Ukraine’s Response to Cyber Threats a Model in DDoS Prevention

With the disruption, loss of life and heartbreaking images that the Russia-Ukraine conflict has produced, it is easy to overlook what it has meant to the cyber threat landscape. Even threat actors have taken sides. While it’s easy to imagine hackers working alone in a dark room from a remote location, that imagery now needs to include some indication that it’s taking place in a government office. That’s because much of the cybercrime committed — at least related to the Russia-Ukraine conflict — has been state-sponsored.

Killnet — From Business To State-Sponsored Threat Actor

In March 2022, pro-Kremlin hacktivist Killnet released a video pledging their support of Russia. Soon after — as in a couple minutes — it launched dozens of DDoS (distributed denial of service) and DoS (denial of service) attacks against governments and private organizations that supported Ukraine. After the attack, Killnet would hop on victims’ websites and publish pro-Russia messaging. Their mission statement changed radically in only two months (Killnet first emerged in January 2022 as a hack-for-hire vendor selling DDoS tools). Now they launch the attacks using their own resources.

Ukraine’s Efforts Serve As A Great DDoS Mitigation Model

While each of the western countries attacked quickly deployed DDoS prevention solutions, Ukraine’s response provides a great example of quick, responsive threat mitigation.

Responsible for protecting state information resources, Ukraine’s SSCIP (State Service of Special Communications and Information Protection) promptly implemented measures to protect, among other things, its web applications and communications systems. They decided on an industry leading cloud DDoS protection and web application firewall solution (WAF) to enhance its defenses against ongoing, volumetric attacks.

Cloud DDoS Protection

Ukraine selected a cloud DDoS protection solution that provides behavioral-based detection for application- (L7) and network-layer (L3/4) attacks. To protect against zero-day attacks, the solution provides automatic, real-time signatures that protect against zero-day attacks. In addition, Ukraine’s solution provides unique SSL/TLS DDoS protection and flexible deployment options for both cloud-based and hybrid cloud environments.

Ukraine’s solution also gives them the ability to drill down into each asset and quickly view all historical and current information. They can perform a quick, deep and thorough analysis of their network.

Scrubbing centers located throughout the world support the solution. They are fully meshed and have at least 10Tbps of mitigation capacity. Their widespread locations means mitigation takes place as close to the attack’s origin as possible, so traffic does not impact Ukraine’s infrastructure.

Web Application Firewall (WAF) Solution

With the increased availability of web applications and ever-expanding DevOps CI/CD pipelines — and attack vectors that are growing as a result — Ukraine understood the importance of selecting a WAF solution that provides comprehensive protection and guards against data breaches. Their solution is adaptive and detects and protects applications through automatic policy generation as each application is added to Ukraine’s network.

In addition to DDoS protection and a WAF solution, Ukraine’s SSCIP made sure its selected vendor provides a 24×7 real-time emergency response team and round-the-clock risk mitigation. In short, Ukraine’s cyber defenses represent what is needed to combat threat actors like Killnet.

Digital Combat Needs a Different Kind of Warrior        

Like the first two industrial revolutions (mass production and the steam engine), the third, the digital revolution, has provided countless benefits that help people stay more connected, informed, safe and healthy. But as fast as benefits have been ushered in, people and organizations with destructive goals have slipped through the door. That’s why it’s so important to get the best solution(s) available to keep your organization safe, whether a government agency, business, healthcare facility, or countless others. Turning to security experts like the tenured, talented professionals at Radware is a perfect first step to help ensure your organization is protected against the digital threats of the day. You can reach them HERE. They’d love to hear from you.

Watch Victor Zhora, Chief Digital Transformation Officer, State Service of Ukraine, in this important, fascinating webcast entitled Cyber Warfare – A Ukrainian Perspective. In it, Zhora talks about attack types and techniques the Ukraine government faces during the Russian-Ukraine conflict, countermeasures they employ, and what “a day in the office” looks like when engaged in cyber war.