DDoS attack in Ukraine - State Banks Lose Connectivity

Mainstream media has reported that the Defense Ministry of Ukraine and several state-backed banks were hit with distributed denial-of-service (DDoS) incidents or disruptions on Tuesday. The Defense Ministry website is down, and it confirmed that it was attacked, cautioning the people that it will be communicating through Twitter and Facebook.

"The MOU website was probably attacked by DDoS. An excessive number of requests per second were recorded. Technical works on restoration of regular functioning are being carried out," the Defense Ministry said on Tuesday afternoon in a statement.

The confirmation came as residents of Ukraine reported problems with some ATMs and banking services at State Savings Bank, PrivatBank and Oschadbank.

NetBlocks, an organisation tracking internet outages around the world, confirmed the loss of service to multiple banking and online platforms in Ukraine "in a manner consistent with a denial of service attack."

"Metrics indicate impact beginning from early Tuesday intensifying in severity over the course of the day. Work is ongoing to assess the incident, which is ongoing at the time of writing," NetBlocks said.

CrowdStrike, a security organisation has commented on this attack.

“Today, we observed multiple DDoS attacks against targets in the Ukraine, and indications of a broader information operation involving SMS messages. The DDOS attacks targeted Ukrainian servers associated with government and financial institutions. Telemetry acquired during the attacks indicates a large volume of traffic three orders of magnitude more than regularly observed traffic, with 99% of this traffic consisting of HTTPs requests, indicating the attackers were attempting to overwhelm Ukrainian servers. CrowdStrike Intelligence cannot attribute these attacks at this time. Various Russia-nexus adversaries have been targeting Ukrainian infrastructure since 2014 and are believed to engage in operational preparation of the environment.

While there is no evidence of any targeting of western entities at this time, there is certainly potential for collateral impact as a result of disruptive or destructive attacks targeting Ukraine - this could impact companies that have a presence in Ukraine, those that do business with Ukrainian companies, or have a supply chain component in Ukraine such as code development/offshoring.

CrowdStrike urges organisations to remain vigilant and implement innovative technology to amplify their security posture. The two most effective things that organisations can integrate are a managed threat hunting program to help stop threats before they turn into breaches and establishing an identity-centric Zero Trust architecture," said Adam Meyers, SVP of Intelligence, CrowdStrike.