The Russian invasion of Ukraine is a battle in both the physical and the digital world. On both sides, information warfare plays a more critical part of the battlefield than any other war in human history, with the biggest attack vector and threat being weak login credentials.
According to a Ukraine cybersecurity executive at a major government-owned energy company, attempted attacks to its infrastructure rose from 21,000 events in all of 2021 to 760,000+ attempts just from February 24, 2022 to March 24, 2022 — an increase of 3519%.
On March 4, Yubico got a request from authentication partner Hideez to help to protect critical infrastructure in Ukraine. When the war started, much of the Hideez team decided to stay in Ukraine to lend their expertise, products and services to the most targeted Ukraine entities and IT systems.
Yubico made the decision to donate 20,000 YubiKeys and lend technical support. In the weeks that followed, these keys have been distributed to a dozen government agencies and companies providing critical infrastructure, including:
- SSSCIP, State Service of Special Communication and Information Protection of Ukraine
- Ministry of Digital Transformation, heading IT modernization and next generation of government e-services
- Government owned energy companies and power plants
- Ukraine’s .UA domain managing organization Hostmaster.UA
I had the honor to connect over a video call with representatives of some of the organizations to learn more about the IT security challenges they are facing, and why it was important for them to make our joint cyber security efforts public. Below is a summary of our conversations.
Please share more about how your company pivoted from being an Ukraine authentication company to providing cybersecurity aid after the Russian invasion.
(Oleg Naumenko, CEO of Hideez) “On February 24, we woke up to the sound of bombs falling from the sky. Suddenly our world had shattered and our family, friends, colleagues, and partners were all trying to figure out what to do next. Most of us spent the next week in the grueling reality of sleeping in a bunker, underground car parks, and metro stations. People were (and still are) sleeping on the cold floor, in freezing temperatures, and with sounds of bombs and bullets. Our beautiful homeland was, and remains, under attack.
Not only have bombs been falling on our cities, Russian hacking groups started unprecedented cyberwarfare against our critical infrastructure, government organizations, and companies, trying to cripple our heat, electricity, water, local councils, military commands, and logistics operators.
We swiftly made the decision to use all of our resources to work with as many government agencies and organizations in Ukraine as possible to help secure them quickly against this rise in attacks.”
What were the biggest cybersecurity threats and challenges?
(Yuriy Ackermann, VP of war efforts for Hideez) “The vast majority of attacks were targeting the individuals and systems that had access to the most accounts for critical infrastructure. Many Ukraine government entities are not using strong multifactor authentication that can defend against advanced Nation attacks.
We had worked with Yubico in the past and Hideez had already integrated support for smart card, FIDO authentication, and YubiKeys in the Hideez authentication server. We decided to reach out to them to ask for help to support this mission. We appreciate the donation of 20,000 devices of the YubiKey 5 series and the technical support they are providing us to help with deployments.
Since receiving the keys, we have distributed them to several government agencies and critical infrastructure organizations, including government owned energy companies. Additionally, in order for YubiKeys to be used for the broader range of high security and military applications, we worked with the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) for its certification of the YubiKey 5 Series.”
Why did you decide to implement new cybersecurity tools?
(Oleksandr Potii, Deputy Chief of SSSCIP) “We are seeing an unprecedented level of attacks on our government, and critical infrastructure providers, and working 24/7 to defend our country from Russian aggression in cyberspace. In record time, only a matter of weeks, we were able to expedite a normal six-month plus certification process to get the YubiKey 5 Series validated for use across all Ukraine government and military agencies and their employees.
We are also deploying 3,000 Yubikey for SSSCIP staff to use in the electronic document management system. Our partnership with Hideez and Yubico is helping us to push phishing-resistant and passwordless authentication solutions to as many government agencies as we can. This is a tremendous amount of work, and this all would be possible with support from the Yubico and Hideez teams.”
Now that you have started implementing and deploying YubiKeys in your organization, what results have you seen?
