Massive cyberattack takes Ukraine military, big bank websites offline

What geopolitical standoff could this possibly be linked to?

The websites of the Ukrainian military and at least two of the nation's biggest banks were knocked offline in a cyberattack today.

Ukraine's Ministry of Defense website is still unavailable at time of publication. On social media, it reported "technical works on restoration of regular functioning" are underway after it was "probably attacked by DDoS: an excessive number of requests per second was recorded." Other military sites are also apparently suffering outages.

In what appears to have been a coordinated internet attack, Ukraine's biggest commercial banking operation PrivatBank and big-three financial institution Oschadbank were also hit around the same time, knocking out some online transactions and ATMs across the country.

Oschadbank is now back up and running albeit in a limited way. PrivatBank's website is still unavailable to use and instead shows a vandalized homepage.

Screenshot of the defaced Privatbank website

Not a good look for one of your largest banks ... A screenshot of PrivatBank's defaced website. Click to enlarge

"PrivatBank has suffered a DDoS attack," the Ukraine government's Centre for Strategic Communications said on Facebook though a defaced page suggests there's something more serious afoot than a distributed denial-of-service.

"For one hour during the attack, some services (ATM, TSO) were not working," the center added. "Starting at 1630 these services have been restored.

"Oshchadbank also suffered a DDoS attack. Work is currently underway to restore the system. It is already working in stable mode. There is only a slow entry to the Oshchad24/7 system due to an additional load on the communication channels."

The DDoS strikes should set off alarms in the minds of security engineers. Denial-of-service attacks are frequently used as a distraction while intrusion attempts are made or tested, and these are high-profile targets.

Given similar incidents last month against Ukrainian government websites attributed to Russia and its satellite-state Belarus, not to mention a five-year record of such shenanigans – and more than 100,000 Russian Armed Force troops near Ukraine's border – you'd have thought the Ukrainian military would have been better prepared for an online assault. It appears commercial operations are still getting the best talent.

Incidentally, Russian state-media org Tass reports Russia is pulling back some troops from the border after "scheduled drills." ®

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading

Biting the hand that feeds IT © 1998–2022