Black Hat In Brief Victor Zhora, Ukraine’s lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country’s conflict with Russia. The picture Zhora painted was bleak.
Zhora, who is the deputy director of Ukraine’s State Service of Special Communications and Information Protection, said cyber incidents in the country have tripled since February, when Russia invaded.
Zhora told attendees that Ukraine had detected over 1,600 “major cyber incidents” so far in 2022, but reports don’t include elaboration on how such incidents are classified. A number of huge incidents happened between March and April, Zhora said, including discovery of the “Industroyer2,” an apparent successor to the Industroyer malware discovered in 2017.
Industroyer was a particularly nasty strain that was able to control electrical substation software and cause power blackouts, as well as damage equipment. Ukraine was hit by a similar malware called BlackEnergy in 2015.
Online attacks against Ukraine were a common tactic in the leadup to Russia’s invasion of the country in late February he said. DDoS attacks took many of Ukraine’s government agencies offline, and new malware strains were discovered in the leadup to the invasion as well.
Fortinet, which reported the jump, said it hadn’t uncovered more than one significant file wiper a year since 2012, and several years when it didn’t spot a new one at all. Of the strains discovered in 2022, all have been used against Ukrainian infrastructure and organizations – in other words the gloves are off.
Back at Black Hat, Zhora…