(Anonymous cyber security executive for Ukraine energy plant) “Since the war began, we have experienced a massive increase in phishing attacks. To mitigate this risk, our organization required us to change passwords every day, which did not provide sufficient security and was time consuming as well as an added stress to employees working in a war zone. We needed something that was not only more secure, but that also worked seamlessly across a range of systems and devices. We also needed a tool that worked from locations where internet and cell phone connectivity are not stable. Additionally, because of the advanced types of phishing, and man-in-the-middle attacks, we simply could not rely on legacy or mobile-based authentication.
An important aspect of the YubiKey is that it is built as a multi-purpose and multi-protocol device, which allows us to use the same authenticator for PC login, VPN access, cloud-based productivity, email systems, ERP system and mobile applications. We also expect these use cases to grow as we expand our deployment.
The YubiKeys significantly increased the security and also made access across many IT systems faster and easier, which has been a tremendous relief to our employees. We believe YubiKeys are as important for our cyber defense as the bullet proof vests that are protecting the soldiers and others that are on the front lines of the ground war.”
(Oleg Levchenko, CEO of Hostmaster) “We at Hostmaster.UA are really thankful for the support we received from Hideez and Yubico. We have already distributed YubiKeys to (most) of our employees, and are working to secure all of our existing infrastructures with the Hideez server and YubiKeys. Work is in progress to integrate Yubico HSM to protect our DNSSEC records. This is an exciting partnership, and we are looking forward to sharing more technical details in the coming weeks.”
What other initiatives are underway in Ukraine’s government to modernize IT infrastructure and improve cyber security?
(Julia Troyan, project manager of the technical task group for Ukraine Project at the Ministry of Digital Transformation) “On February 23, 2022, one day before the official assault, malware known as HermeticWiper was used against organizations in Ukraine, targeting Windows devices, and manipulating the master boot record, which results in subsequent boot failure. Russian state-sponsored APT actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware. In view of the recent developments and military invasion, a group of legacy experts of the EU technical assistance project decided to consolidate an international cyber resilience expert team to support Ukrainian critical infrastructure, telecommunications, and governmental systems. We have brought together experienced cybersecurity teams, IT experts, as well as computation powers, and data analysis.
The Ministry of Digital Transformation, our project Beneficiary, was established in August 2019 with the goal to transfer 100% of all public services for citizens and businesses online, provide 95% of transport infrastructure, settlements and their social facilities with access to high-speed Internet, to teach 6 million Ukrainians digital skills, and increase the share of IT in the country’s GDP to 10% – all by 2024, thus making public services highly automated and easy to use for our citizens. Moving sensitive data to the internet comes with great advantages, but also security challenges.
As part of Component 1 of our project, we are working on mitigating the risks and implementing a range of security tools for data protection, and the use of strong multi-factor authentication will be a critical component. The digital ecosystem and the project stakeholders are currently more and more operating on leading cloud-based services that natively support YubiKey and Hideez, and we are in the process of deploying the keys to protect our own teams from phishing attacks.
The purpose of implementing these recommended solutions is to reduce the time from detection of threats to mitigation response, increase capacity for handling threats and thus increase the resilience of our public infrastructure and critical infrastructure.”
More on Yubico’s mission to making the internet safer for everyone
In addition to the work we’re doing with Hideez, Yubico has given devices to ePrinus, a partner headquartered in Poland who is helping to distribute keys for military tactics to support Ukraine. We have also donated YubiKeys through our Secure it Forward program to support hundreds of local journalists and other humanitarian organizations that have been working tirelessly to share critical information to keep their communities safe.
Yubico has employees located all over the world, and our thoughts go out to everyone that has been impacted by this war. We continue to remain steadfast in our mission to ensure our employees, customers, partners, journalists, humanitarian organizations, and more have the protection they need for their digital safety. When we hear things like the story we just shared from our partners, we know that our efforts are making a difference.