Ukraine Observed 181M Information Security Incidents in 2022Malware Attacks Grew 18 times YOY; Overall Cyber Incident Numbers Grew Threefold
Russian attacks against Ukraine increased threefold in the past year, says Ukraine's top cybersecurity response center.
Of the 181 million "suspicious" cybersecurity events reported in 2022, 415 were highly critical information security events, the State Service of Special Communication and Information Protection of Ukraine's State Cyber Protection Center told Information Security Media Group. The agency observed 14 million of the total attacks in the first quarter (see: Ukraine Observed Nearly 14M Cyber Incidents in Q1 2022).
Malware attacks made up the majority of the attacks, growing 18 times over the year. They were primarily distributed by exploiting moderately severe vulnerable endpoints.
An example of this is the exploitation of CVE-2021-40444, a Microsoft Windows zero-day vulnerability that hackers used to target critical Ukrainian entities. Microsoft patched the bug but hackers continue to find ways to exploit it (see: Zero-Day Attacks Exploit MSHTML Flaw in Microsoft Windows).
Phishing attacks have been the primary source of malware distribution to endpoints at critical infrastructure. Campaigns targeting Ukraine increased sharply in November and then feel at the end of the year, and so did endpoint security alerts in the region, says security firm Trellix. SCPC confirmed that trend.
Cyber Defense Assistance Limitations
In addition to acquiring arms and ammunition from Western allies, Ukraine received tremendous support in cybersecurity. The country has deepened its ties with Western countries including the United States and Poland.
Allies delivered cybersecurity assistance through initiatives such as the Cyber Defense Assistance Collaborative - a group of cybersecurity companies and organizations that offer intelligence, assistance, technology and training services to Ukrainian entities.
The CDAC has helped several Ukrainian organizations mitigate the effects of cyberattacks and exposed the limitations of cyber defense assistance, according to the Aspen Institute. The institute suggested creating hubs to coordinate activity, manage full-time assistance projects and establish deeper contacts between leaders and operators.
"CDAC has not yet developed the ability to collect, combine and assess information on the cyber conflict in Ukraine," but this can be done by "borrowing from an institute of war initiative that fuses public information in order to make transparent, trusted assessments of the conflict in the Ukraine," the Aspen Institute says.
A report published on Thursday by Google and Mandiant's cybersecurity experts also highlighted the activities of several Russia-linked hacking groups against Ukraine.
The report revealed details of the targeting techniques and the predominant use of destructive malware since the beginning of the war (see: Ukraine Withstands Torrent of Russian Cyberattacks).