking retaliatory action in response to sanctions that may impact our critical infrastructure,” said CISA Director Jen Easterly in a tweet on Tuesday.

“Over the last decade, Russia has used cyber as a major part of its military activity beyond its borders, including to undermine, coerce, and destabilize Ukraine,” said Neuberger at the press briefing, adding that the US has been working to prepare for potential attacks since November.

Warning against potential attacks against American critical infrastructure, Neuberger urged the “private sector partners” to exercise incident response plans and put in place comprehensive cybersecurity defenses.

The European Central Bank has also warned banks against potential Russian cyber attacks, asking them to prepare. Reuters reports that banks were conducting cyber war games to test their readiness in fending off such an attack.

Supporting Ukraine

In addition to the US and Australian support, six European Union countries are also offering Ukraine cybersecurity assistance. Lithuania, Netherlands, Poland, Estonia, Romania and Greece have accepted the Ukrainian plea for help, and are sending experts.

“Ukraine might need help to deal with particular incidents or support to test their infrastructure looking for security weaknesses,” Lithuanian Deputy Defense Minister, Margiris Abukevicius, told Reuters.