Ukraine’s largest airport, Boryspil, has come under cyber-attack and attributes the violation to Russian attackers. The compromise in the airport’s infrastructure takes form in BlackEnergy, a malware used specifically for its ability to gather information from the sources it infiltrates. It is also known for its capability to move through network files and onto removable storage data, putting the airport at risk of surrendering information such as keystroke logs, audio records and screenshots. According to Ukraine’s Computer Emergency Response Team (CERT-UA), the airport’s integrity could still be at risk and has infected at least three Ukrainian “power firms,” which could in fact indicate the possibility of further attacks. The attack is particularly devastating because the airport is responsible for roughly 65 percent of the country’s air traffic.
Malware experts from Malwarebytes and Tripwire agree that the attack will be exceedingly difficult to pinpoint and could be even more difficult if the attack did in fact come from Russia. They instead suggest to focus on discovering how the attack was executed and the measures that could prevent a future attack of a similar nature. These sort of large-scale political attacks are becoming the norm due to being both relatively cheap and highly effective. Darktrace director of technology Dave Palmer suggests that in regards to these sorts of attacks the approach should be “retrospective, so forward-looking companies are adopting ‘immune systems’ that learn what is normal within the organization and can detect a threat as soon as it starts to emerge, enabling them to respond before an attack becomes a business crisis.”