So significant ransomware attacks on Ukraine right now. Dark Reading notes that 77% of organizations have poor segmentation, 70% have exposed Industrial Control System connections and 44% shared credentials:
Most of last year also saw scans of TCP Port 502, which is used by a protocol called Modbus, the transportation systems of Ukraine. (That is SCADA devices as well.)
Significant was the use of a new data wiper called “HermeticWiper” (aka KillDisk.NCV) with evolving attacks over the past two months. Over 121 unsuccessful cyber attacks took place last month, one which was called “WhisperGate.”
The prep for the main event was overwhelming distributed denial-of-service (DDoS) attacks on Ukrainian government offices and banks. The Russian Main Intelligence Directorate (GRU) was fingered by U.S. and U.K. officials, with subsequent denial of course by the Kremlin.
The propaganda war is trying to sow panic and spread miss information.
“President Joe Biden said last month the US could respond with cyberoperations of its own if Russia conducts additional cyberattacks in Ukraine.”
This is not about websites. This is about basic economic processes and transportation. ICS and SCADA systems are being compromised.
The attacks began Feb12. The second version of NotPetya? I have a feeling that we will know the damages more than anything ever before. Alarming is the data wiping that happened before the kinetic events.
Key Ukrainian government websites hit by series of cyberattacks – CNN