“We got some good hits and a lot of websites are down,” says Dmytro Budorin, CEO of Ukrainian cybersecurity startup Hacken. When the war began, Budorin and his colleagues modified one of the firm’s anti-DDoS tools, called disBalancer, so that it could be used to launch DDoS attacks.
While Kaspersky’s analysis says the number of DDoS attacks around the world has returned to normal levels as the war has progressed, attacks have been lasting longer – hours, not minutes. The longest lasted more than 177 hours, more than a week, his researchers found. “Attacks continue regardless of their effectiveness,” said Kaspersky’s analysis. (On March 25, the U.S. government added Kaspersky to its list of national security threats; the company said it was “disappointed” by the decision. Germany’s cybersecurity agency also warned against using Kaspersky’s software on March 15, though it did not happened as far as the ban is concerned, the company said the decision was not made on a technical basis.)
Budorin says DDoS has been useful in helping Ukrainians contribute to the war effort in ways other than fighting, and says both sides have improved their attacks and defenses. However, he admits that DDoS may not have much impact on warfare. “It doesn’t have many effects in terms of the ultimate goal, and the ultimate goal is to stop the war,” Budorin says.
Since Russia began its full-scale invasion, hackers in the country have been caught trying to disrupt energy systems in Ukraine, deploying wiper malware and launching predictable disruption attacks against the Ukrainian government. Now, however, Ukrainian authorities say they have noticed a drop in activity. “The quality has decreased recently because the enemy cannot prepare as much as it was able to prepare,” Yuriy Shchikhol, head of Ukraine’s cybersecurity agency, the State Service for Special Communication and Information Protection, said in an April 20 statement . the enemy now mostly spends time defending themselves because it turns out that their systems are also vulnerable,” Schichol said.
Budorin says that in addition to targeting his company’s technology to help launch DDoS attacks, it also created a bug bounty program for people to find and report security flaws in Russian systems. More than 3,000 reports have been filed, he says. He claims this includes details of leaked databases, login information and more serious cases where code can be executed remotely on Russian systems. The company is validating the vulnerabilities and passing them on to Ukrainian authorities, Budorin says. “You don’t go through the front door,” he says. “You go through the district offices. There are so many mistakes, so many open windows.”