Telecoms outage hits Ukraine

In a Tweet published just after 18:20 GMT on Thursday 3rd March, the company said that blackout was recorded in the region of Sumy Oblast in Ukraine, following reports of " massive blasts at the thermal power plant and electrical substation that turned the sky 'yellow and red' for miles".

Speaking to VentureBeat, Alp Toker, founder and director of NetBlocks, said that it is "the largest regional telecoms black out that we’ve tracked since the beginning of the conflict” but that the occurrence though "serious" was a "single discrete event".

The news follows a series of recorded disruptions from NetBlocks in Ukraine, throughout the last two week. As of Thursday 24th February, the company registered internet disruption in the city of Kharkiv with users noting loss of fixed-line service on provider Triolan, with mobile connectivity remaining operational.

That same day, NetBlocks also recorded significant internet disruption in the port city of Mariupol, Donetsk, along with reports of " the loss of telecoms services for many".

The next day Kyiv was affected by "a significant decline in internet connectivity". Interestingly this was credited to the movement of people and the closing of businesses and homes.

This decline continued into Saturday 26th February, with NetBlock's reporting "a major disruption to Ukraine's internet backbone provider GigaTrans" following increased fighting in the cities of Vasylkiv and Kyiv. As the day continued, some connectivity returned GigaTrans but the service was "intermittent".

By Tuesday morning, Internet connectivity was broken in the city of Sievierodonetsk and Wednesday 2nd March Veon-owned Kyivstar reported '500 base stations disabled due to power and infrastructure damage' likely to be limited to the Melitopol area.

Capacity spoke to Julia O’Toole, founder and CEO of London-based MyCena Security Solutions, on the implications of the blackout and what it could mean for security.

According to O'Toole, while there have been no reported cyberattack on the communications infrastructure in Ukraine, "this can quickly change as Russia has demonstrated the ability to take down Ukraine's critical infrastructure, as they did in 2015 when they attacked the power grid and provoked a blackout" also the lack of connectivity will also mean that they won't be able to "organise their own defence with other groups".

Effective ways to combat any future cyberattacks, O'Toole says "is to apply physical access security rules to digital access".

"If Russia decides to launch cyberattacks on telecom infrastructure, the easiest path for them would be to steal legitimate access passwords or keys," she explains.

This includes preventing employees from making their own passwords to access files and systems, and instead distribute passwords that stay encrypted from creation, distribution, use, to expiry. In addition, don’t use an admin privilege account or identity as "they are single points of failure", instead revert to one door, one key

"Nine times out of ten, pirates don’t hack in, they log in. Once inside a network, they can escalate privilege to find the Local or Domain admin account to control the network. From there, they can start toz install data wipers, lock files, and halt operations."

Capacity contacted NetBlocks for comment.