The malware was discovered by cybersecurity companies ESET and Symantec, which spotted the virus on hundreds of Ukrainian computers. Malware has also been detected in Latvia and Lithuania.
The attackers have been in the networks of affected Ukrainian organizations for several months, says ESET’s Dave Masland: “It appears that they deliberately chose this moment to spread the malware to further destabilize the country.”
demolish computers
The malware, known as a wiper, was created to digitally destroy computers. With ransomware, files are encrypted and attackers demand a ransom, files are destroyed with a squeegee, and there is often no way back. “Wiper is only used if you want to inflict serious harm on your opponent, and it is used very consciously to break things down thus creating turmoil, chaos and fear,” says Frank Groenwegen, a cybersecurity expert from Deloitte.
Groenewegen investigated a number of these wiper attacks for his work: “Wiper destroys entire computers or computer networks. If it occurs in critical infrastructure, such as power or telecom companies or banks, it can cause major social disruptions. Wiper is used in cybersecurity.” The most terrifying scenario.
There are now huge queues in front of ATMs in Ukraine, sees RTL News correspondent Jeroen Akkermans:
digital war
The Spaces attack comes on the heels of a number of previous digital attacks on Ukraine. A mop disguised as a ransomware attack was also distributed in mid-January, according to reports. Research from Microsoft. And in recent days, Ukrainian government websites have been attacked using DDoS attackscausing a temporary disconnection of the Internet.
Masland says the war now being waged will largely take place in the digital sphere: “Ukraine has been subjected to cyberattacks for seven years. In 2015, part of Kiev’s power grid was shut down by a hack. We have been trying to destabilize the country for years, but the attacks Accompanying the invasion now is a form of digital warfare that we have not seen before.”
How does the mop work?
Wiper is a form of malware that infects a computer and then corrupts important files. For example, these files ensure that the computer is working and can restart. The scanner turns off the computer and then does not turn it on again.
attackers
The scanner, currently known as HermeticWiper, is currently under investigation. Its origin remains unclear, but references point to Russia: “It fits the way Russia has been working in the digital field for years,” Groenwegen says. Western intelligence previously provided evidence that Russia was behind major cyber attacks against Ukraine.
The current digital attack is similar to the NotPetya attack from 2017. Then many Ukrainian companies were hit by a mop that caused a lot of damage. European companies have also been hit by NotPetya: Danish logistics company Maersk and its Rotterdam subsidiary APM Terminals, among others, have been idle for a while.
Maasland believes that it is a realistic scenario that the Netherlands will also become a victim of these cyber attacks: “The current scanner has already been observed in Lithuania and Latvia and there are many Dutch companies with subsidiaries in Ukraine whose networks are interconnected. We have a role in this conflict because we provide assistance to Ukraine and therefore we have growing risk profile.
Electronic aid from Europe
Ukraine receives digital support from the European Online Rapid Response Team (CRRT). The initiative, founded in 2020, is coordinated by Lithuania. In addition to the Netherlands, Estonia, Finland, Croatia and Romania are also part of it. The team should support Ukraine with a digital defense against cyber attacks.
It is not yet clear what this defense will look like. Groenewegen expects the team to primarily look for vulnerabilities in critical Ukrainian infrastructure systems and networks: “You can also see the team as an extension of the participating countries, which all have their knowledge and resources to counter these kinds of attacks. And then that support seems very good to me.” .
Attacking is easier than defending
Groenewegen explains that Russia is a digital superpower: “They have been working in the digital field for a long time and I have researched the incredibly advanced and technically complex Russian cyberattacks. The difficult thing for Ukraine is that digitally attacking is much easier than defending.”
Maasland also believes that Ukraine can do more than defend at the moment: “Technical expertise is always scarce and all the priority now is defense rather than offense. You can also see this in the digital assistance Ukraine is receiving now: everything is targeted at to help defend Ukraine Ukraine”.
difficult and dangerous
The tricky thing about cyberattacks, Groenwegen explains, is that they are sometimes difficult to associate with an attacker: “Now you can carry out cyberattacks that appear to be coming from Russia or Ukraine, in order to throw more fuel on the fire and possibly uncontrolled attacks. To provoke a backlash. You can always say no. And that’s what makes it so difficult and dangerous.”
Russia last week denied responsibility for the cyber attacks on Ukraine. The Russian Embassy said Reuters These allegations are “not based on anything”.