Skip to content

Cybersecurity Threats from Ukraine & Russia Increasing

Table of Contents

"Top10VPN analyzed malware activity from IP addresses in Ukraine and Russia since February and found the biggest spikes related to malware that helps botnets to spread. Resurgent malware included trojans that previously played a key role in propagating notorious botnets long since dismantled by major international law enforcement operations.

Trojan malware with bigger increases in activity from Ukraine and Russia IP addresses than from the rest of the world since February 2022 included:

  • Citadel Trojan: activity from Ukraine IPs up 3,440% in July, amost double the global trend.
  • CoreBOT Trojan: activity from Ukraine IPs increased 126% in July, a 70% bigger rise than from the rest of the world.
  • Wauchos Trojan: activity from Russian IPs increased 27% in July, at a time when it was decreasing slightly worldwide.
  • Nivdort Trojan: activity from Ukraine IPs jumped 325% in September, almost 10 times the global increase.

Avalanche malware families using Russian and Ukraine IP addresses on the rise despite shutdown of Avalanche crime syndicate, with individual daily surges of as much as 1,500% compared to before February:

  • Avalanche-Matsnu malware downloader: activity from Ukraine IPs was up by 50% or more in April, June and October. Activity from Russian IPs more than doubled in September.
  • Avalance-Ranbyus banking trojan activity from Ukraine IPs doubled in May and rose by 40% from Russian IPs in September.
  • Avalanche-Nymaim malware downloader: activity from Ukraine IPs surged by 82% in April.

Biggest surge in cyber attacks: Distributed-denial-of-service (DDOS) attacks originating from Ukraine increased 363% in March on average compared the average prior to February."

Cybersecurity Threats in Ukraine & Russia
We analyzed malware activity out of Ukraine and Russia since February and found that the biggest spikes related to malware that helped botnets to spread.
Full report

#Analysis #Trend #CyberAttack #Malware #DDoS #RusUkrWar

Latest

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges. It recommended applying the updates and

Members Public