Victor Zhora, Ukraine's Cyber Chief, on Increased Cyber Threat

JLS COMMENTS: We crafted this last month and had it scheduled. Comments have been reported elsewhere but I think it bears repeating. We’re seeing upticks in targeting Hikvision camera systems and it was reported that access is being sold. We’re seeing countries fall to ransomware (Montenegro being the last). It’s not a huge leap to believe that warfare attacks will leak from the battlespace, or be aimed at those who support. It’s not a huge leap to believe that ransomware attacks could be used to generate digital resources to replace money movement of traditional currencies in Russia.

When there’s war, we should expect cyber. Here are Victor Zhora’s comments.

“This is perhaps the biggest challenge since World War Two for the world, and it continues to be completely new in cyberspace.”

Grave words indeed from Ukraine’s lead cybersecurity official, Victor Zhora.

An Escalating Situation

In my previous post, I shared some thoughts on how Russia-Ukraine geopolitical tensions are ushering in a new flavor of cyberwarfare. Along with our cybersecurity community peers, we continue to watch developments as they unfold.

Last week, we heard that Zhora had met with Black Hat in Las Vegas, indicating the extent to which the situation is escalating.

During the talks, he apparently painted a bleak picture of the state of cyberwarfare in the country. According to Zhora:

·       Cyber incidents in Ukraine have tripled since February, when Russia invaded.

·       Distributed-denial-of-service (DDoS) attacks brought several Ukrainian government agencies to their knees.

·       A proliferation of Industroyer2 malware saw the country’s electrical substation software being taken over, resulting in power blackouts and equipment damage.

·       In this year alone, at least six significant new strains of data-wiping malware have been identified.

In related news, the fallout from the Lockheed Martin cyberattack is getting interesting and spawning ongoing debate.

The Story So Far

If you haven’t been following the story closely, this U.S. aerospace and defense manufacturing giant supplies the high mobility artillery rocket system (HIMARS) to Ukraine, naturally making it a prime target for pro-Russia hacking groups. Killnet, one such group, uses denial-of-service (DoS) and DDoS attacks as its weapons of choice.

On August 11, Killnet shared a video that claims to depict personally identifiable information of Lockheed Martin employees, such as their names, pictures, email addresses, and phone numbers.

Killnet also uploaded two spreadsheets containing an ominous message: “For those who have nothing to do, you can email Lockheed Martin Terrorists ― photos and videos of the consequences of their manufactured weapons! Let them realize what they create and what they contribute to.”

However, there’s some debate in cybersecurity circles as to whether the breach indeed happened and/or whether the exfiltrated employee information was genuine. It is not unusual for old or open source data to be used to intimidate employees. As Lockheed Martin has remained tight-lipped about the alleged attack, we can only surmise what might have actually occurred.

Either way, it would be foolish for us to underestimate the lengths that perpetrators of cyber warfare will go to in using digital assets and infrastructure to advance their agendas. If Zhora is right, there’s no time to waste in bolstering our government and corporate cyber defense. It seems that Killnet is already upping the ante and setting its sights on other pro-Ukraine targets, with Estonia being the latest.