0:00:03

Luke Connolly

Welcome to the Cyber Insider, Emsisoft's podcast all about cybersecurity. Your hosts today are Brett Callow, threat analyst here at Emsisoft, and I'm Luke Connolly, partner manager. We're honored today to have Daryna Antoniuk as our guest. Daryna is a reporter with recorded Future news and is based in Ukraine. She writes about attacks and cyber policy in eastern Europe and the state of the cyber war between Ukraine and Russia.

0:00:31

Luke Connolly

She previously worked as a tech reporter for Forbes Ukraine. Her work has also been published in the Kiev Independent, the Kiev Post, and Sifted. Welcome, Daryna, and thanks very much for taking the time to talk to us today.

0:00:45

Daryna Antoniuk

Thanks for having me. Nice to meet you.

0:00:49

Brett Callow

Good morning. In addition to the background that Luke provided, could you provide some extra details as to your background and in particular how you got into reporting and in particular, cybersecurity reporting?

0:01:05

Daryna Antoniuk

Yeah, sure. So I became a journalist because I was interested in too many things. And journalism was a really good field to combine all of them and not just learn about them, but talk to people who understand them and to actually tell great stories which are engaging and interesting to others. And as a bonus, you can also uncover things which are under the surface and that can actually make an impact.

0:01:33

Daryna Antoniuk

As for, like, my story is probably not what you expect to hear. Before going into cyber, I was covering tech startups, venture investment, it regulation in Ukraine, and I got really bored. So I was looking into something else, and someone recommended me to listen to the podcast called Darknet diaries, and I became obsessed. I listened to every single episode they had. And I became so interested in cyber that I started reading books. I learned a little bit of theory.

0:02:06

Daryna Antoniuk

I also signed up to several online courses and tried to pitch as many cyber related stories to my former editor at Forbes as possible. And somehow it worked out. And I was really lucky because there are so many things happening in ukrainian cyber, and we have so few people who can cover this topic in depth that I saw an opportunity, and here I am.

0:02:32

Luke Connolly

There must be some really unique challenges reporting from a country at war. So what I'd like to ask is, what obstacles do you find yourself facing and how do you deal with them?

0:02:43

Daryna Antoniuk

So the greatest challenge that I think not many foreigners understand is the mental toll it can have on you, especially this prolonged war. It's as awful as described in all of the books about PTSD. First year of war, it was actually easier for me because I was full of energy, adrenaline. My stress response told me to fight in a way that I can. And it was by writing by telling stories. And I worked as hard as I can because I thought that it could help me to bring peace and to help Ukraine win the war faster.

0:03:22

Daryna Antoniuk

But then on the second year of war, we had blackouts and it was the worst because just imagine you wake up in the middle of the night because your house is shaking from explosions and there is no electricity. You go to the bomb shelter, which is dark and cold. You sit there for like hours. Then you return home and you cannot even take a shower because we didn't have water. Sometimes after big missile strikes on critical infrastructure facilities.

0:03:50

Daryna Antoniuk

And you experience all of that before your working day actually starts. And you start the working day feeling exhausted and miserable. But even on the second year of war, you felt like, we can win soon, it can be over soon. This year is very different because everyone is tired. Like, we see the support to Ukraine decreasing. Everyone in Ukraine do not expect that the war will end soon and you have less motivation, less energy.

0:04:25

Daryna Antoniuk

But you think about all the people on the front lines and they cannot take a day off and they cannot complain. So sometimes you just go through the day thinking about them and what you're working do to help them.

0:04:42

Brett Callow

What's the most significant story you've covered so far or the most important to you?

0:04:49

Daryna Antoniuk

I think it's also not the obvious answer, I guess the one about the corruption scandal in Ukraine's one of the major ukrainian cyber agency called ukrainian special service for state communication and information protection. For those who do not know the story, two ukrainian top cybersecurity officials were fired because they were suspected of embezzling $1.7 million by faking the procurement schemes to the software.

0:05:24

Daryna Antoniuk

And why it was the most challenging because I knew that I was probably one of the few people inside Ukraine who could tell this story to the american and european audience. And I monitored it closely and I wrote like five stories linked to this case. And also because writing about corruption in Ukraine during the war is challenging since we rely so much on foreign aid and corruption means that the fraction of this aid was abused, misused by some of the people in a way which do not contribute to the war efforts.

