How Ukraine withstands and reflects cyberattacks during the full-scale war

It is not a secret for anyone that Ukraine and its IT landscape demonstrate real heroism during the full-scale war with Russia. Russia conducts an average of over 10 cyber attacks per day. And these are only the recorded cases. How many more attacks on citizens, business communities, public and media organizations are happening remains a matter of speculation.

In 2023, Ukrainian security analysts recorded and processed 1105 cyber incidents, as reported by the State Service of Special Communications and Information Protection of Ukraine . This is 62.5% more than in 2022. These attacks continue unabated.

+However, Ukraine was already prepared, wasn’t it?

Let’s delve into history. A few years ago, Ukraine was “prepared” by an unfortunate incident. It was the year 2017, referring to the massive Petya virus that caught Ukraine off guard. At that time, almost all major enterprises, most medium-sized businesses, government structures, and critical infrastructures were attacked. According to reports from the Ukrainian cyber police, the attack was likely “seeded” by a mechanism in the software update of the M.E.Doc accounting program used by companies working with Ukrainian government documents. This may explain why a huge number of Ukrainian organizations, including the government, banks, state energy companies, Kyiv airport, and metro, were affected. For example, the Chernobyl NPP radiation monitoring system was disconnected from the network, forcing employees to switch to manual counters and manual control overall.

The second wave of the epidemic was reproduced by a phishing campaign with malicious attachments. Microsoft experts confirm that some infection cases started with the installation of the M.E.Doc update. InDevLab’s DevOps specialists and cybersecurity experts found and “cleaned up” traces and remnants of the Petya virus in client infrastructures and servers even in 2021-2022.

“It’s needless to say, but I’m convinced that the Petya virus specifically pushed the IT community and IT directors to think about protecting their resources. This loud cyber incident “helped” top management allocate funds and start building the security of organizational IT perimeters.”, says Mary Prokhorova, CEO of InDevLab.

The last presidential elections in 2019 also presented a variety of attacks and new technologies. During active presidential campaigns, there were deliberate attacks among many media outlets aimed at disrupting operations, intimidating, or deleting content and editorial work.

+Correct decisions, regulations, or coincidences?

“The government’s decision to allow moving IT infrastructure outside Ukraine for all organizations was and remains the right one. I believe that thanks to this decision, the country’s critical IT infrastructure withstood.”, says Mary Prokhorova, CEO of InDevLab.

After COVID-19, remote and hybrid work formats were already established in enterprises. As a result, large and medium-sized businesses had already moved part of their staff to remote or hybrid work formats.

However, it is worth noting that at the time of the full-scale invasion, Ukraine quickly reacted and secured its resources. The state quickly allowed the transfer of resources to safer regions not only for businesses and large commercial organizations working with citizens’ data but also for state services. Thus, most infrastructures moved to the clouds, building new environments on more modern technologies. The resources and security measures of AWS, Hetzner, MS Azure, and Google Cloud far surpass any locally built on-premises IT infrastructure. And the scalability resources allow handling any load.

+Volunteering in cyberspace

We must say that cybersecurity and data protection applications also played a crucial role. Large IT companies provided free comprehensive access to their products, including Microsoft, Amazon AWS, CloudFlare, and other providers. Many vendors provided their products and technologies for free during the war. Many service provider companies help state and public initiatives on a pro bono basis.

In the first days of the war, InDevLab, thanks to the initiative of its employees, organized an initiative group that, in parallel with cyber warriors, engaged in filtering and blocking fakes, information channels of sabotage and intelligence groups, and products of information warfare. Within the first week, we gathered more than 100 activists who blocked over 6000 resources. Later, this initiative evolved into creating our own product that allows managing information security in a corporate environment and blocking fake and dangerous content.

Experts from the USA, NATO, and individual EU member countries are helping Ukraine ensure cybersecurity. For example, Denmark conducted a three-month training for Ukrainian cybersecurity specialists. Microsoft and ESET experts helped Ukrainian colleagues prevent an attack on one of the energy distribution companies in April 2022, as reported by the State Service of Special Communications and Information Protection of Ukraine.

And this undoubtedly has a significant impact on resilience in cyberspace.

We extend our sincere gratitude to everyone supporting Ukraine in this difficult time. Assistance in information security is crucial now, as there are no funds in the public sector to ensure information security.

+What does FinTech have to do with it?

Ukraine has a developed banking industry, and overall, Ukrainian FinTech serves as an example of convenience, speed, and innovative approaches to citizens, businesses, and financial services. As early as 2015-2019, we had online banks in the form of applications where various operations could be conducted: payments, fund transfers, tax payments, utility bill payments, and more.

During the pandemic, virtual cards and the ability to verify identity online quickly emerged in Ukraine. Accordingly, with the evolution of technologies and application methods, the requirements for security, tools, and processes ensuring compliance with these requirements have also changed.

At InDevLab, we implemented tools for secure and remote identification of individuals and legal entities for opening accounts and updating information during the COVID-19 pandemic. Going through the entire process from design to implementation, we practically tested the relevance and effectiveness of security requirements for banking services and regulatory requirements. Indeed, the internal security policies of bank departments and local regulators are very meticulous about data processing processes, both at the IT component level and in terms of business processes. But this combination of meticulousness, standards, rules, the principle of “trust no one,” and at the same time openness to innovations produces excellent results in the form of modern, secure services.

Furthermore, Ukraine’s financial system adapts to changes and promptly addresses challenges during wartime. For example, the joint POWER BANKING network, initiated by the NBU, played a crucial role in providing offline services in banking institutions, even in blackout conditions.

+Principles of the Best

Modern Ukrainian businesses learn from their heroes. During the war, our heroes include workers and objects of critical infrastructure who continue their work despite all adversities. These heroes are banks, telecom operators, and transport companies. For contemporary Ukrainian businesses, it is important not only to function but to be prepared for all risks. Risks include rocket attacks, blackouts, as well as cyber incidents. Ukrainian civil society has grown in understanding risks and methods of prevention. Risks related to information security are also considered absurdly important.

Small and medium-sized businesses emulate the principles of the best: behavior, policies, procedures, and actions of large companies. Along with copying processes and decisions, the attitude toward information security, internal security policies, and methods of preventing cyber risks is also replicated.

IT Literacy and Modern Technologies

Ukraine is a hub for the development of young IT professionals working in various directions with modern frameworks and technologies. Before the war in 2021, there were approximately 285,000 IT professionals working in Ukraine, and around 5000 companies provided IT services. This has also influenced the understanding of digital hygiene principles and adherence to basic rules of behavior on the internet. The high engagement of the population in the IT industry is reflected in software tools used for business digitalization and automation: software is implemented using modern technologies and adheres to current trends, and most corporate systems for small and medium businesses are in cloud applications, utilizing tools from modern cloud providers.

In Conclusion

Ukraine’s experience demonstrates that in cyberspace, organizational readiness for challenges is as important as technical readiness, setting an example for other countries. 

Overall, Ukraine acts as a significant player in cyberspace, capable of effectively countering modern cyber threats during times of war. Ukrainian cybersecurity experts collaborate on both domestic and international levels, sharing their experiences with other countries.

Practical advice on building a resilient IT infrastructure and basic security perimeter will be discussed in our next article, where we will delve into practical tools and principles.