How does the state and business defend itself on cyberfront? And what are the approaches used to protect digital infrastructure? The experts - representatives of the state and business - told about this and more in the discussion on the Open Talk Club from Kyivstar Business Hub. Video of the day during 2021 on the borders of Ukraine accumulated Russian troops, and information about the possible invasion was spreading in statements by politicians and in the media.
However, preparation for aggression was not only in the physical space: Moscow, apparently, planned the attack in the digital world. Therefore, they did not sit in Kiev and prepared for cybers. Direct training, according to experts, began in September.
The head of the NCCC Activity Department of the National Security and Defense Council of the National Security and Defense Council of the National Security and Defense Council of the National Security and Defense Council of the National Security and Defense Council of the National Security Service Cyberfall was aimed at 22 state organizations, its main purpose was a misinformation campaign.
The message is clear: to show that Ukraine is not protected in cyberspace, ”says Sergey Prokopenko, Head of the NCCC Activity Department of the National Security Service of Ukraine. According to him, the enemy perceived it as a training before large -scale cyber operation. However, Russia underestimated Ukraine's capacity and capabilities - Ukrainian experts, together with international colleagues, already had an algorithm for such cases. In addition, a joint response group was launched.
A week before the intrusion, Prokopenko says, mass attacks on the public and private sectors began. The purpose of these actions is to damage the Ukrainian digital infrastructure, in particular, satellite communications and other communication systems used by the Armed Forces. However, Ukrainian cyber defense workers managed to play ahead and restrain attacks. For the first week, the aggression fell a peak cyberattack - they drove everything from energy to media sites.
Ukraine's readiness and significant decentralized efforts of the digital community made it possible to move into a counter -offensive in the virtual space at the end of February. And it turned out that the enemy systems were not as well protected as it seemed, adds Sergei Prokopenko. Since March, there was a noticeable advantage of Ukraine in the events on the cyberfront.
In particular, because of the professionalism and coordination of the community, as well as through technological losses of Russia, caused by Western sanctions. However, the Kremlin does not stop investing in misinformation campaigns and propaganda. Currently, Prokopenko summarizes, Ukraine is moving to strategic planning of Cyberoperatives and even cybertyiplomatia - close cooperation with international partners.
The eloquent example of the fight in cyberspace was given by Sergey Halagan, director of information technologies of NEC "Ukrenergo". This state company is responsible for the stability of Ukraine's energy system, so it is not surprising that it has fallen under the sight of hackers. On February 23, Ukraine has disconnected from the Russian mains for testing. It was planned to test how Ukrainian systems function autonomously and in a single block with Moldova.
The purpose was also to prepare for Ukraine to join the European system of electricity transmission operators-ENTSO-E. Therefore, in the evening and night, the Ukrenergo team was alert. And no wonder. Already at 23:00, the IT community noticed that some Ukrainian IT resources became unavailable: a large-scale DDOS-attack began by Russia. At the first night - a few hours before the start of the invasion - the cyber fall began on Ukrenergo.
Protective "walls" in digital space - firewalls - have blocked almost two million malicious requests for the company's resources. Towards the morning, Ukrenergo experts have manually restricted access to digital infrastructure for individual IPs and entire countries. In total, in the first two weeks, 20,000 addresses were manually "forgiven", and another 100,000 cut off the automatic filter.
And in the morning of February 24, access to Ukrenergo's cyber resources was opened only for Ukraine and ENTSO-E members. The director of information technologies of Ukrenergo "During the war period, the number of daily attacks on Ukrenergo systems, compared to the previous period, has increased by dozens of times. The main attacks are carried out by two players - Russia and Belarus.
It is unfortunate, but hackers also work from the territory of temporarily occupied areas of Donetsk and Luhansk regions, ”says Sergey Halagan. According to him, most of the malefactors are related to the FSB, however, there are groups of hired hackers. The director of Ukrenergo information technologies lists several important conclusions on the fight on cyberfront: the objects of hacker attacks are not necessarily state structures.
On the contrary, it is businesses around the world that are most often victims of cyber -referral attacks. According to Cybersecurity Ventures analysts, cyberattacks will cost companies annually 10. 5 trillions in 2025 - three times more than it was five years ago. An example of one of the topical vulnerability of business and the state was Yuriy Prokopenko, director of Kyivstar cybersecurity. It's about the so -called Supply Chain Attack - an attack on the organization through its contractors.
The company can be well protected directly, however, its contracters with access to critically important systems often have a lower level of cybersecurity. “In preparation for a possible full -scale war at the beginning of the year, we tracked a variety of anomalies abroad. Yes, we drew attention to the attack of one of the European operators, which had to destroy access to its services. It was a classic Supply Chain when using contractors' vulnerability.
That is why we began to invest in increasing expertise in counteracting this type of attack. Already during the invasion, we faced several real cases. However, this pre -mastered experience allowed us to prevent the realization of threats and the leakage of personal data of subscribers, ”Prokopenko says. He cited the EU cybersecurity agency about Supply Chain Attacks: Yuri Prokopenko advises companies that seek to prevent cyber -falls of this type, increase the requirements for the protection .
Kyivstar Cybersecurity Director is expanding your perimeter for those with whom you cooperate with. Therefore, consider the ability to control directly the equipment on which your contractors work. This will inevitably reduce the risks to the minimum values, ”Yuri Prokopenko advises. In turn, business/media bureau Ekonomika+ is most faced with DDOS attacks.
Digital Director of the publication Alexander Klimashevsky says that before the full -scale war, the attacks on the publication were more often from the persons of investigative journalistic investigations, who were dissatisfied with certain publications: “These were cheap botnets that generated atypical requests for our media. continued to work. " Digital director Ekonomika+ And now the situation is different - it is a matter of purposeful attacks that are constantly changing geography.
“In the first weeks of a full -scale invasion, we saw attacks from atypical countries, such as Indonesia. Of course, we could easily "trim" them. Subsequently, cyber-harassers changed tactics, and the peak load began to come from the United States. It is more difficult to turn off here, because we have a permanent audience of readers from the United States, ”adds Alexander Klimashevsky.
In order to resist DDOS-attacks, the publication has limited external access to internal editorial systems, localized attacks with available cyber defense tools and tries to predict possible attacks in the future. Cybersecurity issues are not something that can be solved at one time. It is a constant work in an environment that is constantly changing.
In addition, the development of technologies and the penetration of various services and devices into the life of society also increases the potential number of digital threats. Only last year the number of cyberattacks increased by a third: according to Accenture, in 2021, the average company was 270 attacks in digital space against 206 in 2020.
In the conversation of Open Talk Club from Kyivstar Business Hub, experts agree that investment in cybersecurity is an indispensable part of development of both business and state. In particular, it is about professional teams, a constantly updated cybersecurity strategy, as well as supporting security initiatives and involvement in these processes. “We work with three main components: people, processes and technologies.
And this art is to find the right balance on cybersecurity investments between these elements. Our experience shows that the most important thing is people. If you invest in the examination of the team, their specialists, they will be able to support both processes and technologies, ”says Kyivstar Yuri Prokopenko, director of cyber defense. It is equally important in the fight against cyber threats to use the right technologies.
Kyivstar offers a set of tools that defend network infrastructure, services and cloud solutions of companies from unauthorized access and threats to different types. They are developed by Fortinet, Barracuda and Commvault leaders in the field of information security. And to protect themselves from DDOS-Ataches of the company can also thanks to a comprehensive decision from Kyivstar-Antiddos.
All rights reserved IN-Ukraine.info - 2022