Radware's Emergency Response Team (ERT) issued an alert recently that it had been seen several distributed-denial-of-service (DDoS) attacks in Ukraine over the past few days, specifically volumetric UDP flood, and DNS and NTP reflected flood attacks, with the last two designed to cause pipe saturation.
The company is, as a result, calling for multiple countries and organisations to prepare to face cyber attacks, and says that Ukraine, Russia, USA, European countries and NATO organisations are in the ‘ring of fire' as far as threats are concerned.
Radware analysts have warned this group - and in particular government agencies, and companies in finance, utilities, infrastructure or media - to expect a number of different attacks in cyber space, from DDoS attacks and website defacement to intrusions, data theft and attacks on critical infrastructure. The firm was keen to stress however that it has “no evidence whatsoever” to tie these attacks with the political conflict.
This should come as no surprise to many in the industry. DDoS attacks in Ukraine have grown substantially since the conflict began in late February, and hackers have targeted various companies and industries.
For example, Prolexic Technologies founder Barrett Lyon told SC recently that he spotted separate attacks on Ukrainian (including that of the Kharkov Forum), and Turkish websites (including one on www.zaman.com.tr). He also spotted several attacks focused on companies providing web hosting facilities.
Independent security researcher Graham Cluley says that DDoS attacks are no surprise in the areas, because they're inexpensive to mount and relatively easy to carry out.
“I would imagine the greatest level of activity would be DDoS attacks, as there is such a low barrier to entry and you do not have to be a technical wizard to take part in a denial-of-service,” Cluley told SCMagazineUK.com.
“Anyone with a political motivation can take it upon themselves to send some garbage web traffic to a site representing the side that they have an issue with, in the hope that it might disrupt the service.”
The latest surprise target appears to be the Belgian Ministry of Foreign Affairs, which claimed over the weekend that it was hit by Russian hackers intent on stealing documents relating to the Crimea conflict.
The Minister for Foreign Affairs Didier Reynders confirmed the information, and other European companies are believed to have been affected too.
Reynders told local source De Tijd. "[The] network of Foreign Affairs has indeed been the victim of an attack. It is clearly related to the Ukrainian case." The Belgian Prime Minister has confirmed the news by saying that he will ‘follow the issue closely'.
Despite this, it's not clear on the method of the attack, with the Foreign Minister stating that the relevant authorities are currently investigating the “extent of the attack, and what level it occurred”. [Talking to SC, BH Consulting founder and analyst Brian Honan said that he believes it will have likely been caused by custom-built malware which evaded anti-virus tools.]
The official line, though, is that this attack was orchestrated by Russian hackers, who used some kind of virus in an attempt to steal “information and documents related to the Ukrainian crisis.” Russia is believed to be the second most adept country at cyber warfare, after the US.
Alan Woodward, a professor at the University of Surrey, said that these attacks would largely to be disrupt services - a form of ‘electronic' protest, while Honan queried whether the attacks were that commonplace.
“Many of those stories appear to be “experts” trying to get press coverage of their views rather than actual data,” he told SCMagazineUK.com.
Woodward, though, said that he wasn't surprised that cyber is part of today's political battles, even if he did believed that Belgium's claim that Russian hacked them was ‘quite a leap'.
“One thing we see increasingly is that cyber attacks play a role in any conflict,” he told SCMagazineUK.com, before adding that attackers' reliance on bots and proxies makes it hard to ascertain where they come from.
Woodward added that many of the attacks going on in Ukraine - most likely from Russian sources - will be for the ‘inconvenience factor'.
“The state-sponsored attacks want to look undetectable, like they're done by somebody else,” he said.
The next step would be the disrupt critical infrastructure and he said that this would often “cross the line” of what is internationally acceptable. “That sort of crosses the line into the world of cyber warfare.”