A rundown of cyber threats emerging from the Russian invasion of Ukraine.
“In this war, we are seeing cyberattacks from both Russia and Ukraine,” Avast Security Evangelist Luis Corrons recently commented. “And on top of that, a number of cybercriminals are taking advantage of the situation in order to scam good-willed users that want to help the victims of Russia's invasion. As we all know, the internet has no borders, and this is the perfect example of that. It doesn't matter where in the world we are, any of us could become an unintended victim.” These days, wars often have a cyber component, and that is certainly true of this one. This week, the Avast Security News Team rounded up all the cyber threats, scams, and trends that have emerged out of the Ukraine conflict, so you can learn about them all in one place. Avast has tracked a number of scammers who are tricking people out of money by pretending they are Ukrainians in desperate need of financial help. This scam and others like it have been spreading on TikTok and other social media sites. Just like the typical commonplace scams where bad actors pretend to be lonely hearts or travelers in a bad situation, these malicious tricks play on users’ kindness. While some Ukrainians may be truly asking for help this way, it’s virtually impossible to deduce if a person is a scammer or not. We recommend people only donate through official, trusted organizations directly on their websites, as opposed to links shared on social media. For more on this story, see Ukraine-themed crypto scams. We have also identified initiatives being shared through social media that encourage everyday users to become hackers by downloading “simple tools” that allow them to support DDoS attacks on Russian targets. Initially, this kind of “hacktivism” might seem like the right thing to do, but we must discourage everyone from engaging with these initiatives. There are several reasons why this is a highly risky exercise. First of all, DDoS attacks are illegal, but moreover, ensuring your security while using such tools is difficult to achieve. When you implement these “simple tools,” you risk your privacy. Plus, there is no guarantee that your effort will go towards helping Ukraine. For more, read the dangerous discoveries Avast Threat Labs found when it took a closer look at those “simple tools.” One cyberattack being used against the people of Ukraine is a data destroyer called HermeticWiper, and it’s been accompanied by a ransomware we have dubbed HermeticRansom. Avast Threat Labs were the first to discover the ransomware piggybacking on the data wiper. Crowdstrike’s Intelligence Team analyzed HermeticRansom and found a weakness in the crypto schema. Avast then developed a decryptor for HermeticRansom, which we are giving out for free. If your device has been infected and you need to decrypt your files, simply use the Avast decryptor tool. In the several weeks leading up to Russia’s invasion of Ukraine on February 24, Avast observed an increased number of phishing attacks in the Ukrainian cyberspace. The attacks targeted communication infrastructures, network providers, and other services such as domain administrators. We believe these attacks might have been collectively designed to attack the country’s internet infrastructure. We advise users to stay protected by not opening nor enabling contents from unknown or suspicious attachments. Recent telemetry suggests phishing attacks against Ukrainians have slowed down during the ongoing fighting, but we will continue to monitor the region’s cyberspace. For more, see our article on phishing attacks in Ukraine. Beware of Ukraine-themed crypto scams
Avoid joining DDoS attacks in aid of Ukraine
HermeticRansom, discovered by Avast, disarmed with a free decryptor tool
Pre-war phishing attacks target Ukraine infrastructure