No country or company can be protected by itself; particularly now is no time to be isolated. Collaborating, exchanging information, assisting one another — this is the best way to thwart cybercriminals. 

This was the key emphasis from Ukraine state cybersecurity officer Victor Zhora in a keynote at the Blackberry Security Summit today. The chief digital transformation officer at the State Service of Special Communications and Information Protection of Ukraine joined the conference by virtual link from Kyiv. 

Ukraine cybersecurity is most impacted by wiper attacks, he explained — which, unlike typical attacks, are not usually for monetary gain; they are instead a malicious wiping, overwriting or removal of data from a victim’s system. But, he pointed out that in many other countries, the biggest challenge is ransomware. 

“You know why? Because the adversary is seeking funding for advancing their own operations,” said Zhora. “Every country and every company can be a target of ransomware actors. We all need to be protected.”

Rampant attacks on Ukraine cybersecurity

Zhora was a last-minute addition to the conference and, given the ongoing conflict, his appearance was tentative up until the last moment, said Blackberry executive chairman and CEO, John Chen. 

Zhora noted (at that moment, anyway) that, “we’re lucky, we have light, as we have power outages. It’s calm, there are no air sirens.”

Understandably, the state is taking everything, cybersecurity included, day by day, he said. 

“Unfortunately, cyber challenges are not the only ones in everyday life,” said Zhora. “We continue struggling for a right to exist, for freedom, for land.”

He supervises incident response and cyber prevention teams, but ultimately described himself as one of “many, many” volunteers, cyber defenders, cyber professionals and experts helping to defend the country and its digital infrastructures. 

The Russian aggression, both on land and in cyber, has been ongoing for years, ramping up with the official launch of the war in February. Recent attacks include the IsaacWiper malware against Ukrainian government networks; distributed denial-of-service (DDoS) against the Ukrainian banking sector and government websites, as well as the country’s national post office; and phishing attacks against state and media organizations alike. Cybercriminals have targeted nearly every sector, including nuclear facilities, transportation and logistics, and telecom providers. 

Clearly, over the last eight months of war, the country has faced “very severe cyber aggression,” said Zhora.

Lack of Russian strategy provides opportunity for Ukraine

And, while Ukrainian officials expect such malicious acts to continue — and against all critical infrastructures — there have been important lessons learned. A key element of preparation has been training task forces and other professionals with cyber exercises, said Zhora. 

But ongoing power outages have brought changes in priorities, as they must maintain the operation of data centers and communication networks. Zhora explained that in the beginning of the war, the country began moving its IT infrastructure, state registers, databases and information systems to its western regions or to cloud infrastructures abroad. 

They are at least stabilizing amidst continuous power outages, he said, but it is critical to maintain an uninterruptible power supply. 

“The enemy continues to strike our power stations and our power grid,” said Zhora. “This is one of the major challenges at this moment.” 

At the same time, he said, from a cybersecurity perspective, “we see no particular strategy from our adversaries.” They simply take whatever opportunities they can, particularly with use of wipers, which are the most efficient in quickly impacting data, infrastructure and services. 

“The absence of a strategy gives us the opportunity to fix vulnerabilities, to counteract and provide prompt incident response,” said Zhora.

Collaboration is critical

Importantly, though, the country has received ongoing help from the global IT community, as well as governments and private sector experts, said Zhora. This is across all areas, including hardware, software and cloud and wireless systems, as well as cyber intelligence and consultancy. 

“With this help it was much easier for us to continue standing, to continue defending,” he said. “This is perhaps the crucial moment in terms of countering the aggression. We are not alone. What I would like to ask for is to continue this support.”

From an endpoint perspective, there are millions that should be covered via endpoint detection and response (EDR). Across the board, in government and private enterprise, Zhora said there should be central management, strict cyberhygiene rules, increased awareness of the threat landscape, and strengthening of operating systems and network infrastructure. Not the least of which: Improved information exchange. 

“This is a complex process,” he said. “We can’t say we have sufficient resources at this time.”

All told, cyber resiliency relies on collaborative efforts from the global community, he said. Addressing the corporate audience, he underscored the importance of investing in and building a cybersecurity system as a strategic method to improve the cyber resilience of the state.

“We will continue our struggle,” he said. But, “helping us to defend is not the only objective. We need to weaken the aggressor, decrease (their) ability to attack Ukraine and other countries.”

More coverage, tools needed

When asked by Chen whether Ukraine cybersecurity has enough tools to address the situation, Zhora responded, “I hope yes, but we need more. We need to get more coverage.”

He emphasized the fact that, “we don’t have time even to think about how scary attacks can be; we’re just simply doing our best job to protect our country.”

“Hopefully we will be more successful than our attackers,” he said, “and hopefully our armed forces will be, too, and Ukraine will prevail.”