0:06:02

Daryna Antoniuk

So it means that the help, the assistance we receive could decrease. But that is also why it's so important to write stories like this. And my colleagues, other journalists in Ukraine and abroad are doing pretty good job trying to uncover such cases and going back to this corruption case in Ukraine's cyber agency. It's still under investigation, so more details are to come. And probably I'll continue writing about it.

0:06:36

Brett Callow

Just as a follow up to that, do you know what the impact was of that corruption case? Did the money not reaching its intended source cause problems?

0:06:50

Daryna Antoniuk

Again, we are not sure. No one want to talk about it. Even the new head of the agency, he didn't have any interviews with other media. I'm trying to reach him and hopefully we'll have an interview soon. From what we know is the former cyber chief was released from detention on bail and the bail was huge, like $70,000. But the investigation into the case is still ongoing. I talked to US Cyber Ambassador Nathaniel Fick and to many companies who provide cyber aid to Ukraine, and it doesn't look like they are reluctant to provide their aid further because they understand the needs and they're glad that cases like these are exposed and people who are allegedly responsible for them are fired.

0:07:55

Daryna Antoniuk

So hopefully we will not have cases like this in the future, but we don't see the huge impact right now, at least from what we know publicly.

0:08:07

Luke Connolly

I think during the lead up to the start of the war and in the initial phases of the war, there was a lot of anticipation about what significance the cyber warfare potential would have on the greater war as it unfolded. So how do you see the tech sector in Ukraine, including the cybersecurity sector, holding up? How have they been holding up during the war?

0:08:36

Daryna Antoniuk

I think they've been holding up pretty great. I mean, in terms of business, the exports, the profits have decreased. But I talked to a lot of tech businesses and some of the cyber businesses, and I think their response to the war was really admirable because a lot of them relocated their people and businesses to western Ukraine, which is safer. In the first weeks of the war, some of them opened offices in Poland or other parts of western Europe because ukrainian tech relies on outsourcing. So they had to provide services to their foreigner clients. And sometimes it was hard in Ukraine, so they had, like, backup option in Poland or in other countries.

0:09:24

Daryna Antoniuk

Also, like many of tech companies and cyber companies, they devoted part of their efforts to help Ukraine win the war. Like, they provide their expertise, their services, their hardware. And the thing that helped us to prepare for the war, I think it was Covid because all the digital infrastructure was in place to move businesses, universities, schools, government services online. And it helped us to react very quickly.

0:09:55

Daryna Antoniuk

When the war started and everything went, of course there were delays because everyone was anxious, everyone was trying to move to safer place, but businesses started to resume their activity pretty quickly. As for cybersecurity sector, it is also very involved in the war effort. I talked to many cyber specialists who, when the war started, they realized that their laptop can be a powerful weapon against Russia.

0:10:23

Daryna Antoniuk

And they started to hack either as part of the group or alone. And I know that there are many discussions globally about what this activity means in terms of humanitarian law, international humanitarian law. But when the murderer knocks on your door trying to kill you and your family, you don't really think what is the most ethical and legal way to protect yourself.

0:10:53

Brett Callow

What sort of attacks have been launched against Ukraine? How frequent have they been and what impacts have they had?

0:11:02

Daryna Antoniuk

So ukrainian systems are attacked every day with varying intensity and complexity. I think the most common and the least impactful are DDoS attacks. We have fewer defacement attacks compared to the beginning of the war. And I don't really see many reports of ransomware being used against ukrainian businesses or state agencies. But we have a lot of destructive attacks and espionage campaigns with the use of Piper malware and infosiling malware.

0:11:40

Daryna Antoniuk

Ukraine's emergency response team published a report recently which says that only in 2023 they reported like 2,500 cyber incidents, which is more than the previous year. And of course, we have disinformation campaigns. And what's interesting, there are many cases when Russia combined its information campaigns and cyber campaigns, like when they hacked into several ukrainian media outlets back in January or February and they published fake news articles on their websites.

0:12:18

Daryna Antoniuk

So I went to the Munich security conference back in February, and I remember several experts saying that Russia sees its cyber and information domain as the one whole thing and it's trying to use it against its like, without separating it. So we see more and more cases of it here in Ukraine.

0:12:42

Luke Connolly

As I mentioned earlier, following the russian invasion over two years ago, there was a lot of talk about cyber war. Do you think that the cyber events that have been happening since then constitute a cyber war? What is a cyber war in your mind?

