Microsoft Helping Ukraine Government Against Mounting Russia Cyberattacks
Radware says Ukraine is experiencing unprecedented volunteer hacker support to attack Russia.
![Ukraine cyberattack Ukraine cyberattack](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blta32821ebaf3e47e2/652434cb59401ed382202b0d/Ukraine-Cyberattacks.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
The recent and ongoing cyberattacks have been precisely targeted, Microsoft’s Brad Smith said. It hasn’t seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack.
“But we remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises,” he said. “These attacks on civilian targets raise serious concerns under the Geneva Convention. And we have shared information with the Ukrainian government about each of them. We have also advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance and transportation-related personally identifiable information (PII), as well as other government data sets.”
Microsoft is also sharing appropriate information with NATO officials in Europe and American officials in Washington, D.C., Smith said.
“All this builds on our work in recent weeks and months to address escalating cyber activity against Ukrainian targets, including new forms of destructive malware that we previously have discussed publicly,” he said. “We will continue to share more detailed information publicly when we identify new malware that needs to be shared with the global security community.”
Microsoft also is constantly updating all of its services, including its Defender anti-malware, to help protect against any potential spread of malware to other customers and countries, Smith said.
“Our broader efforts to watch for cyberattacks is ongoing, and we will continue to advise Ukrainian cyber defense officials and assist them with their defenses,” he said.
Microsoft is also focused on protecting against state-sponsored disinformation campaigns, which have long been commonplace in times of war, Smith said.
“We are moving swiftly to take new steps to reduce the exposure of Russian state propaganda, as well to ensure our own platforms do not inadvertently fund these operations,” he said. “In accordance with the EU’s recent decision, the Microsoft Start platform (including MSN.com) will not display any state-sponsored RT and Sputnik content. We are removing RT news apps from our Windows app store and further de-ranking these sites’ search results on Bing so that it will only return RT and Sputnik links when a user clearly intends to navigate to those pages. Finally, we are banning all advertisements from RT and Sputnik across our ad network and will not place any ads from our ad network on these sites.”
While Russia is using cyberattacks as a key weapon to create mayhem, Ukraine is experiencing unprecedented volunteer hacker support to attack Russia, according to Radware.
This “IT Army” of hackers is escalating a movement that includes specific Russian targets to hit. Unfortunately, these uncontrolled free-for-all cyberattacks also put nearly all global countries at risk, Radware said.
While distributed denial-of-service (DDoS) attacks on financial institutions may be short-lived, more destructive cyberattacks could have a long-term impact on a country’s stability.
Pascal Geenens is Radware’s cybersecurity threat director. He said these “IT armies and patriot hacktivists have become the new face of hybrid warfare.”
“Activists will target assets that are most visible to the public, which means primarily government and media,” he said. “Actors acting out of revenge or retaliation will try to hit where it hurts the most — meaning critical infrastructure, health care, food and energy supply chains, and finance — would be top of their list. Nation-states conducting hybrid warfare will primarily target communications, media, government and military.”
Geenens said there are a good number of security professionals that are volunteering to help Ukraine defend against cyberattacks.
“Defense is still the most effective solution in my opinion, and also the most rewarding by demotivating and impacting the reputation of the attacker,” he said.
Security is a continuous process and defenses are never complete, Geenens said. Even if you think your organization is in good shape and has protected most of its attack surface, all it takes is a new vulnerability in a third-party application, an employee clicking the wrong link, or an insider with malicious intent for a breach to occur.
“As technologies evolve, and businesses grow and add new applications and services, their defenses need to be adapted and improved,” he said. “No organization will ever be done working on its defenses, and our fight against malicious actors will never be over.”
Vectra AI is offering a slate of free cybersecurity tools and services to organizations that it believes may be targeted as a result of this Ukraine-Russia conflict.
Hitesh Sheth is Vectra AI’s president and CEO.
“Escalating cyber conflict will lead to unanticipated consequences,” he said. “No public or private organization is assured of remaining a mere spectator.”
