Malicious hacking groups, including government-backed hackers from Russia, North Korea, Iran, and China, are using the Russian invasion of Ukraine to carry out cybercrimes designed to steal sensitive information, money, and login credentials from victims worldwide. One of the most active malicious groups is Russian-based Coldrives also known as Calisto which is targeting Western NGOs, think tanks, military agencies in Eastern Europe, and the NATO Centre of Excellence.
The campaigns use newly created Gmail accounts to send phishing emails containing links designed to steal sensitive information. Another threat group is Belarusian-based Ghostwriter which is responsible for phishing attacks simulating a browser within a browser in order to spoof legitimate domains. Then they use these domains to host websites designed to steal login credentials.
Hackers can easily use stolen usernames and passwords to conduct cyberattacks because users still neglect two-factor authentication (2FA). According to DCMS Cyber Security Breaches Survey 2022, only 37% of businesses have any requirements for 2FA while for charities this figure is even lower – 31%. By neglecting 2FA users leave their accounts vulnerable to cyberattacks and hacking.
2FA requires a user to use a text message, app, or hardware key to confirm that he/she is attempting to log in. This security feature prevents hackers from using stolen passwords. Malicious actors can get login credentials using phishing emails, by finding them in previous data dumps, or simply by guessing if a password is weak. The least secured industries in terms of the use of 2FA are hospitality and food.
The recent $600 million hack of a crypto “bridge” supporting Axie Infinity’s play-to-earn game has highlighted the increasingly problematic nature of the arcane software used in the world of blockchain and metaverse. In 7 different incidents, the industry lost over $1 Billion due to weaknesses in bridges, the technology allowing tokens designed for one network to be used on another blockchain.
Apart from Ronin, the list of major security incidents related to bridges includes such projects as Wormhole, Meter Passport, and Qubit.
Bridges are also vulnerable to other issues, apart from hacks, such as the loss of control of the project by the bridge development team. Also, it is often impossible to figure out who created a bridge or operates it since teams may remain anonymous. Validators’ names may also be kept secret. There is a risk that the team behind a bridge may not have enough security specialists to rapidly address potential issues. The higher the value of assets going through bridges, the higher the level of risks.
Ukrainian authorities and non-governmental organizations are collecting donations in crypto to buy equipment for the Ukrainian Armed Forces. At the same time, there are fears that russian wealthy individuals such as those closely tied to Putin may use crypto to evade Western sanctions. It is the first time the world is witnessing the power of blockchain at scale.
Due to its anonymous nature, crypto allows governments or businesses to raise funds for causes that would not be allowed through traditional fundraising platforms. This feature raises a dilemma of whether it is moral to use crypto for buying weapons.
Crypto is also helping ordinary Ukrainians. It acts as a buffer for those who have been forced to leave their country. However, for an individual without any knowledge about crypto, owning digital assets may be too complex. Although crypto plays a huge role in the war, it is not decisive.
During the first month of the war, Datagroup, the company providing services for telecom operators, resolved 350 DDoS attacks targeting Ukraine’s telecom network. The largest attack measured 103.6 Gbps while the longest recorded attack lasted 24 days. Russian hackers are actively targeting such sectors as government, telecommunications, and finance.
According to the State Special Communications Service, the country has already experienced >3,000 DDoS attacks. The record was 275 DDoS attacks per day. During 15-22 March, Ukrainian critical infrastructure and public organizations experienced 60 cyber attacks. Although the number of attacks is growing, most of them are not successful and even those that have some elements of success do not cause any serious damage to Ukraine.
Subscribe to our newsletter
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.