You're reading: Ukraine improves its defenses against escalating cyber threats
Cyber Security Ukraine's IT Edge EXCLUSIVE

Ukraine improves its defenses against escalating cyber threats

Ukrainian and South Korean law enforcement officers raid the home of hackers in Kyiv on June 16, 2021. This hacker gang is accused of cyberattacks that cost South Korean and U.S. fi rms over $500 million.

The office of Ukraine’s cyber police department — the law enforcement agency that protects from cybersecurity threats — looks old and shabby from the outside. The eye is caught by nine luxury cars, including Mercedes and Tesla models, parked in its backlot.

These cars belong to Ukrainian hackers accused of cyberattacks that cost South Korean firms and major U.S. universities, including Stanford and University of Maryland, over $500 million.

The police detained the criminals on June 16, seizing their computers, cars and about $185,000 in cash.

Raiding houses of hackers is a routine task for Ukrainian cyber police officers: They come uninvited, search suspects’ dwellings and, if lucky, seize stacks of money and equipment that confirm the offense.

Globally, cyberattacks are on the rise. The fastest-growing type of cybercrime — ransomware attacks — caused $20 billion in damages in 2021, up from $325 million in 2015. Ukraine reported over 1.7 million cyberattacks on government services since the beginning of 2021; the number of cyberattacks in the country grows by 10% every month.

Ukrainian cyberspace — poorly protected and underregulated — lures criminals that pursue easy money and hackers backed by foreign powers. To fight against internal and external threats, the government has to make cybersecurity its priority. As of today, Oleksandr Grynchak, the head of Ukraine’s cyber police, said, Ukraine is doing a great job.

“We are going toe-in-toe with hackers: They invent new ways to hack, we find ways to stop the attack,” Grynchak told the Kyiv Post.

Ukrainian Oleksandr Grynchak has headed the Ukrainian cyber police department since 2019. Grynchak said that this year his department is doing better than ever: it received over $1.8 million from the state and took part in four international operations since the beginning of the year. (cyberpolice.gov.ua/)

Ukrainian hackers

The world’s largest hacker cartels, including Fin7, Avalanche, DarkSide and Emotet, are usually based in Russia and Ukraine.

These gangs hire Ukrainian techies because they are skilled and cheaper than hackers in wealthy countries like the U. S. It is also harder to prosecute them because Ukraine doesn’t have proper cybersecurity legislation.

Ukrainian hackers are young, aged between 15 and 30; they usually have no criminal records and have an advanced understanding of information technology and math, according to Grynchak. Their monthly salary starts from $5,000 — much more than the $2,000 that tech specialists can earn in Ukraine.

Ukrainian and Russian hackers rarely target their own countries — they prefer to infect computers in Western Europe or the U.S.

To find hackers that work in international gangs, Ukrainian cyber police usually work with foreign law enforcement agencies like the FBI in the U.S., the BKA in Germany, and the NCA in the U.K.

After getting the approval of the Prosecutor General’s Office of Ukraine, foreign intelligence services usually come to Ukraine and work side-by-side with Ukrainian officers. In June, the U.S. and South Korean officers participated in two dozen raids in and around Kyiv, chasing criminals that hacked their universities and firms.

In October-December this year, Ukrainian cyber police took part in four international operations, Grynchak said. Previously, Ukraine participated in one or two operations per year.

Without this cooperation, it is hard to arrest hacker gangs because they are usually transnational: “One hacker can stay in Ukraine, one in Russia, one in the U.S,” according to Grynchak.

For Ukrainian cyber police, it is better when local hackers work from home. “When they stay in the country, we can punish them in accordance with Ukrainian laws,” according to Grynchak. For a severe crime, Ukrainian hackers are usually sentenced to up to six years in prison, he said.

Ukraine does not extradite its hackers; only criminals detained abroad can be jailed by foreign states.