0:12:58

Daryna Antoniuk

Ukrainian state officials love to talk about that. We had a big cyber conference back in, big cyber conference in Kiev a month ago, and the whole panel was devoted to the definition of cyber war. And by naming matters. So what Russia is doing in Ukraine, it's not a conflict or crisis. It's a war. And what Russia is doing in cyberspace, it's also a war. Because what is cyber war by definition? It's when you use cyber tools against your enemy in a way that can disrupt the actual warfare or can disrupt communication.

0:13:35

Daryna Antoniuk

And it also involves propaganda, espionage, sabotage. And we have all these components in place allowing us to refer to what is happening here as a cyber war. And again, crisis is when the interests of two sides flash, and war is the aggression is the attempt to conquer your enemy by any means possible. And for Russia, cyber is just one of those means that can help to launch attack, to attack Ukraine.

0:14:10

Daryna Antoniuk

Also, as you remember, as you probably remember, Russia didn't start the war in Ukraine in 2022 by invading the country. Its first move was launching cyberattack first two weeks before the war, then one week, then almost day or two before the actual invasion happened. So it penetrated our borders with cyber means even before its troops went to Ukraine. So, yeah, it's cyber war.

0:14:41

Brett Callow

Do you think the government anticipated the extent of the attacks it would attacks and was prepared for them?

0:14:50

Daryna Antoniuk

I think, yes. Both Ukraine and its allies expected this big russian cyber attack that will disrupt communication or turn off electricity. This attack didn't happen. We still don't know why, either because Russia didn't have enough cyber capabilities, or maybe it decided that launching these smaller attacks is more efficient way like. We know historically that Vladimir Putin loves long, prolonged wars which exhaust the enemy and its allies. And probably he has the same approach to cyber warfare, just trying to exhaust the enemy to make it as long as possible.

0:15:38

Daryna Antoniuk

Also, the war in Ukraine didn't start in 2022. We had the first invasion in 2014. So it's been like ten years battling Russia, both in cyberspace and on the ground. And since around 2014, Ukraine started to fortify its networks, and it worked very closely with the US. A few months ago, we interviewed the chief of Ukraine's cyber security service, SBU, and he said that starting in 2021, US cyber Commons sent its threat hunting teams to Ukraine, and they were inspecting our logistics, military power grid networks, trying to find malware planted inside it, because russian threat actors, they understand ukrainian networks pretty well, since they were constructed in the similar way to Russian. And sometimes they used even the systems which were produced back in Soviet Union, especially when it comes to state services.

0:16:46

Daryna Antoniuk

So it could be that russian threat actors were inside our networks for decades. And this threat hunting mission which the US sent to Ukraine, it actually was really helpful, and it helped to discover many malware samples hidden inside our networks. And I think as Ukraine is working with the US so closely, it started to adapt some of its approaches to cyber, and it also helps to respond to cyber attacks.

0:17:19

Luke Connolly

I assume as well that Ukraine is fighting back in cyberspace. Do you know what actions it's been taken and how effective they've been? And is it even possible to know what's happening?

0:17:31

Daryna Antoniuk

No one wants to talk about cyber offense because it's so sensitive. But we had these extraordinary cases when ukrainian military intelligence claimed responsibilities for several cyberattacks on russian systems. And to my knowledge, it's unprecedented case when state agencies claim responsibility for the attack. We don't have much information about those attacks. We know that they claimed the attack on tech service, aviation industry, defense ministry research institute.

0:18:08

Daryna Antoniuk

And according to them, these attacks were really destructive and they led to information leaks. But since we only have the information from one side, because Russia either denies these attacks or just doesn't mention them at all, it's really hard to assess what's the real impact. Also, the head of cyber at the SBU, Ukraine security service, said that Ukraine is moving towards defense forward approach, the one that the US uses in its cyber strategy when we are trying to detect the threat at its source and to be proactive rather than just wait before the enemy hack our networks. Because you cannot win the war just by defending yourself. You have to conduct offensive operation. You have to fight with your enemy.

0:19:00

Daryna Antoniuk

And despite our limited knowledge of what Ukraine is doing in this field, I'm sure there are many operations ongoing in this domain.

0:19:12

Brett Callow

There's a huge amount of misinformation and disinformation in relation to cyber events in Ukraine and in Russia too. How do you deal with that in your reporting? How do you ensure that you're getting the facts as accurate as they can be?

