5 December 2022

Ukraine gets by in cyberspace with a little help from its friends


Tim Starks, Aaron Schaffer

Ukraine's cyber defenses get a boost from unusual suspects

Mykhailo Fedorov, vice prime minister of Ukraine and minister of digital transformation, speaks at a technology conference in Lisbon. (Pedro Nunes/Reuters)

Ukraine got cyber help from perhaps some unexpected U.S. sources in the lead-up to the Russian invasion, the leader of Ukraine’s ministry of digital transformation said Thursday.

One of them was the American media, Deputy Prime Minister Mykhailo Fedorov said in a visit to The Washington Post. (Surely he wasn’t playing to the crowd.)

“We ended up getting a lot of information about cyberattack vectors and other related information from the media,” Fedorov said through an interpreter. “And that is how we were able to prevent attacks on our energy infrastructure back in December.”

Partially in response to the articles they read, Ukrainian officials established so-called “red teams,” which simulates enemy attackers to probe for weaknesses, he said. 

Another source of help? Moving important data into the cloud two weeks before the war, he said. As Fedorov commented after an appearance at an Amazon Web Services (AWS) conference Thursday, “The cloud can’t be destroyed by missiles.” (Amazon founder Jeff Bezos owns The Washington Post.)

More than nine months into what Fedorov called “the most technologically advanced war in the history of the world,” help from the United States continues.
AWS is dedicating $75 million to continue the ministry’s migration to the cloud, the ministry announced Thursday.
Google on Thursday also committed to providing additional cybersecurity services to Ukraine, on top of past assistance like taking down Russian influence operations and providing cyber incident response and tracking threats.

State of defense

While the Russia-Ukraine war hasn’t featured cyberattacks as heavily as many expected, Fedorov said daily cyberattacks number in the hundreds and thousands. There’s constant scanning for vulnerabilities. Phishing attacks are the most common kind.

Ukraine’s defenses have held up, though, he said.

“From what we know, there hasn’t been a single leak of any of the basic registries since the beginning of the war,” Fedorov said. “Not a single registry has stopped operating.”

The most prominent suspected Russian cyberattacks against Ukraine came in the buildup to the invasion.

Distributed denial-of-service attacks knocked down the websites of the Ministry of Defense, as well as of some banks, in early February. Such attacks overload a website with fake traffic.

U.S. and European officials blamed Russia for an attack on American satellite company Viasat, one that hampered communications in Ukraine.

Of late, security researchers have pointed to disruptive ransomware attacks coming out of Russia that targeted transportation companies in Ukraine and Poland. It’s rare for Ukraine to be hit with ransomware attacks, but Ukraine also warned last month that another ransomware gang — one that researchers have yet to publicly attribute to a particular headquarters nation — appeared to be targeting Ukraine’s military websites.

State of offense

A government-recruited volunteer pro-Ukraine hacking group, known as the IT Army, has served as a distraction and a counteroffense to Russia’s FSB security agency, Fedorov said.

“Clearly, they do have certain targets inside the Russian Federation,” he said. “There are certain targets and goals which are not made public.”

Russia also has proven an easy target for those hackers, he said.

“Inside Russia, the cyberdefense situation is at a terrible level,” according to Fedorov. Economic sanctions have helped produce those conditions.

Many companies have left Russia because they can’t move in new equipment. Many IT specialists have left the country as well, given fewer available opportunities to reach their potential, Federov said.

State of social media

On the information warfare front, Ukraine has won praise for how effective it’s been.

But as Ukraine has worked to get its message out across social media, Facebook owner Meta has proven an obstacle, he said.

The company has blocked accounts of media that write about the war, Federov said. Ukraine has pleaded its case to Meta, which Federov said is trying to improve his algorithm. 

“The situation is better now than it used to be, but it is still difficult,” he said.

A Meta spokesperson did not answer a request for comment on Fedorov’s remarks.

No comments: