It’s not obvious whether Russia is behind the recent cyberattacks on Ukraine

On Tuesday, a “powerful” assault was launched on Ukraine’s military websites and two of the country’s largest banks, but it wasn’t immediately linked to Russia, and cybersecurity experts say it may be a different threat actor.

Ukraine has not yet implicated Russia for the recent cyberattacks.

A distributed denial-of-service (DDoS) assault was launched on Tuesday targeting “a number of Ukraine’s information resources,” according to a statement from Ukraine’s State Service for Special Communication and Information Protection. The Ministry of Defense and Ukrainian Armed Forces websites, as well as Privatbank and Oschadbank, were all targeted.

The Ukraine government agency reported that the “strong DDoS assault” disrupted the online services of the two banks and shut down access to the Ministry of Defense website.

No attribution was given for the hacks, and a statement issued by the Ukrainian Ministry of Defense was similarly silent. The agencies have been contacted by VentureBeat for comment.

According to U.S. Vice President Joe Biden, Russia has gathered 150,000 soldiers along the Ukrainian border. Moreover, Russia has used cyberattacks as part of military operations in the past, such as in Georgia and the Ukraine’s Crimean Peninsula.

Recent assaults on Ukrainian government websites, many of which were unavailable or defaced, have been attributed to Russia, according to Ukraine.

There is still no proof that Russian troops are leaving Ukraine, but the Russian military is claiming that they will.

Some experts believe that Russia does not have enough soldiers near Ukraine to carry out a “full-scale attack” into the nation.

Other alternatives are available to us.

According to Justin Fier, head of cyber intelligence and analytics at cyber company Darktrace, “we must be cautious at this time to point fingers” because of the scant public information about today’s intrusions targeting Ukrainian targets.

According to Fier, “this incident might be another actor taking advantage of an already difficult scenario in the area”

He described DDoS assaults as “not especially clever” and “quite straightforward to mitigate,” noting that they aim to shut down websites or networks by flooding the web server with traffic.

“Attackers know this will make the headlines and generate worldwide debate without doing enough harm to trigger an aggressive reaction from the victim,” Fier added.

There are cases like these when “exact attribution is difficult,” stated Tim Wade, a technical director at Vectra, in an email. “There is no lack of people who might profit from a period of uncertainty or instability.”

An email message from Cybereason’s chief security officer Sam Curry stated it would be premature to blame Russia at this stage. One possible culprit is a “Aligned with Russia” organisation or “internal separatists,” he claimed.

The use of a distraction method?

A “diversion from something else, like a stealthier hack,” Curry added, may be the reason for the strikes.

“Across our client base, we see loud attack approaches like these utilised to confuse security professionals while bad actors stay within digital systems to carry out more devastating strikes behind the scenes,” Fier added.

In order to achieve this, hackers might steal or manipulate important data, shut down crucial systems, or “just lie dormant until the perfect moment arrives,” he added. “We’ll have to wait and see whether that’s the case.”

Fier chimed in, saying:

It is alarming but unsurprising to see attackers hit their financial systems, especially when the global economy is facing significant pitfalls – the stakes are higher for defenders, and attackers can maximize damage. The cyber industry has been anticipating an attack of this nature in recent weeks, and until further details emerge, all organizations must be vigilant and heed the cautions issued by national federal agencies.

According to cybersecurity experts, Russia will surely utilise cyberattacks as a significant component of its strategy if it plans to invade Ukraine, as it has done in the last decade-and-a-half in prior military assaults.

“The United States of America is prepared to retaliate”

On Tuesday, Vice President Biden raised the risk of Russian cyberattacks affecting the United States.

Asymmetric measures, such as disrupting cyberattacks on American corporations or essential infrastructure, are a possibility for Russia to target the United States and its allies, according to Vice President Joe Biden.

Earlier this week, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that Russia’s actions in Ukraine might lead to cyberattacks on US sites.

“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” CISA said in its “Shields Up” warning. “CISA recommends all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”