Ukranian central bank warns financial institutions to brace against new cyber attack

Ukraine’s central bank on Friday issued a warning to state-owned and private lenders of the appearance of a new malware as security services said Ukraine faced cyberattacks like those that knocked out over 200,000 entities in 100 countries in June.
Ukraine was hardest hit by the attack, dubbed NotPetya that took place on June 27. It took down many government agencies and businesses through accounting software M.E.Doc, before spreading rapidly through corporate networks of multinationals with operations or suppliers in eastern Europe.
Kiev’s central bank has since been working with the government-backed Computer Emergency Response Team (CERT) and police to boost the defences of the Ukrainian banking sector by quickly sharing information.
The regulator warned that the vulnerabilities exploited by the hackers are the same for companies as they are for individuals. It also advised banking sector to follow protection guidelines recently issued by CERT and emphasized that organisations should not meet any stated demands or pay a ransom.
“Therefore on Aug. 11…, the central bank promptly informed banks about the appearance of new malicious code, its features, compromise indicators and the need to implement precautionary measures to prevent infection,” the central bank told Reuters in emailed comments.
Reuters reported the central bank warned the new malware is spread by opening email attachments containing Word documents.
Based on an analysis of the malware, and the timing of its distribution, the attack is preparation for a mass cyberattack on the corporate networks of Ukrainian businesses.
“The nature of this malicious code, its mass distribution, and the fact that at the time of its distribution it was not detected by any anti-virus software, suggest that this attack is preparation for a mass cyber-attack on the corporate networks of Ukrainian businesses,” the letter said.
The state’s Security and Defence Council has warned Ukraine may be targeted on 24 August with a NotPetya-style attack, aimed at destabilising the country as it celebrates its 1991 independence from the Soviet Union.

Leave a Reply