Ukraine, home to cafes, gold-roofed cathedrals and beautiful ski resorts, also boasts the second-largest army in Europe (after Russia). Given that, and its rocky history with neighboring Russia, Ukraine has also seen some of the biggest recent cyber attacks. The postal service was hit already earlier this summer, in June by the NotPetya ransomware attack. At that time, a wider attack hit Ukrainian infrastructure: banks, the power company, public transportation and television stations were all impacted.
On the heels of that attack, here is what just happened (and what it teaches us about cyber security).
Taking Down the Postal Service
The Ukrainian postal service, Ukraposhta, used Facebook to inform the world (and customers) of the attack. On Monday, August 7th, the Ukraposhta’s website was hit with a DDoS (Distributed Denial of Service attack). According to their posts, they were able to regain control and site functionality.
Then on Tuesday, August 8th they posted, “Friends, we’ve been DDoSed. During the first wave of the attack, which began yesterday in the morning, our IT services could normalize the situation, and after 17:00 all the services on the site worked properly. But today, hackers are at it again. Due to their actions, both the website and services are working, but slowly and with interruptions.”
DDoS attacks have been a hacker staple for many years, but especially in the past several when they have grown a “botnet army” and increased in cyber attack sophistication.
The most common DDoS attacks hijack internet-enabled devices, known as the Internet of Things (IoT), such as ATMs, DVD players, and other home appliances. First, the devices get infected with malware. Then, on the command of the hacker, they send requests for service to a site chosen for the attack, to overwhelm servers with denials of service (thereby preventing legitimate transactions from occurring). At its worst, cyber attacks of this kind have basically halted the internet.
While IT departments can restore service, like the Ukrainian postal service ultimately did, DDoS attacks cost big money: customers cannot complete transactions, employees work overtime to try to restore service, and outside professionals often must be brought on.
Experts have long agreed that the solution to DDoS attacks cannot only be restoring service while under attack. The solution must begin earlier. It’s a little bit like when auto-manufacturers did want to install seatbelts. Seatbelts are costly, they said, and the solution is for people to drive more safely. Eventually, legislation won out and seatbelts became the first of now many required safety features.
The solution to DDoS attacks requires a similar front-end handling: password-enabled devices. Many devices utilize Universal Plug and Play, or UPnP: devices get plugged in and work, but also automatically communicate with the internet and inform one another of their locations. No authentication required. That lack of authentication is one part of the problem. Most devices allow for UPnP to be turned off if they still have that system. More and more devices allow for the user to change default passwords, a must for device security. That’s the second part of the problem: untrained users. There is no “driver’s license” for the internet.
These kinds of solutions would stop a botnet army in advance of an attack, like the one on Ukraposhta.
Cyber Security Monitoring
Unlike driving automobiles, which nearly every child aspires to do some day, technical knowledge has often been left to the experts, IT departments. Unfortunately, that does not always work. Anyone who uses the internet can learn to protect themselves from basic cyber security vulnerabilities. Then, for the more sophisticated stuff, hire external experts like Massive Alliance. It is the commercial driver’s license of the digital world.