The company is actively tracking new attack indicators associated with the conflict in Ukraine and Russia, as well as other conflicts around the world. It’s offering the following services on a complementary basis:
Scanning Microsoft Azure AD and Microsoft 365 environments for signs of attack activities.
Monitoring Amazon Web Services (AWS) infrastructure for signs of active attacks, in addition to the provisioning of detection and response tools for both the network and control plane of AWS accounts.
Surveilling network infrastructure both in the cloud and on-premises for signs of attack, including deployment of Vectra sensors to detect malicious behavior.
Supporting the retention of historical metadata to aid incident response investigations based on indicators of compromise (IOCs) for specific attack variants.
Randy Schirman is Vectra AI’s channel chierf.
“Uncertainty and risks continue to escalate during these unprecedented times,” he said. “This is not about selling solutions or pipeline development. This is about helping the collective customer base assess their exposure, mitigate the risks and provide assurances that a state of well being can be maintained. If you believe someone is compromised or has concerns, use this time to help remediate. Now is not the time to sell and there are no strings attached.”
Kaspersky researchers are sharing an analysis of the recently discovered HermeticRansom malware, which has been observed in recent cyberattacks in Ukraine.
Kaspersky’s researchers are calling the malware Elections GoRansom. That’s due to its use of a sarcastic function-naming scheme related to U.S. presidential elections. They say it was likely used as a smokescreen for HermeticWiper, which was observed targeting assets on the same day, in an effort to destroy or otherwise make Windows systems unusable due to data loss.
The malware does not use any kind of obfuscation and has pretty straightforward functionality. That suggests it was created in a short amount of time.
Kaspersky researchers say the simplicity of the code, along with the grammar and spelling errors left in the ransom note, probably indicate that it was a last-minute operation, potentially deployed to boost the effectiveness of other cyberattacks on targets in Ukraine.
Kaspersky researchers are sharing an analysis of the recently discovered HermeticRansom malware, which has been observed in recent cyberattacks in Ukraine.
Kaspersky’s researchers are calling the malware Elections GoRansom. That’s due to its use of a sarcastic function-naming scheme related to U.S. presidential elections. They say it was likely used as a smokescreen for HermeticWiper, which was observed targeting assets on the same day, in an effort to destroy or otherwise make Windows systems unusable due to data loss.
The malware does not use any kind of obfuscation and has pretty straightforward functionality. That suggests it was created in a short amount of time.
Kaspersky researchers say the simplicity of the code, along with the grammar and spelling errors left in the ransom note, probably indicate that it was a last-minute operation, potentially deployed to boost the effectiveness of other cyberattacks on targets in Ukraine.
Microsoft is helping the Ukraine government protect against cyberattacks from Russia, including the identification of a new malware package.
Brad Smith, Microsoft’s president and vice chair, outlined the tech giant’s response to the Ukraine crisis in a blog. The Ukraine government, as well as organizations and individuals there, are Microsoft customers.
Microsoft wouldn’t say whether it has partners in Ukraine or how they are being impacted by the crisis.
Microsoft’s Brad Smith
“All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine,” Smith said. “This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns.”
Important to Work Together
Smith said in times like this, it’s “especially important for us to work in consultation with those in government.”
“And, in this instance, our efforts have involved constant and close coordination with the Ukrainian government, as well as with the European Union, European nations, the U.S. government, NATO and the United Nations,” he said.
Several hours before the launch of missiles or movement of tanks on Feb. 24, Microsoft’s Threat Intelligence Center (MSTIC) detected a new round of offensive and destructive cyberattacks directed against Ukraine’s digital infrastructure.
“We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package (which we denominated FoxBlade), and provided technical advice on steps to prevent the malware’s success,” Smith said.
Microsoft then wrote and added signatures to its Defender anti-malware to detect this new exploit .
“In recent days, we have provided threat intelligence and defensive suggestions to Ukrainian officials regarding attacks on a range of targets, including Ukrainian military institutions and manufacturers, and several other Ukrainian government agencies,” Smith said. “This work is ongoing.”
Scroll through our slideshow above for more from Microsoft and more cybersecurity news from the Ukraine-Russia crisis.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like