Check Point has noted, since the beginning of the invasion of Russian troops in Ukraine, a 20% increase in cyber attacks targeting government and military targets. But the phenomenon is worldwide. Published on March 15, 2022 by Valentina Bernocco While the Russian offensive continues to torment Ukraine, in parallel with the war, a cyberwar made up of cyber espionage, ransomware, theft and deletion of data (such as those of HermeticWiper), DDoS attacks aimed at obscuring Web sites and platforms continues to develop. The Threat Intelligence division of Check Point Software Technologies reports that in the first three days of combat, between February 24 and 27 last year, cyberattacks on the government and the military sector of Ukraine increased by 196% compared to previous levels. Furthermore, since the beginning of the conflict, cyberattacks targeting Ukrainian citizens, companies and institutions have grown by 20%. And Russia too, albeit to a lesser extent (only by 1%), recorded an increase in cyber attacks in the same period.
If these results were somewhat predictable, it is interesting to note that, according to CheckPoint's monitoring, attacks on the government and military sectors since the start of hostilities have grown by 21% on a worldwide basis. A sign, perhaps, that the Russian-Ukrainian conflict is already a global conflict in many ways. On the other hand, the energy sector is also heavily involved not only in the war but in the cyberwar, and the case of these days sees a Russian company in the role of the target: the oil company Rosneft, controlled by the government, was hit by the Anonymous hackers claiming to have stolen 20 terabytes of data.
“It appears that the hackers initially focused heavily on the conflict, and after two weeks they realized what they can and cannot do,” said Omer Dembinksy, data group manager at Check Point. “In other words, the hackers have resumed normal activities. We also see an effort focused on attacking government and military targets, perhaps as part of the impact of diplomacy on warfare, and also to take advantage of the increased interest, which allows for phishing attacks to be carried out. " Speaking of phishing, a bit like what happened with the covid pandemic in the last two years, even with the war the cybercriminal world immediately took the opportunity to loot. As reported by Bitdefender, spam campaigns are currently circulating that attempt to exploit the emotional wave of the mass exodus of women and children from Ukraine.
Israel under attack More generally, in these weeks of March there was a global increase in cyber attacks and yesterday the news of a sensational DDoS episode paralyzed, even if for a short time, the Israeli government website. It is striking because Israel is perhaps the reference nation for advanced cybersecurity and cyberintelligence, and because, as reported by the local media, it was an attack of "unusual dimensions", one of the most serious ever to occur in the country.
The origin and motivations of the attack are not clear at the moment, and nothing allows us to hypothesize any connection with the military and diplomatic offensive put in place by Putin. However, the news creates further tension at a time when the equilibrium of Europe seems precarious as never before in recent decades. And today, more than in the great wars of the last century, cyber weapons are alongside missiles and bombs and will play a role in determining the outcome of the conflict.
Risks for Italian companies? The offshoots of the Russian-Ukrainian conflict also reach Italy, unfortunately not only in terms of welcoming refugees and rising raw materials, but also in IT security. The evolution of the war could "jeopardize the reliability and effectiveness" of information technologies provided by companies linked to Russia: this is said by the National Cybersecurity Agency, which has already received recommendations on the HermeticWiper malware in recent weeks.
The agency encourages Italian companies to "urgently proceed with an analysis of the risk deriving from the IT security solutions used and to consider the implementation of appropriate diversification strategies with regard, in particular, to the following categories of security products of devices: antivirus, web application firewall, email protection; protection of cloud services; managed security services ". No names are mentioned, of course, but it is Pulcinella's secret that one of the main cybersecurity providers in the world boasts Russian origins, and it could be argued that simple nationality is a fault at this time or that it could represent a valid reason for suspicion.
In the difficult time it has gone through, companies like Kaspersky have made no statements about the conflict. The company, however, spoke through Twitter to deny having been the victim of a hacker attack, as claimed by the gang known as Network Battalion 65, or NB65 (a group possibly linked to the Anonymous movement, which is openly sided against Putin ). NB65 members claim to have hacked the source code of Kaspersky, while the latter denied it. "Kaspersky experts", reads the tweet posted on the company profile, "have checked the recent information published, allegedly containing the source code of Kaspersky products. The results of the analysis confirm that the claims are unfounded: the leak does not contain the source code of the company's products. The material analyzed, on the other hand, contains data taken from publicly available Kaspersky servers ”.
military sector