0:19:33

Daryna Antoniuk

It's challenging. Over the years, I developed a rule. If the only confirmation of the hack you have is a telegram post by hacker, you do not report on this. Because usually it's so easy to get other site to talk. Like just check the website if it's down or not, or just reach out to the attacked company or state agency, or check if there are any other official public reports about the attack. Also reading media of russian media or media of the country which were attacked, also very helpful because you can get more information from there than by just reading telegram posts from hackers.

0:20:21

Daryna Antoniuk

But it's been challenging, and we know from the case of killnet in Russia that russian hackers like publicity, probably ukrainian hackers too. And they like the media, advertise them, promote their campaigns. So we are trying not to do that because propaganda is working both from russian and ukrainian side. And you need to be very clear of what you know and what you don't know. And you have to tell your reader about this.

0:20:51

Daryna Antoniuk

Even when quoting certain state officials, both from Ukraine and especially from Russia, you have to make sure that you can say that you don't have enough evidence to back this claim, or you don't have enough data to confirm that it's true or not. So the nature of cyber warfare is really ambiguous. Like, there are no explosions, no deaths or injuries or debris from weaponry that you can investigate.

0:21:24

Daryna Antoniuk

We only rely on these claims. And sometimes when we have reports from cyber companies, there are also indicators of compromise, which analysts can analyze. But usually we don't have access to this kind of technical data immediately. So we have to be very wary and careful of how we approach cyber. Stories.

0:21:52

Luke Connolly

Beyond the war a lot of your reporting at recorded future news exposes nation's state hacking from Lithuania, warning about China, to russian influence campaigns in the baltic states and North Korea, campaigns against their southern neighbor and others. Are these kind of threats more common in geopolitical hotspots, or are they just more obvious there?

0:22:18

Daryna Antoniuk

I think such campaigns are happening worldwide. Maybe Antarctica is the only continent which is not attacked, although I'm not sure now I want to check if it has ever been attacked. There is an endless amount of vulnerabilities the hackers and the nation state hackers can exploit. And we need to have good deterrence policies in place to ensure that these vulnerabilities are not exploited in a bad. And like, there are some obvious confrontations, like between Ukraine and Russia, or Russia and the US, or the US and China, and some are not that intuitive.

0:23:01

Daryna Antoniuk

Like, I had a report recently from lithuanian intelligence agency which said that Lithuania is frequently attacked by chinese hackers. And the reason why China got angry on Lithuania, because Lithuania opened the de facto Taiwan's embassy in the country. So basically, countries use this cyber means to keep an eye on their enemies without the need to deploy weapon or to be in an open conflict with them.

0:23:36

Daryna Antoniuk

It's a very convenient way to keep an eye on what other countries are doing. Also talking about geopolitical hotspots, we rarely think about our world as a separate set of countries. We think about blocs, alliances like NATO, European Union, OPEC. And if one NATO member is attacked, other NATO members should also be wary. If one european country is attacked, other countries are also under threat. That is why it's so hard. Like in case of Ukraine, all of the ukrainian allies are under threat because if you are not for Russia, you're against Russia, which makes you a target.

0:24:24

Brett Callow

Until the start of the war, russian and ukrainian cybercriminals would often work collaboratively. They would cooperate. Does that still happen? Or have those ties been mostly severed now? Do you know?

0:24:40

Daryna Antoniuk

Well, we don't have many public reports about this. Honestly, I know that from personal conversations that there are several criminals who turn to hacktivism when the war studies and they started hacking Russia instead of doing the campaigns for their financial gain. But of course there are people left who are still collaborating with russian cybercriminals. Like you probably saw my story about beat affiliates father and son being detained in Ukraine.

0:25:15

Daryna Antoniuk

Also there are several cases when ukrainian cybercriminals are working with criminals from Czech Republic or Russia. And ukrainian cyber police, which is this main agency responsible for cybercrime, they're conducting this operation either alone or with their international partners to try to find people responsible for these crimes. And we also have such thing as bot farms or illegal call centers. When ukrainian people inside Ukraine, they collect SIM cards and they publish this information on behalf of Russia and they get payment from Russia, they get tasks from Russia. And ukrainian cyber police is also reporting about such cases.

