Unclear if Russia behind latest Ukraine cyberattacks

Join today’s leading executives online at the Data Summit on March 9th. Register here.

“Powerful” cyberattacks launched against Ukraine’s military websites and two major banks in the country Tuesday were not immediately attributed to Russia — and cybersecurity experts noted that it could very well be a different threat actor behind the malicious activity.

As of this writing, Ukraine had not directly blamed the new cyberattacks on Russia.

The State Service of Special Communication and Information Protection of Ukraine said in a statement posted online that there was a distributed denial-of-service (DDoS) attack Tuesday against “a number of information resources of Ukraine.” The affected targets included the websites of the Ministry of Defense and the Armed Forces of Ukraine, as well as Privatbank and Oschadbank.

The “powerful DDoS attack” caused interruptions in web services of the two banks, the Ukraine government agency said, and also shut down access to the Ministry of Defense website.

The statement did not include any attribution for the cyberattacks, and a statement by the Ukrainian Ministry of Defense itself did not attribute the attacks, either. VentureBeat has reached out to the agencies for comment.

Russia has amassed an estimated 150,000 troops near Ukraine, U.S. President Joe Biden said Tuesday. And Russia has been known to use cyberattacks as part of military campaigns in the past, including in Georgia and the Crimean Peninsula in Ukraine.

Most recently, Ukraine blamed Russia for attacks in January that left dozens of the government’s websites inaccessible or defaced.

Still, the Russian military is saying it’s going to withdraw from the areas around Ukraine — though Biden said that there is no verification yet of a troop pull-back.

Some analyses have suggested that Russia does not have nearly enough troops stationed near Ukraine to mount a “full-scale offensive” into the country.

Other possibilities

In terms of the cyberattacks against Ukrainian targets today, there are other possible explanations besides Russian involvement, and “we must be careful at this stage to point fingers” given the limited public information, said Justin Fier, director of cyber intelligence and analytics at cyber firm Darktrace, in an email to VentureBeat.

“This attack could be another actor taking advantage of an already tense situation in the region,” Fier said.

DDoS attacks, which attempt to bring down websites or networks by overwhelming the web server with traffic, “are not particularly sophisticated,” he noted, and are “relatively easy to mitigate.”

“Attackers know this will make the news and spark global controversy without delivering enough damage to spark an aggressive response from the victim,” Fier said.

In situations such as this, “much of this boils down to the fact that accurate attribution is difficult,” said Tim Wade, a technical director at cyber firm Vectra, in an email. “There are no shortage of actors that could stand to benefit from chaos or disruption.”

It would be “premature” at this point to attribute these attacks to Russia, said Sam Curry, chief security officer at Cybereason, in a statement via email. The perpetrator could conceivably be domestic separatists, a political group, or a “Russian-aligned” group, he said.

Diversion technique?

The attacks might also be a “diversion from something else, like a stealthier cyberattack,” Curry said.

At Darktrace, “across our customer base, we sometimes see noisy attack techniques like this used to distract security teams while bad actors remain inside digital systems to carry out more deadly attacks behind the scenes,” Fier said.

That can include stealing or altering sensitive data, shutting down critical systems, or “simply lying dormant until the right time comes,” he said. “It remains to be seen whether that is the case here.”

Fier added:

It is alarming but unsurprising to see attackers hit their financial systems, especially when the global economy is facing significant pitfalls – the stakes are higher for defenders, and attackers can maximize damage. The cyber industry has been anticipating an attack of this nature in recent weeks, and until further details emerge, all organizations must be vigilant and heed the cautions issued by national federal agencies.

Cybersecurity experts say that if Russia does plan to invade Ukraine, it would undoubtedly use cyberattacks as a key part of its strategy — just as the country has done in previous military campaigns over the past decade-and-a-half.

U.S. ‘prepared to respond’

In Biden’s comments at the White House on Tuesday, the president touched on the possibility of Russian cyberattacks impacting the U.S.

“If Russia attacks the United States or allies through asymmetric means, like disruptive cyberattacks against our companies or critical infrastructure, we are prepared to respond,” Biden said.

On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) posted a warning about the potential for attacks against U.S. targets by Russia in connection with the tensions over Ukraine.

“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” CISA said in its “Shields Up” warning. “CISA recommends all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”

Originally appeared on: TheSpuzz