A cyber-attack severely disrupted internet services in Ukraine last week. Hackers used compromised employee credentials to launch the cyber-attack on Ukrtelecom, Ukraine's national telecommunications provider targeted in the attack on March 28.
Kyrylo Honcharuk, CIO of Ukrtelecom, said Russia accessed the account of an employee in a region “recently temporarily” occupied, although the exact location was not disclosed.
When they gained access, the hackers tried to disable Ukrtelecom’s equipment and servers in order to gain control over the network & equipment. There was also an attempt to change the passwords of employees’ accounts and of logins to access equipment and firewalls.
According to Ukraine’s technical security and intelligence service, the attack was detected within 15 minutes, and “Ukrtelecom’s IT specialists immediately took measures to counteract” it. However, due to the incident, significant outages across Ukraine occurred. Network traffic dropped to 13% of pre-war levels at one point. Ukrtelecom restricted coverage to ensure there was no interruption to services for the armed force and critical infrastructure. Within 15 hours, all services were restored.
This situation is just one example of how important employee cyber-education is. Organizations should enforce security awareness training to ensure that their staff is up to date on best practices for password creation and protection. Additionally, two-factor authentication should be implemented when possible to prevent threat actors from compromising user accounts. Learn how ThreatAdvice's Cybersecurity Education can make cybersecurity awareness easy for your organization!
Source:
https://www.infosecurity-magazine.com/news/attack-ukraine-telecoms-employee/