0:26:06

Daryna Antoniuk

But of like, as I mentioned in the beginning, I do not really see ransomware cases being ransomware being deployed in Ukraine against ukrainian businesses. So it's hard to talk about cybercrime. Same. It's definitely still here, but I think it's mostly happening like this collaboration between ukrainian and russian cybercriminals. It's happening in more nation state level. Like Ukrainian State security services is reporting about the cases when Ukrainians are working for Russians as spies and receive payment for gathering intelligence inside Ukraine. Like they install surveillance cameras or they spy on the ground. They try to monitor the work of our air defense system. They try to see where critical infrastructure sites are located.

0:27:00

Daryna Antoniuk

So again, I'm speculating, but maybe some of the cybercriminals are gone into this more like espionage field. But maybe after the war we'll learn more about the cybercrime scene and how it had transformed.

0:27:22

Luke Connolly

So generally speaking then, do you think the war has made it easier for ukrainian cybercriminals to operate or harder?

0:27:30

Daryna Antoniuk

I think it depends. For scammers and fraudsters, it definitely became easier because there are more topics they can abuse, especially in the beginning of the war, I remember we had a lot of fake phishing websites which were disguised as websites to raise donation to the military or to support refugees from eastern parts of Ukraine. And cyber police also reports on these cases, on these phishing websites or sms spamming campaigns trying to play on Ukrainians'feelings since especially during missile strikes or during big events like when we had some tragedies almost every day, you're really vulnerable to those kind of attacks.

0:28:25

Daryna Antoniuk

Your critical thinking is less sharp. So it definitely makes you a target of cybercriminals.

0:28:34

Brett Callow

Are there any cyber events that haven't received as much attention in the west as they maybe should?

0:28:43

Daryna Antoniuk

I'm not sure about Ukraine because all the eyes are now in Ukraine and have been in the last two years. We have reports coming from Microsoft and ESaT and mendiant and all the discussions during cyber conferences. Ukraine is still a major subject. But what particularly I face in my reporting, and I think what information we are lacking is the information from Russia. Like, we have companies, local companies, Kaspersky Group, IB sanctioned positive technology, or FA CCT, which operate inside the country, and they publish reports which are linked to Russia and its cybercrimes theme.

0:29:29

Daryna Antoniuk

But again, since russian government is so involved in what its businesses are doing, we cannot know for sure if these reports are true, if they were manipulated. And when I tried to talk to experts from western companies to confirm this data or to get more independent views, they cannot comment on this because they say that they don't have enough visibility in the country since many companies left Russia either during the war or because of sanctions.

0:30:02

Daryna Antoniuk

And it's really hard sometimes because the advantage Ukraine has in the war with Russia is that we know our enemies so well. We understand its language, we understand its weaknesses, its culture, its mentality. We've been fighting it for centuries and it's been working both ways. So when we don't have visibility on what is happening inside of the country, inside its cyber, I think it's becoming harder to understand the enemy.

0:30:32

Daryna Antoniuk

It's probably not true for security services, who are probably spying on russian agencies. But of course, this information is not public and journalists usually cannot use it. What I'm trying to do is I read all the local reports from russian cyber companies and I try to read the interviews and the stories they publish on local cyber scene. Of course, I take them with a grain of salt and try to get independent opinions about what's happening on the ground there. But, yeah, visibility there is very low. And sometimes it's hard because we don't know what their next move will be and what to expect from them.

0:31:13

Brett Callow

Finally, there has been lots of discussion lately around the subject of banning ransomware payments. Which side are you on? Are you in favor of a ban or against?

0:31:27

Daryna Antoniuk

It's a hard question. I think I'm for it because maybe we need more checks and balances and regulation in place to make the companies more accountable. And it's like a weird analogy, but with the climate change, who should be responsible, companies or the government? And I think we need to put more pressure on the government to make it easier for companies when it comes to respond to cyber threats and to ransomware.

0:32:03

Daryna Antoniuk

So they have the guides, the guidebook to follow, and they are not afraid to disclose when they are hit with ransomware or other kind of threats.

0:32:17

Luke Connolly

As we wrap up this episode, I'd like to highly recommend Daryna's channel on X or Twitter, where she really captures the frightening reality of the war, such as her post counting the 1000th Air raid alert in Kiev just today. We'll provide a link to that account in the description below. And with that, I'd like to thank you, Daryna, for your ongoing work and for joining us here today.

0:32:47

Luke Connolly

We hope that you and your loved ones remain safe, and as always, we thank our listeners for tuning in to stay up to date on the latest in cybersecurity. Be sure to subscribe to our podcast.

0:32:58

Daryna Antoniuk

Thank you.