This article is based on the interview conducted by our partner AIN.UA and covered in the corresponding article.
In this write-up within a series covering SOC Prime’s Business Continuity Plan (BCP), SOC Prime’s Founder, CEO, and Chairman, Andrii Bezverkhyi, shares insights about the company’s contribution to strengthening the collective cyber defensive capabilities againt russia-affiliated cyber attacks. Read on to gain insights into how SOC Prime stands guard on the frontline of the global cyber war helping private and public organizations to proactively defend against cyber attacks of any scale. To explore more about SOC Prime’s business continuity strategy, check out the initial interview with SOC Prime’s CISO of the dedicated article series.
One month before the outbreak of a full-scale war in Ukraine, russian hackers attacked its public infrastructure. Back in January 2022, a massive cyber attack against Ukrainian government assets pushed offline dozens of official websites. It caused damage to tens of government informational resources, the systems of e-justice, and the registry of the Motor (Transport) Insurance Bureau of Ukraine. The Diia portal was also turned off for security reasons.
The cyber attacks have continued since russia’s full-scale invasion of Ukraine. In response to a sweeping set of economic sanctions imposed by Ukrainian allies, the aggressor has attacked Latvia, Germany, and Great Britain and is launching ongoing attacks as a means of cyber warfare on a global scale. Calling such attacks a cyber war doesn’t seem like a metaphor anymore.
Due to the U.S. military doctrine, attacks from the enemy can break out in five possible domains — depending on the location and the method of performing military operations. These domains of warfare embrace land, sea, air, space, and the new one — cyberspace.
Cyber war and cyber attacks can cause real damage. Let’s turn to the notorious incident of 2015 with the use of BlackEnergy malware by russian hackers, which resulted in the first power outage attack in human history. Therefore, the Ukrainian government and private cybersecurity organizations took this domain quite seriously long before the outbreak of the full-scale war.
All that we can see nowadays on the russian cyber front is the outcome of the 30-year strategy, everything that the enemy has been accumulating and preparing for the last three decades and has now leveraged in battle.
They have been carefully nurturing the entire generation of people instilling the following mindset into them: don’t pay the West where there are enemies, instead, use free cracks. If the entire world perceives hacking as science and research of the unknown, for russia, it all happens under the aegis of the Federal Security Service. The aggressor hasn’t ceased honing their cyber offensive skills to target cyber attacks against Ukraine since 2014, or even earlier.
Andrii Bezverkhyi, Founder, CEO, and Chairman at SOC Prime
It is only possible using an effective system of collective cyber defense backed by cutting-edge technologies, methodologies, and practices. Speed and precision are critical in cyberspace. The ongoing and effective collaboration between industry-specific government institutions, private businesses, cybersecurity experts, and citizens is a prerequisite for building a reliable cyber defense system. Since Western countries consider Ukraine the fearless defender of democratic values in this war.
To be prepared to respond to disruptive cyber attacks, large and small organizations should follow the world’s best practices. Currently, seasoned security experts build up such recommendations according to the practical cases observed during the war in Ukraine.
One of the examples is the SANS Institute Shields Up: Six Defensive Techniques to Make Your Attackers Cry: Russia and Ukraine Cyber Crisis. These recommendations describe key defensive tactics and techniques relevant to the cyber war and applicable to organizations of all sizes to stop attackers and shape an effective cybersecurity strategy. It’s a clear practical guide for reducing noise and protecting organizational infrastructure. SOC Prime Team has translated the recommendations into Ukrainian, assisting businesses in Ukraine in thwarting the aggressor’s attacks.
At the state level, the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) is a defense and security agency being the principal actor in the national cybersecurity system responsible for cyber defense.
The key functions of SSSCIP include shaping and implementing the government policy in the cyber defense area, ensuring continuous and secure government communication, as well as regulating information security, including technical and cryptographic information protection.
CERT-UA (the Computer Emergency Response Team of Ukraine) is also responsible for assisting in the cyber incident prevention, detection, and remediation related to cybersecurity objects. The team was established as part of the SSSCIP in 2007 and became a certified member of the FIRST (The Forum for Incident Response and Security Teams) in 2009. Since russia’s full-scale invasion of Ukraine in 2014, CERT-UA has come into the spotlight after the Team managed to prevent russian hackers from disrupting the Ukrainian presidential elections. Back then, the russia-backed federal channels broadcasted fake news that Dmytro Yarosh won the election.
Since the beginning of the full-scale invasion of Ukraine, volumes of work for these organizations have increased significantly. Therefore, Ukrainian business provides relevant assistance to cope with the emerging challenges. The Ukrainian IT sector, including the cybersecurity niche, connects the world’s leading professionals who are now leveraging their expertise and skills to combat russian offensive operations in the cyber domain. It is crucial since the world lacks a centralized cyber defense system, according to Andrii Bezverkhyi. We don’t have a “cyber NATO,” although the importance of collective cyber defense is being discussed in the international arena. And the only way to create an effective system of such scale is through a partnership of private and public sectors.
There are such attacks that neither any enterprise in the world nor any government institution can withstand on their own. Still, it is possible through collective cyber defense. Anyone can join the ranks — from private and public organizations to the global community of cybersecurity and IT experts. Our company acts as one of the key drivers fostering this process. We are like the S.H.I.E.L.D Agents — we protect while remaining in the shadows.
SOC Prime has been actively cooperating with the SSSCIP and CERT-UA teams since the outbreak of the full-scale war. The coordinated efforts contribute to multiple joint projects maintained with the SSSCIP and global partners, including Cisco, Microsoft, and the Ukrainian MDR company UnderDefense. In June 2022, SOC Prime gained an insignia of honor from the SSSCIP for its assistance throughout the war.
One more advantage private companies can offer to the state is a wealth of cutting-edge defensive technologies — the ones the S.H.I.E.L.D Agents similarly possess. When it comes to SOC Prime, this toolkit involves the Sigma language in combination with MITRE ATT&CK®. The details of leveraging these technologies to effectively protect organizations and businesses on the cyber frontline will be covered in the next part of this interview.