With aggression building between Russia and Ukraine, geo-political tensions increased when the Ukrainian Defense Ministry, the Armed Forces of Ukraine, some state-backed banks, and MiroHost (a hosting provider) were repeatedly hit by Distributed Denial of Service (DDoS) attacks. Some of the attacks lasted an hour or two, creating significant cause for concern. According to a report in Threatpost, no data was stolen or damaged, but websites were disabled and banking customers could not use their online applications.
In our increasingly always-on world of Internet connectivity, even a few seconds of downtime is disruptive; an hour or more of downtime can have huge implications for financial transactions, business, and government communications, especially during a crisis. Financial services and national defense systems are among the most important pillars of critical infrastructure.
Hopefully, the fact that the attacks abated after a couple of hours is a sign that the targeted victims were able to mitigate them, rather than just being fortunate that the threat actors decided to cease and desist on their own volition. However, as they were reportedly not very high in volume; this suggests that Ukraine’s critical infrastructure has some challenges, at least in terms of its ability to mitigate DDoS attacks quickly and effectively.
Disruption or decoys?
It is possible that some or all of the DDoS attacks were meant as decoys, to distract security teams from more nefarious cyber incursions intent on stealing data or disrupting critical national infrastructure systems and services. Only time will tell, whether there are any further ramifications from these attacks. However, even if they were not used as a smokescreen, the disabling of crucial systems was enough to damage trust, demonstrate vulnerabilities, and create a feeling of unease among government ranks and banking customers.
Cyberwarfare or political hacktivism?
The attacks follow closely on the heels of similar, but broader, DDoS attacks on 70 Ukrainian government sites in mid-January. Were the incidents acts of cyberwarfare, or could they be political hacktivism? DDoS attacks are relatively simple to execute, so it could just as likely be the attacks were launched by a group of hacktivists, or a lone-wolf seeking to stir up conflict and mayhem, as much as it being a nation-state attack. Although, given Russia’s increasing aggression, it is not surprising that many observers suspect the attacks were launched by its government. This includes the US and UK governments who have publicly stated that they believe Russia is responsible.
Cyberwarfare knows no borders
Cyberspace has no physical borders; cyberwar threat actors can easily launch attacks, such as DDoS, on targets that are perceived to be allies or antagonists. And, because the sources of DDoS attacks are difficult to trace, we may never know for certain.
One thing is certain; our Internet connected world has made it too easy to conduct cyberwarfare, making it a persistent and growing tactic in international conflicts. One hopes that this trend might be reversible, but hope is not an adequate defense against such threats. Having a DDoS incident response plan, along with an automated, modern, always-on DDoS mitigation system, is always essential for modern businesses and governments, and even more so during times of international crisis or conflict.
Corero Network Security is a global leader in real-time, high-performance, automatic DDoS defense solutions. Corero’s industry leading SmartWall and SecureWatch technology protects on-premise, cloud, virtual and hybrid environments with a scalable solution that delivers a more cost-effective economic model than ever before.For more on Corero’s flexible deployment models, click here. If you’d like to learn more, please contact us.