Cyber ​​attack on Ukraine in full swing: Spread of malware that destroys computers

The malware was discovered by cybersecurity firms ESET and Symantec, which observed the virus on hundreds of Ukrainian computers. The malware has also been detected in Latvia and Lithuania.

The attackers had been in the networks of the affected Ukrainian organizations for several months, says Dave Maasland of ESET: “They appear to have deliberately chosen this moment to roll out the malware to further destabilize the country.”

Demolish computers

The malware, a so-called wiper, is designed to destroy computers digitally. With ransomware, files are encrypted and the attackers demand a ransom, with a wiper, the files are destroyed and there is often no way back. “A wiper is only used if you want to inflict extreme damage on your opponent, it is used very deliberately to break things and thus create turmoil, chaos and fear,” says cyber security expert Frank Groenewegen of Deloitte.

Groenewegen investigated a number of such wiper attacks for his work: “With a wiper, entire PCs or computer networks are destroyed. If it happens to vital infrastructure, such as energy companies, telecommunications or banks, you can cause great social unrest. A wiper is used in cyber security. The most terrifying scenario.”

There are now long queues at ATMs in Ukraine, as RTL News correspondent Jeroen Akkermans sees:

Digital warfare

The wiper attack follows a series of previous digital attacks on Ukraine. A wiper disguised as a ransomware attack was also distributed in the country in mid-January, according to a Microsoft investigation. And in recent days, Ukrainian government websites have been hit with DDoS attacks, causing them to temporarily go offline.

The war that is now being waged will therefore take place to a large extent in the digital domain, says Maasland: “Ukraine has been bombarded with cyber attacks for seven years. In 2015 and 2016, parts of Ukraine’s electricity grid were shut down by hacks. We” have tried to disrupt the country for years, but the attacks now accompanying the invasion are a form of digital warfare we have never seen before.”

How does a wiper work?

A wiper is a type of malware that infects a computer and then damages important files. For example, these files ensure that a computer works and can restart. The wiper shuts down the computer and then it won’t restart.

The attackers

The wiper, currently known as the HermeticWiper, is currently under investigation. Its origins are still unclear, but signals point to Russia: “It fits with the way Russia has operated in the digital domain for years,” says Groenewegen. “Western intelligence has previously provided evidence that Russia was behind major cyber attacks against Ukraine.”

The current digital attack is reminiscent of the NotPetya attack of 2017. Back then, many Ukrainian companies were hit by a wiper that caused quite a bit of damage. European companies were also infected with NotPetya: Among other things, the Danish logistics company Maersk and the Rotterdam subsidiary APM Terminals were down for a while.

Maasland believes that it is a realistic scenario that the Netherlands could also become a victim of these cyber attacks: “The current wiper has already been observed in Lithuania and Latvia, and there are many Dutch companies with branches in Ukraine whose networks are connected. this conflict because we provide aid to Ukraine and therefore have an increased risk profile.”

Cyber ​​help from Europe

Ukraine receives digital support from the European Cyber ​​​​​​Rapid Response Team (CRRT). The initiative, which was established in 2020, is coordinated by Lithuania. Besides the Netherlands, Estonia, Finland, Croatia and Romania are also part of it. The team must support Ukraine with the digital defense against the cyber attacks.

It’s not yet entirely clear what that defense will look like. Groenewegen expects that the team will mainly look for vulnerabilities in the systems and networks of vital Ukrainian infrastructure: “You can also see the team as an extension of the participating countries, who all have their own knowledge and resources to counter these kinds of attacks. And so that support seems very good to me.’

It is easier to attack than to defend

Russia is a digital superpower, Groenewegen explains: “They have operated in the digital domain for a long time, and I have researched Russian cyber attacks that are incredibly advanced and technically complex. The difficult thing for Ukraine is that it is a lot to attack digitally . easier than defending.”

Maasland also believes that Ukraine cannot do much more than defend at the moment: “Technical expertise is always in short supply, and all priorities now lie with defending instead of attacking. You can also feel this in the digital help that Ukraine now receiving: everything is aimed at helping to defend Ukraine.”

Difficult and dangerous

The difficulty with cyber attacks is that it is sometimes difficult to link to an attacker, explains Groenewegen: “You can now carry out cyber attacks that look like they are coming from Russia or Ukraine, to throw even more fuel on the fire. and possibly uncontrolled to provoke backlash. You can always deny it, and that’s what makes it so difficult and dangerous.”

Russia last week denied it was behind the cyber attacks on Ukraine. The Russian embassy told Reuters that these claims are “based on nothing.”

Leave a Comment