External threats

Hackers usually work on two fronts. Some of them pursue money — they break into bank accounts or demand ransom for stolen data, while others serve political purposes — they target services that are crucial to the society, like public utilities and cellular networks, or leak sensitive information like emails of state officials.

When over 12,500 Ukrainian computers were attacked in 2017 by ransomware called Petya, which allegedly originated from Russia, it was an example of the attack aiming to “destabilize the situation in the country,” according to Ukraine’s Security Service (SBU).

But when criminals hacked Ukraine’s largest tech company SoftServe in September last year, publishing stolen data on messaging service Telegram, they were reportedly chasing profits by asking for a ransom.

Anyone can become a victim of cybercriminals, Grynchak said. Cyberattacks usually happen because people are too careless about the security of their devices: They do not use strong passwords, click on strange links or untrusted emails and use unlicensed software without antiviruses.

It is a perfect environment for cybercriminals, especially those who use ransomware, the most popular type of malware today. It encrypts all files on the computer and demands a ransom in cryptocurrency to bring them back.

Given that cryptocurrency is anonymous and Ukraine recognizes it neither as property nor money, it is hard to investigate ransomware attacks in the country.

Ukraine has the highest number of malware encounters in Eastern Europe, according to Microsoft Ukraine. In the last 30 days, Microsoft detected over 1.3 million infected devices in Ukraine, compared to 682,000 in Poland, 460,000 in Romania and 320,000 in Belarus.

Most often, Ukraine is attacked by Russia. “We have always been a playground for Russian hackers,” Grynchak said: They test how Ukraine responds to cyber threats or just showcase their power.

These attacks are bad for the country’s image, economy and national security, according to Grynchak. “But they made us more experienced,” he said.

Cybersecurity in Ukraine

Ukrainian experts complain that Ukraine is poorly protected against cybersecurity threats: its laws on data protection are outdated, while the cybersecurity industry lacks proper financing and the support of private businesses. In 2020, the country ranked 78th globally and 39th in Europe by the Global Cybersecurity Index.

The Ukrainian government didn’t care much about cybersecurity before Russia invaded Ukraine in 2014, unfolding its war on two battlefields — Eastern Ukrainian and informational.

To deter Russia’s cyber threats, Ukraine founded a department of cyber police in 2015 and got the support of the so-called hacktivists that countered Russian aggression.

In 2016, they established the Ukrainian cyber alliance that hacked websites spreading Russian propaganda and even leaked emails linked to Vladislav Surkov, the political advisor of Vladimir Putin, which revealed Russia’s plans to conquer and divide Ukraine.

Now the Ukrainian cyber alliance opposes most of the government’s projects: It constantly criticizes state-funded mobile app Diia and laws that regulate Ukraine’s virtual space.

Grynchak said that he wants to cooperate with the cyber alliance, but so far their relationship is weak. Ukrainian law enforcement also asked for help from “ethical hackers,” tech specialists that hack computers for money to test how well-protected they are.

“But businesses lure these hackers away by offering two to three times the salary,” Grynchak said. To change that, Ukraine has founded a unit of special agents, who receive almost as much money as the head of the cyberpolice, he told the Kyiv Post.

Despite all the efforts, the Ukrainian cybersecurity market is still very small and lacks cooperation with private firms, according to Denis Gursky, a Ukrainian tech expert.

In Ukraine, cybersecurity is controlled by seven government agencies that include cyber police, SBU, the Ministry of Defense and the National Bank. Ukrainian citizens do not trust local cybersecurity companies and work with foreign businesses instead, according to Gursky.
“It is very hard for a private company to enter this market,” he said.

Both private businesses and the cyber police want to change Ukraine’s image as a poorly protected country.

Grynchak said that his department is now doing better than ever: this year cyber police received more money than ever — $1.8 million from the state, while his officers become more skilled by confronting thousands of cyberattacks and working with partners from other countries.

He said that there are still many problems that Ukraine has to resolve to protect itself from hackers, but other countries are in the same boat.

“No state is 100% protected from cyberattacks today,” Grynchak said.