Cybersecurity@CSAIL Lecture: APT Cyber Attacks in Ukraine

The team of leading cybersecurity experts from Ukraine will discuss the issues related to the series of APT cyber attacks on Ukrainian critical infrastructure, media, financial institutions and government that took place in 2015 and 2016 and resulted in power cuts, blackouts, and other serious consequences.

These attacks have been investigated by ISSP Labs - cyber forensics, threat intelligence and cyber research center of international cybersecurity company Information Systems Security Partners (ISSP Group) with headquarters in Kyiv.

Oleksii Yasynskyi, a principal researcher and Head of ISSP Labs and Oleksii Baranovskyi, researcher at ISSP Labs and Dean of Kyiv Cyber Academy will present key findings from these investigations, show how the attacks were planned and executed, and will discuss why these attacks were not detected by the most modern cybersecurity technologies like malware sandboxes, IPS, AV etc., and what we should do about it in order to enhance our cybersecurity capabilities.

Topics covered include:

1. APT Attacks Common Model (KillChain)
2. Actions on objectives
3. Compromised components investigation
4. Anomaly detection and event correlation
5. Installation and exploitation phase of investigation
6. Evading antiviruses method detection
7. C&C center detection
8. Investigation of delivery stage
9. Weaponization stage analysis
10. Risk of legacy-technologies in infrastructure
11. Reconnaissance stage
12. Attack timeline