Russian cyberattacks on Ukrainian businesses: types, dangers and countermeasures

Russia is trying to destroy Ukraine not only with weapons, but also with attacks on businesses in an attempt to weaken and destroy the economy. One recent example is the attack on the telecommunications company Kyivstar on December 12, 2023, which paralyzed a large part of businesses. The lack of internet and communication led to significant losses among small and medium-sized businesses. The network was fully restored only a week later.

Rubryka spoke with Danylo Belov, director of business development at UCLOUD, to learn how businesses can protect themselves from hacking attacks and make their digital space safe and secure.

What is the problem?

Multiple types of cyber attacks can be used against businesses or individuals, so it is not enough to defend against one species because the enemy usually combines them.

The situation with cyberattacks by Russian hackers against Ukrainian businesses has not changed since the beginning of the full-scale invasion. They use combo attacks just as often. Their combination depends on what the thief needs, what the goal is, what its size and volume are, and what kind of damage they intend to cause.

Danylo Belov, director of business development at UCLOUD. Photo from the speaker's archive

Among the main types of cyber attacks are phishing, data theft, spoofing, DDoS attacks, encryption, and SQL injections.

• DDoS attacks are the most common weapon to target businesses. The goals can be different — earning money selling bot farms, blackmail, or offering attacks on competitors. With DDoS, hackers disrupt the operation of one or more components of a website or application connected to the network. A sign that this type of attack has hit a business is a decrease in speed or a site shutdown. DDoS can be tracked thanks to special services. Also, some Internet providers have a package of services to protect against DDoS attacks.

The recent cyber attack on Monobank can be cited as an example. In this case, Russian fraudsters conducted DDoS attacks constantly for two weeks. The bank has become one of Ukraine's most attacked IT targets.

• Phishing – the extortion of personal data, passwords, and bank data for the purpose of fraud – is dangerous for businesses because criminals can gain access to the corporate ecosystem through one employee. Often, fake pages with similar-looking domains are used so that an inattentive user clicks on the link and drains their data. They also use spam e-mails with embedded links. 

To avoid falling prey to fraudsters: 

• Avoid clicking on unfamiliar links or downloading unknown files 
• Check the number of devices connected to your account.

SQL injection is another common method of attacking computer systems. A hacker injects malicious code into the system to destabilize and further control it. Once the system is accessed, attackers can steal credentials, passwords, or other data. It may also be possible to gain control of the system and interfere with its operation. For protection, you need to choose secure networks and enable two-factor authentication.

Most often, Russian hackers attack Ukrainian government institutions, critical infrastructure facilities, and large businesses. This can strongly impact the situation in Ukraine, because destabilizing economic activityis an essential goal for Russia.

For example, due to the attack on Kyivstar, the largest cellular network, many businesses stopped because they could not work without mobile communication and the Internet. Payment terminals were also affected, which prevented financial transactions.

Illustrative image.

Russian hackers do not usually purposefully attack medium and small businesses – but if they find a weak spot in the defense, they will use this chance, especially if the business is somehow related to the military realm.

"Most often, Russians attack state institutions, critical infrastructure facilities, and large businesses. It does not make much sense to carry out cyber attacks directly on small and medium-sized businesses. It is more beneficial for thieves to disable banks, the financial sector, communication providers  and cloud data centers because the functioning of most companies depends on them," explains Belov.

But even though the main goal of hackers is most often big businesses, small and medium-sized businesses still need to protect themselves, at least from unscrupulous competitors.

The consequences can be different, depending on the attacks intensity, duration, and success of the attacks. If the protections are insufficient, the attacks can cause financial or reputational impact, and even lead to the closure of the business. It all depends on the cyber attack's scale, the defense system's strength, and the hackers' goals.

What is the solution?

"The main rule of thumb for business protection is that the amount of effort, time, and money spent by hackers must far outweigh the information they can gain from an attack. In this case, the company ceases to be interesting to criminals," says the expert.

In order to protect small businesses, it is crucial to observe their information hygiene — periodically change passwords and clear cookies, enable two-factor authentication, and use a password manager. It is important to use licensed programs and verified VPN services and not to use unknown or suspicious programs. Also, for safe surfing on the Internet, you should install an antivirus software.

Illustrative image.

It is more difficult for a medium business to protect itself. The information hygiene tips described above are suitable, but taking care of more reliable protection is vital, for example, having a backup in the cloud or on physical media and equipping additional services to prevent attacks from Internet providers. More often than not, cloud storage services provide additional protection against hacker attacks. This will benefit any business because you will not have to spend extra money on equipment.

How does it work?

Today, the market is flooded with digital products and services that detect attacks, provide protection, and manage responses to attacks. They also help monitor network bandwidth and adjust it as needed.

IT specialists and equipment can get involved to successfully respond to cyber attacks. But often, small and medium-sized businesses cannot afford their own specialist. It is too expensive because they must have very diverse knowledge — from understanding technology operation to building effective software solutions. It is more profitable for small and medium-sized businesses to look for partners who can provide the necessary equipment or specialists. The main criterion when choosing a partner is reliability. It should be a proven company because trusting your protection to unreliable people is dangerous. For example, the Leverist.de digital platform for finding business partners in European countries was launched in Ukraine. But the platform has its own requirements for hosting:

• Absence among founders/participants/beneficiaries of companies — residents of the Russian Federation or the Republic of Belarus.
• The absence of company ties with political or oligarchic capital.
• Enterprises should not be associated with the production and sale of alcohol, tobacco, and other substances that have a negative impact on people's health.
• Enterprises should not be related to the defense industry, the production of weapons, and related goods.
• Enterprises should not be under EU sanctions.
• The founders/participants/beneficiaries are not included in Ukraine's sanctions list.

There is also a Ukrainian platform for finding specialists or business partners — bepartner. There is a convenient filter function to helps you find the right specialist. There is also the IT Rating of Ukraine website, where you can search for a suitable partner for business protection.

Small and medium-sized businesses should start with a of "3-2-1" solution to protect their company data: have at least three copies of data, store copies on two different media (online and offline), and store one backup copy outside the main site (for example, in the cloud abroad, not in the office..

Belov says that no option can guarantee 100% protection against cyberattacks. However, achieving 90% or more is still realistic.

"If we talk about protection in percentages, it can approach 96.5%. This is subject to compliance with the principles of cyber hygiene and the use of other protection services. We recommend having backup communication channels and backup copies of important data," says the expert.

↓Read also

What to do with cyber security in Ukraine's regions?

Ukrainian initiative on the forefront of digital cleanup: reducing carbon footprint and combating global warming