Oleksandr Turchynov: One of the mechanisms for spreading a dangerous computer virus was a system for updating the accounting software
One of the mechanisms for spreading a dangerous computer virus was a
system for updating the accounting software. This was stated by Secretary
of the NSDC of Ukraine Oleksandr Turchynov during the meeting of the National
Coordination Center for Cybersecurity.
During the meeting, the latest most powerful cyberattack on the
information systems of enterprises and institutions of Ukraine launched on June
27 was analyzed. Separately, the effectiveness of the implementation of quick
response protocol and the interaction between the State Service for Special
Communications and Information Protection of Ukraine, the Security Service of
Ukraine and the Cyber Police during the counteraction to cyberattacks was
"The spread of this computer virus and analysis of the breakdown of
information systems allow us to say that this is an element of the hybrid war
waged by the Russian Federation against us", - the NSDC Secretary noted.
According to Mr. Turchynov, we can already speak about how the
cyberattack was spread: "First of all, this was due to the system of updating
the software for accounting and document circulation. Also, the hosting site of
one of the Internet providers was used to which the SSU had already had some questions regarding cooperation with Russian secret services".
"At the same time, - he added, - the "gray Internet" systems were
actively used, including VPN, TOR, etc., which are actively advertised on
Russian social resources, access to which was prohibited by the NSDC decision".
Oleksandr Turchynov stressed that many state institutions suffered
because of their systematic failure to implement the NSDC decision and follow
the instructions of the National Coordination Center for Cybersecurity. "I want
to emphasize that this is not just a lack of discipline. This inaction is a
crime for which those officials who failed to ensure information security of
their institutions should bear responsibility, including the criminal one", -
At the same time, the NSDC Secretary informed that all information
resources that were connected to the protected circuit, namely to a secure
Internet access node of the State Service for Special Communications and
Information Protection, were not affected by the attack. "First of all, this
refers to powerful state information registries that were securely protected
and cybercriminals were not able to break through this protection", - he said
adding that this is another indication of the necessity of mandatory connection
of all state information systems to the protected security circuit.
"Moreover, it is necessary to resolve the issue of connecting to the
state cyberdefense system of critical infrastructure objects as well,
regardless of their ownership", - Secretary of the NSDC pointed out. "The
objects of critical infrastructure are the security of the state, and all of
them, regardless of their owners, should also work under a single security
protocol", - he said adding that the relevant bill had already been worked out
and would be introduced to the parliament in the nearest time.
Also, according to Mr. Turchynov, one of the problems that lead to
similar consequences of cyberaggression is "the lack of the principles of
cybernetic defense of the country at the legislative level".
"I want to remind that over this year, there were around ten attempts in
the Verkhovna Rada to pass laws on cyberdefense and state information
security. But demagoguery and populism of representatives of various political
forces led to that these decisions have not yet been taken", - the NSDC
Secretary added stressing that today in Ukraine there is no mechanism of
responsibility of participants of the Internet space for passive or active
cooperation with cybercriminals.
"Also, - he said, - it is necessary to increase funding for measures on
cybernetic security and state information protection, as the negative
consequences of cyberattacks considerably exceed the expenditures in these
areas". According to him, the losses borne by the state, the losses borne by
our economy are far more than financial resources "neede to provide basic
Moreover, according to the NSDC Secretary, the latest cyberincident
demonstrated a very low level of cybersecurity professionals working in public
institutions "due to low salaries of civil servants, which does not allow
high-class professionals to be involved in this work". "Therefore, this issue
needs to be resolved immediately", - he added.
Oleksandr Turchynov informed the participants that specific measures worked
out by the National Coordination Center for Cybersecurity "will be the basis of
the NSDC decision to be introduced in the nearest future".