Cyber Attack Trends In The Midst Of Warfare – The numbers behind the first days of the conflict

Check Point Research (CPR) releases data on cyber attacks observed around the current Russia/Ukraine conflict. Cyber attacks on Ukraine’s government and military sector surged by a staggering 196% in the first three days of combat. Cyber attacks on Russian organizations increased by 4%. Phishing emails in the East Slavic languages increased 7-fold, where a third of those malicious phishing emails were directed at Russian recipients sent from Ukrainian emails addresses. CPR also warns of fraudulent emails being sent to dupe people who are seeking to donate to Ukraine from abroad, issues example and four safety tips.

  • CPR graphs data on the change in amount of cyber attacks per organization across Russia and Ukraine, compared to other regions
  • CPR depicts the number of malcious emails being sent in East Slavic languages in the past several weeks
  • CPR shows an example of a malicious email with the title “Let’s Support Ukraine”, seeking to take advantage of people wanting to donate to Ukraine

Check Point Research (CPR) is observing staggering increases in cyber attacks related to the current Russia/Ukraine war.

196% Increase in Cyber Attacks on Ukraine’s Gov/Military Sector

On the Ukrainian government and military sector, CPR documented a 196% increase in cyber attacks in the first three days of combat, compared to the early days of February 2022. The same sector globally and in Russia did not show a similar increase.

4% Increase in Cyber Attacks on Russia

In the past few days, CPR documented a 4% increase in cyber attacks per organization within Russia, compared to the same days in the previous week. On Ukraine, the overall amount of cyber attacks per organization increased by .2%. Other regions across the world experienced a net decrease in cyber attacks per organization, as graphed below:

Phishing Emails in East Slavic Language Increase by 7x

CPR witnessed a significant  7-fold increase in malicious phishing emails in the East Slavic languages (Russia/Ukrainian letters). The chart below depicts the percentage of such emails out of all malicious emails sent per week in the past 5 weeks:

Additionally, a third of such phishing emails directed at Russian recipients were sent from Ukrainian emails addresses, either real or spoofed.

Beware of Donation Fraud to Ukraine

CPR also witnessed fraudulent emails taking advantage of the situation in order to gain financial profit, luring the recipients to donate money to fake Ukrainian support funds. Below is an example:

Safety Tips for People Looking to Donate to Ukraine:

  1. Spot Fake Domains

One of the most common techniques used in phishing emails are lookalike or fake domains. Lookalike domains are designed to appear to be a legitimate or trusted domain to a casual glance.
For example, instead of the email address [email protected], a phishing email may use [email protected] or [email protected]а

Phishers may also use fake but plausible domains in their attacks.

  1. Be wary of Unusual Attachments

 A common goal of phishing emails is to trick the recipient into downloading and running attached malware on their computer. For this to work, the email needs to carry a file that is capable of running executable code. As a result, phishing emails may have unusual or suspicious attachments. For example, a supposed invoice may be a ZIP file or an attached Microsoft Office document may
require macros to be enabled to view content. If this is the case, it is probable that the email and its attachments are malicious.

  1. Look out for Incorrect Grammar or Tone

Often, phishing emails are not written by people fluent in the language. This means that these emails can contain grammatical errors or simply sound wrong.
Real emails from a legitimate organization are unlikely to have these mistakes, so they should be a warning sign of a potential phishing attack.

Phishing emails are designed to convince the recipient to do something that is not in their best interests (giving away sensitive information, installing malware, etc.).
To accomplish this, phishers commonly use psychological tricks in their campaigns, such as:

  • Sense of Urgency: Phishing emails commonly tell their recipients that something needs to be done right away. This is because someone in a hurry is less likely to think about whether the email looks suspicious or is legitimate.
  • Use of Authority: Business email compromise (BEC) scams and other spear-phishing emails commonly pretend to be from the CEO or other high rand authorized personal. These scams take advantage of the fact that the recipient is inclined to follow orders from authorities, whomever they might be.
  1. Beware of Suspicious Requests

 Phishing emails are designed to steal money, credentials, or other sensitive information. If an email makes a request or a demand that seems unusual or suspicious,
then this might be evidence that it is part of a phishing attack.

The statistics and data used in this report present data detected by Check Point’s Threat Prevention technologies, stored and analyzed in ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from the Check Point Research – The intelligence & Research Arm of Check Point.