Although the Ukrainian Govt. remains the prime target, the number of cyberattacks against commercial organisations in the Ukraine has increased, says a CERT-UA report.
In the 1st quarter of 2023 the Computer Emergency Response Team of Ukraine (CERT-UA) noticed an increased number of attacks on the country’s commercial organisations. CERT-UA attributed the increase to private companies implementing new solutions on their systems.
Destructive Actions
“Based on our analytics, we can conclude that the enemy is likely to prepare some destructive actions at commercial organisations or attacks aimed at financial profit. The latter is also evidenced by a growth in phishing attacks & account compromises targeting the Ukrainian banking system,” writes CERT-UA in the report.
Russia uses cyberattacks to collect information that among other things, can provide them with an edge in conventional warfare, claims CERT-UA.
Most of the analysed cyberattacks fall into the categories of Intrusion & Malicious Code. This primarily includes the spread of spyware designed for espionage activities, as well as Vulnerability Exploits & Phishing.
Govt. is Main Target
In 2023, Russian hackers continued to focus firmly set on Central & Local Govt. bodies in Ukraine as their primary targets.
Out of a total of 549 analysed cyberattacks, approximately one-third were aimed at public organisations, including govt. agencies & local authorities.
CERT-UA reports that “the intensity of attacks against Ukrainian information infrastructure remained at a steady level over the reporting period, except for early Jan.”
Unlicensed Software
CERT-UA team raises concerns regarding a growing number of infections from unlicensed software among Ukrainian organisations.
According to the team, InvisiMole hacking group, associated with Russia’s foreign intelligence service, utilised torrent trackers & pirated versions of software to spread malicious code.
In March, CERT-UA identified unauthorised access to the information & communication systems of a utility company in Ukraine.
Unlicensed Version
Investigation showed that the compromise of the company’s systems took place when one of the employees installed an unlicensed version of Microsoft Office 2019, downloaded from the Torrent Toloka tracker.
Similar cases have been documented where devices were infected after downloading operating systems & other programs such as scanners and password recovery tools from unofficial sources.
CERT-UA gives Safety Recommendations
To prevent cyberthreats, CERT-UA recommends organisations regularly monitor their information infrastructure & conduct an inventory of assets to clearly understand what needs to be protected & which incidents could be the most critical for their operations.
Therefore, it’s crucial for organisations to ensure the timely installation of software updates to prevent cyberattacks. Administrators should conduct regular audits of information systems, ideally with the help of services recommended by CERT-UA.
Sharing Information
CERT-UA encourages cooperation between companies & organisations in similar fields, as sharing information & resources can help to prepare & prevent cyberattacks.
“Outreach activity is important. Therefore, it is necessary to develop a culture of cybersecurity in the team, conduct regular trainings & develop relevant skills. It is necessary to have a clear & detailed plan for responding to cyber incidents,” explained the CERT-UA.
CERT-UA asks organisations not to withhold any information related to cyber incidents. It’s important to report such incidents to CERT-UA & all partners as soon as possible to prevent severe consequences.
