Tag: TROJANS. | Page 2

Ukraine Cyber War Drags On With Stealers, Trojans and More

February 21, 2023/in Computer Security

Technical and non-physical attacks have always been a part of modern warfare. During World War II, the Allies used advanced cryptanalysis to decrypt encoded messages sent by the Axis powers using the Enigma ciphering system. Led by Alan Turing, this breakthrough provided the Allies with valuable military intelligence and helped win the war.

Fast forward to present-day warfare, where the cyber front has never been more intense. On February 24, Russia’s computer hackers targeted Ukraine’s satellite communications system, run by the U.S. firm Viasat, as Russian tanks prepared to invade. The attack occurred just before the invasion and was likely an attempt to disrupt Ukraine’s communications. Then there was an onslaught of wiper programs targeting hundreds of Ukrainian systems. Attackers later launched the malware Industroyer2 to take down the country’s electricity grid.

How effective were these attacks? What is the state of cyber war now? Let’s find out.

Level of Damage Depends on Context

If you are sitting in an office in Silicon Valley and your network suffers a major incident, it’s a big deal. In some studies, the average cost of a data breach is $4.35 million. But when missiles, tanks and lost lives enter the picture, the entire perspective of cyber warfare changes. There’s no doubt cyberattacks have had an impact on Ukrainians. However, these attacks did not plunge the country into permanent darkness. They did not cut off communications and the internet completely. So at the level of a full-blown war, the impact of Russia’s cyber assault is debatable.

The Carnegie Endowment for International Peace stated that during the early stages of Russia’s invasion of Ukraine, cyberattacks may have had a limited impact. Traditional jamming techniques and the disruption of Viasat modems may have degraded Ukrainian communications. Data deletion attacks contributed to the chaos in Ukraine, but the organizations targeted reportedly experienced only minor disruptions.

More recently, the frequency, impact and novelty of Russian cyberattacks have significantly decreased. And the overall benefit to Moscow’s military ambitions may have been limited. On the other hand, maybe…

Source…

Botnets, Trojans, DDoS From Ukraine and Russia Have Increased Since Invasion

November 16, 2022/in Internet Security

Activity from IP addresses in Ukraine and Russia has shown a substantial spike in malware, helping botnets spread since February 2022.

The data comes from security researchers at Top10VPN, who shared a report about the findings with Infosecurity ahead of publication.

In particular, Trojan malware with more significant increases in activity from Ukraine and Russia IP addresses since February 2022 included Citadel Trojan, CoreBOT Trojan, Wauchos Trojan and Nivdort Trojan.

“Some of the biggest sustained increases in malware activity since the war began were in Ukraine [and] have related to trojans, several of which can be used to create botnets,” wrote Simon Migliano, head of research at Top10VPN.

“This suggests that bad actors may have been targeting Ukraine, where cybersecurity has naturally been a lower priority for much of the population, in order to expand their botnets.”

Further, the report suggested an increase in the Avalanche malware families using Russian and Ukraine IP addresses despite the shutdown of the crime syndicate in 2016. In this regard, Top10VPN observed individual daily surges of as much as 1500% compared to before February.

“Despite the dismantling of major botnets Avalanche and Andromeda/Gamarue several years ago, some of the key malware families that were hosted on the now-defunct networks have been particularly resurgent in Ukraine and Russia in recent months,” Migliano added.

“While this is not to suggest that these networks have somehow been resurrected, it’s concerning to observe increases in the threat posed by this malware localized to countries directly involved in a major conflict.”

The report also noted that distributed denial-of-service (DDoS) attacks originating from Ukraine increased 363% in March compared to the average before February.

“These distributed denial-of-service (DDoS) attacks became relentless once Russia’s military invaded Ukraine on February 24, as the Kremlin sought to weaken its enemy by knocking offline critical networked infrastructure,” Migliano explained.

Further, while the most significant increases in malware activity have come from Ukraine IP addresses, Top10VPN noted that there have…

Source…