As a modest unassuming tech firm chairman, Oleh Derevianko appears to be the most unlikely of cyber soldiers, but try telling that to the Russian hacking army he and his team have been thwarting since the start of the Ukraine War.
Indeed the former Deputy Education Minister and Chief of Staff has been handing out lessons in how to combat phishing, malware, worm, and virus attacks which the rest of the world has been taking notice of.
That ISSP, the Cyber security company he co-founded, has been doing it from their base in Kiev, while Russian missile and Iranian drones rain down around them is all the more impressive and remarkable.
The serial entrepreneur, 40, was the star attraction at November’s Cybertech NY conference in Manhattan as he told his rapt audience about the challenge of a threefold increase in Russian cyber attacks since the invasion in February.
The PhD-educated Ukrainian cyber hero said he had never expected or planned to work on the front lines of the cyber war, and admitted to being taken aback by the warm reception he received.
“Interestingly, over the last quarter, there was a significant increase in attacks executed directly from Russian IP addresses, whereas before the full-scale invasions, Russians would typically hide themselves behind proxy sources of attacks,” said Oleh, “Attacks that caused disruption and damage were the attacks that were well prepared when adversaries had access to target infrastructure before the invasion.”
Oleh added: “The vast majority of current attacks we are seeing now, are not as sophisticated, and it seems our adversaries are desperate to deliver the results demanded by their command, thus they rush and race and make more mistakes.”
Reflecting on the past few years, Oleh said, “If we look back to 2014, there were a huge wave of cyber-attacks that were waged against Ukraine.
“This all started during the presidential elections of Ukraine after the Revolution of Dignity, and since 2015, we have seen an ever-increasing number and sophistication of cyber-attacks – and also a pattern emerging in those cyber-attacks, that typically the intrusion will begin at the beginning of the year throughout January – March usually in the form of phishing or spear phishing rather than network operations or direct intrusion.”
When talking about the kinds of tactics and techniques deployed, Oleh said for the first time, his company is seeing state actor cyber-attacks that not only use simple techniques like we witnessed in Estonia in 2007 and, in Georgia in 2008; when Russians used DDOS and DNS attack types, but in Ukraine since 2014, Russian hackers have been using all kinds of tools, and more creative means to advance the Kremlin’s war effort and attack Ukrainian assets at scale.
Often these attacks are carried out through phishing, spearphising, malware, worms, and viruses but in tandem with informational and psychological operations, and conventional military operations.
The ISSP Chairman echoed this year’s Microsoft Digital Defence Report urging strong cyber hygiene and calling for companies to adopt the latest detection and response technology to reduce vulnerabilities and recover from attacks.
Talking from an industry perspective, Oleh said: “Most people would be surprised to learn that even now during war times, most attacks are on the financial sector, as opposed to on the media and government sectors, even the defence and security sector is attacked less than banks and financial institutions and of course energy and utilities.”
Oleh posed the question: “What do you do when you are in these circumstances, how do you tackle them?” His answer was simple as he explained that everything starts with how well you know your attack surface area.
“All you need are real time detection tools and incident response plans but if someone were to ask me, what is the single most important element of why Ukraine has prevailed thus far on the military and cyber battlefield, I would say it is how we approach network defence and understanding the infrastructure of our clients before deploying any security solutions, any security tools, or any security services”.
As a final word, Oleh concluded, “If you have all the technologies and tools in place, then your strategic cyber operations, technical operations, and non-technical operations should all be aligned, the key word here being ‘operations’ – cyber security needs to be operationalised at all levels not just at a technical level, but also at a decision-making and c-suite level.”
Before founding ISSP, Oleh worked as a serial business and social entrepreneur, angel investor, CEO and Board Member across a number of Ukrainian and international companies.
After the Ukrainian Revolution of Dignity, in 2015-2016, Oleh Derevianko served as Deputy Minister and Chief of Staff at the Ministry of Education and Science of Ukraine.