By Noah Fulton Beale

KYIV – To many, the word ‘Ukraine’ will conjure up memories of recent cyberattack headlines. The country has come under attack on multiple occasions throughout recent years with businesses, banks and state infrastructure all targeted. While organizations and businesses in Ukraine are taking strong steps to become secure, many attacks are seen to have penetrated security measures far too easily.

Breaches in cybersecurity have been on lawmaker's agendas for years now, but here in Ukraine, as the country enters the fourth year of a complex war with Russian-backed separatists in the Donbass, increasingly supported by foreign hackers and online trolls, the stakes have never been higher.

A Hybrid War

Four major cyberattacks have seriously rattled cages here over the last four years. Other smaller attacks, part of a broader campaign, have gone largely unreported.

In 2014, a pro-Russian group called CyberBerkut targeted Ukraine’s first presidential elections after the Euromaidan Revolution. In December 2015 and 2016, hackers took down portions of Ukraine’s power grid during two bitter winters, endangering lives and raising serious concerns about the vulnerability of essential state infrastructure.

Around the same time, BlackEnergy malware was used in a sophisticated attack on the Finance Ministry, State Treasury and National Bank, causing severe delays to payment of pensions and salaries.

Last June, the NotPetya attack struck 1,500 separate entities in Ukraine before spreading around the world. In the United Kingdom, computer systems of the National Health Service were taken offline, temporarily crippling hospitals. Ukrainian cybersecurity experts say that their country, bogged down in a messy conflict with Russia and their proxies, is the victim of a new form of hybrid warfare—one that includes high-level cyberattacks.

While it's being used as a testing ground and "laboratory" for this new form of modern warfare, Ukraine isn’t the only victim of the attacks. Across the Baltic States and Europe, attacks on businesses and state infrastructure have become startlingly common.

“All countries are very vulnerable,” says Oleh Derevienko, head of Information Systems Security Partners, or ISSP, a leading cyber security company in Kyiv.

Derevienko says the high profile attacks are part of a continuous wave of new hacking weapons being deployed as part of what he calls a “massive, coordinated cyber invasion.”

Each attack is larger than the one before, according to ISSP analysts, and such coordinated hacking campaigns, lasting for many years, are only possible from a sophisticated and dedicated teams of profesionals.

While many will shy away from directly pointing fingers and assigning blame, Derevienko has no such concerns and says Ukraine has come under attack from a single nation-state assailant: Russia.

Data centers, like the one pictured, can be very vulnerable to cyberattacks if they're not properly protected. Ukraine has been the target of a number of sophisticated attacks originating from Russia in recent years. (Photo supplied).

Russian Attacks, Meant to Cause Chaos

Cyberattacks don't just take down computers and empty bank accounts, they can directly endanger lives too. Residents of Kyiv learned this firsthand when the city’s electric grid was hacked during two bitter winters, leaving thousands without energy.

But threatening lives isn’t the primary aim of this kind of warfare.

Derevienko says that the main reason is more psychological and attackers are aiming to create “a sense of uncertainty and chaos in a country.”

“One reason Russia [carries out] these attacks, is they want to create a perception worldwide that Ukraine is not safe for business,” says Junaid Islam, CEO of Silicon Valley cyber security firm Vidder.

To counter this Russian strategy, Ukraine’s government and businesses have been focusing more attention on cyber security. The military and a newly-formed, special cyber police force have been empowered by fresh legislation that creates a proper legal framework for cyber defense and collaboration between authorities and companies.

But according to Derevienko, a crucial next step is to train more cybersecurity professionals and get them into the fray.

Cybersecurity Alliances, Employer Black List

Experts and officials here are quietly cooperating with other countries on the issue of cybersecurity.

It’s a mutually beneficial arrangement: international experts come to share their knowledge and also get the chance to learn about the latest cyber weapons being deployed here in Ukraine. NATO has supported technical development here since 2014 while the US committed $5 million in aid last September as part of a larger effort to align Ukraine's technical capacity more closely with the West.

Aleks Mehrle, US-based president of Ukraine Global Trade and Investment, says helping Ukraine achieve higher levels of cybersecurity will help the EU and US gain a strong ally.

But while governments negotiate, others have begun taking security into their own hands.

Software development is Ukraine’s third largest export, and while companies are generally tight-lipped about their security protocols, they're taking measures to get protected.

Boris Pratsiuk, head of R&D; engineering at outsourcing firm Ciklum, says that they have a “special department, with special equipment” keeping clients’ projects safe.

Asked if Ciklum had problems with people trying to compromise their security, he admitted that they had, but declined to comment further. He said: “I cannot tell you. But we solved the issues when we found them.”

Ukraine’s IT companies quietly collaborate to deal with employees who have committed sabotage or left back doors open for hackers to exploit.

“Our recruiters…have this blacklist,” Pratsluk said, explaining that his interview process for potential employees involves a check against an industry-wide list of people with “bad history.”

One big problem, according to Islam and Derevienko, is common worldwide: the most basic of security procedures are ignored.

The ‘NotPetya’ attack that caused $500 million in losses last June, simply and cleverly exploited a flaw in the Windows XP operating system that Microsoft had issued an update for. The attack struck computers that had not installed the update. Islam says that outdated software and poorly-secured emails is creating a crisis that hostile players easily exploit, especially in Ukraine.

For comments or story ideas please contact UBJ Managing Editor, Jack Laurenson, at: laurenson.jack@theubj.com.

Posted April 11, 2018.

Reported by Noah Fulton Beale. Jack Laurenson contributed to this story.