Ukraine "playground" for Russian cyberattacks - media

26.07.2017 - 09:46 #Ukraine, #Russia, #Cyber-attack, #Field

Ukraine's top cyber-cop disclosed that some of the nation's largest companies were still too scared to share the full scale of the fallout

When the latest major cyberattack hit Ukraine, it brought a screeching halt to many businesses across the country. Even now, almost a month after the so-called NotPetya strike, some companies inside and outside the nation are still facing disruption, the BBC reports.

Ukraine's top cyber-cop disclosed that some of the nation's largest companies were still too scared to share the full scale of the fallout with his investigators, according to the BBC. Serhiy Demediuk, head of Ukraine's ministry of internal affairs' cybercrime division, says he has come to believe there are aftershocks still to come since the hackers appear to have compromised their targets for some time before they pounced, and might still be sitting on data they could yet exploit.

NotPetya initially appeared to be a ransomware attack, but many now suspect its blackmail demands were a cover for something more ominous. Experts who have spoken to the BBC are seemingly sure of two things: first, Ukraine was the target, and second, it was not about money. Despite denials, suspicion has fallen on Ukraine's eastern neighbour, Russia. "Cyber-attacks are just one part of Russia's wider efforts to destabilise the country," NATO's former chief civil servant Anders Fogh Rasmussen told the BBC.

"The Alliance has been assisting Ukraine especially with monitoring and investigating security incidents. However... more support is also needed for prevention." One cybersecurity veteran has been investigating how a local software developer's program, MeDoc, came to be hijacked to spread the malware.

MeDoc had been made “into a remote-control Trojan, and then they were willing to burn this asset to launch this attack," Nicholas Weaver from University of California, Berkeley, said. MeDoc's tax filing services were used by more than 400,000 customers across Ukraine, representing about 90% of its domestic firms. Mr Demediuk said his police force had concrete evidence that MeDoc was hacked a long time ago and had been used to spy on economic activity within Ukraine.

Beau Woods, a deputy director of the Atlantic Council's Cyber Statecraft Initiative, said that if the perpetrators had, indeed, gathered financial data about most of Ukraine's companies, they might still find ways to cause further damage.

Mr Demediuk said that although only four police officers had been assigned to his NotPetya investigation full-time, he had about 300 people across Ukraine supporting the inquiry. Furthermore, he has met with Interpol to discuss ways to share information with other international authorities. While they try to unravel how the attack was carried out, others are preparing for follow-up cyber-assaults.

In particular, the chief executive of Ukraine's state-owned energy giant Ukrenergo is concerned it will be a target. "All our life as an independent country in the last 25 years, we've been connected to the Russian power grid and they've balanced us," Vsevolod Kovalchuk told the BBC. However, he explained, an agreement his firm has struck with European electricity transmission operators to modernize Ukraine's power grid might have put the firm in Moscow's cross-hairs. It might sound like paranoia, but Ukrenergo had already been hit by two cyber-attacks prior to NotPetya, one of them being the infamous Black Energy attack, in December 2015. It took down half a Kyiv’s power for three hours in the dead of winter. For Ukraine, the most important questions from here on seem to be: How bad does an attack have to be before serious international attention is paid to it? And: At what point does it become a war crime?

"I think that every six months, we'll see attacks," predicted Prof Michael Schmitt, lead author of the Tallinn Manual - the definitive international legal guide to cyber-conflict. "Even though I'm not 100% sure that it's Russia, I don't understand which other country could attack Ukraine. It's the only logical answer." And Ukrainian cybersecurity experts like Oleksiy Yankovskiy believe every single business is at risk.

"Ukraine is a playground for attacks, and a large part of the cyber-security community here believes that most of the companies have already been infected," he told the BBC. "Every company here should be prepared for the fact that it will be hacked sooner or later."

Source: UNIAN