As the old proverb goes, “Necessity is the mother of all invention,” and few things create necessity, like geopolitical conflict. Since Russia invaded Ukraine in February 2022, there has been an uptick in cyber conflict between the two states, which has led to the creation of some innovative offensive techniques.
Harv Xavier, a representative for the IT Army of Ukraine, a volunteer army of international and Ukrainian hackers who engage in adversarial operations against the Russian state, shared with Techopedia details of their activities over the past year. The group’s operations have targeted more than 700 entities.
These operations not only provide some valuable insights into the reality of cyberwarfare but also provide some valuable insights for security professionals in terms of what offensive techniques are being used and the type of targets exploited to create the maximum impact.
From a cybersecurity standpoint, paying attention to these developments is critical, as many of the techniques used within this geopolitical conflict are likely to be replicated by other for-profit cybercriminals and independent hacktivist groups in the future.
1. DDoS Attacks are a Go-To Tool for Hackers
The use of Distributed Denial of Service (DDoS) attacks is one of the IT Army of Ukraine’s go-to techniques, which the group has used to disrupt key sites and stores across Russia.
“Over 15 months, the IT army has suspended the work of a bunch of Russian sites and online resources. Including military stores and stores of drones and radio equipment,” Xavier said.
“The IT army made a series of DDoS attacks on specialized stores so that newly mobilized Russians, through the leadership or volunteers, could not purchase quality equipment. Distributed denial of service attacks carried out by the IT army has crippled Russian ability to work on some CRM systems for extended periods.”
This highlights that DDoS attacks are an effective tool for hackers who want to cause operational disruption. These threats can also be very costly. With the average cost of a DDoS attack reaching a total of $218,000, it only takes a small amount of downtime to have a significant financial impact.
According to Xavier, some of the attacks led to a decrease in trust in the Russian banking system, with disruptions leading to hundreds of angry comments from customers.
2. Exposed Data Assets Will Be Weaponized
Data exfiltration is another recurring theme within the IT Army of Ukraine’s operations, which has looked for ways to weaponize the data of its chosen targets, typically through leaking.
As part of an ongoing surveillance operation, “the Central Bank of the Russian Federation’s staff, specialized systems, and source files were made known.”
Xavier explains that the IT Army of Ukraine also published information about the banking operations of the Russian Federation and the personal data of Russian servicemen, including phone numbers, accounts, and bank cards.
Likewise, “the data of 650,000 members of the platform of pro-Putin volunteers “Dobro”, where they gathered rallies in support of the war under the slogan #МыВместе were hacked and published,” Xavier said.
In the hands of third parties, the right data can be extremely damaging. For instance, Xavier claims that the IT Army of Ukraine hacked 6,000 Russian web resources to help the FBI arrest Viktor Netiksho, head of the 26165 military unit, after his photo was leaked to the organization.
From an enterprise perspective, the emphasis on targeting and leaking data highlights that organizations need to go out of their way to embrace what Gartner calls “a data-centric security architecture” to discover, classify, and protect exposed data assets.
Failure to do so could result in that information being weaponized, either via leakage, as the IT Army of Ukraine has, or as part of phishing scams, as more general hackers will do.
3. Websites Remain a High-Value Target
In a world driven by technology and IT, websites are a key enabler for modern organizations. As a result, the IT Army of Ukraine has routinely targeted these platforms to inconvenience and damage the Russian state’s operations.
“Many corruption schemes in the Russian Federation are tied to tenders. The people of Aitiv repeatedly attacked two large platforms – RTS-tender and Roseltorg, which could disrupt the tenders,” Xavier said.
“Eight hundred Russian websites, including Roscosmos, were attacked by the IT Army. We posted congratulatory messages to Ukrainian Constitution Day on those websites.”
For enterprises, this shows that websites can’t be overlooked as part of the attack surface. As such, they should be secured through implementing best practices, from using HTTPs and strong passwords on accounts, to regularly deploying security updates and the latest plugins.
4. Never Underestimate How IT Systems Can Be Exploited
Any organization, whether from the public sector or the private sector, cannot afford to underestimate the potential havoc caused by misusing an IT system in the physical world. Anonymous and the Ukraine IT Army demonstrated this last year when they exploited systems to create a traffic jam.
“In September 2022, I collaborated by myself with the Anonymous group to commit a cyberattack against Yandex Taxi’s systems, causing a traffic jam in Moscow,” Xavier said.
In this operation, hackers exploited the Yandex app to call multiple taxis to the same location in an attempt to increase congestion throughout Moscow.
A spokesperson for Yandex has insisted that the traffic lasted only an hour. However, this incident highlights the importance of cybersecurity professionals being ready for a reality in which any exploitable system may be targeted by hackers aiming to cause operational disruption.
This means it’s important to think outside of the box in terms of how a given system or application could be misused to wreak havoc.
As the Russia-Ukraine war wages on, cybersecurity professionals cannot afford to overlook the offensive techniques used by entities such as the IT Army of Ukraine, as independent hacking groups will likely try to replicate many of these techniques in for-profit cybercrime in the future.
The better security professionals can understand the nature of cyber conflict, the more they can enhance their ability to protect their own systems, websites, and data in the future.