How security vendors are aiding Ukraine

Since Russia launched a full-scale military invasion into Ukraine on February 23, a series of cyberattacks have been detected targeting Ukrainian businesses, websites and government agencies amid the ongoing conflict. Meanwhile, organizations in the cybersecurity sector have begun taking action to provide help and support to those directly and subsequently impacted by cyber incidents relating to the Ukraine-Russia crisis. Here is a list of the cybersecurity vendors currently known to be offering aid.

• Vectra AI: Threat detection and response vendor Vectra AI is offering a slate of free cybersecurity tools and services to organizations who believe they may be targeted by cyberattacks in the Ukraine-Russia conflict. For immediate assistance in the current emergency, Vectra AI is offering several services on a complimentary basis. These include scanning of Microsoft Azure Active Directory (AD), Microsoft 365 and AWS environments for signs of attack, surveillance of network infrastructure both in the cloud and on-premises and supporting the retention of historical metadata to aid incident response investigations based on indicators of compromise for specific attack variants. It is also offering technology from Siriux to immediately discover malicious Microsoft Azure AD activity that could lead to the compromise of Exchange Online mailboxes.
• SentinelOne: SentinelOne is offering its singularity XDR platform free of charge for 90 days to Ukrainian companies as its teams look to provide support for those in need by sharing research, recommendations, indicators, and tools to stay on top of the evolving threat landscape.

• Avast: Cybersecurity software provider Avast has released a decryptor for HermeticRansom, a new ransomware strain accompanying the data wiper HermeticWiper malware circulating in the Ukraine, which was discovered by ESET on February 23. The tool can be used to decrypt devices infected with HermeticRansom and allows users to recover files.

• Bitdefender: Global cybersecurity firm Bitdefender has expanded its collaboration with Romania’s National Cyber Security Directorate (DNSC) to provide technical consulting, threat intelligence and, free of charge, cybersecurity technology to any business, government institution, or private citizen of Ukraine for as long as it is necessary. Additionally, the Directorate, in partnership with Bitdefender, will provide free cybersecurity technologies for one year to any company or public entity from NATO or European Union space who seeks to enhance their cybersecurity posture by replacing cybersecurity solutions which present trust concerns from a technical or geopolitical perspective.

• CrowdStrike: Endpoint protection, threat intelligence, and response company CrowdStrike has released a new tool to decrypt “PartyTicket” ransomware targeting Ukrainian entities since February 23. The firm stated that the ransomware contains implementation errors, making its encryption breakable and slow.
• Microsoft: In a blog post on February 28, Microsoft President Brad Smith outlined steps the company has taken to help protect Ukrainian systems. This includes threat detection and remediation, most notably the discovery of a new wiper malware package, and limiting the success of Russian disinformation campaigns.
• Cloudflare: On February 24, Cloudflare announced that it had removed all customer cryptographic data from its servers in Ukraine. The move was intended to protect people and data should those servers fall into Russia’s hands. The company continues to serve traffic via its Keyless SSL service.

• Google: Technology giant Google has expanded its security protections to help safeguard the Ukrainian government, civilians, and websites. Project Shield, which provides free protection against DDoS attacks, is now available for government websites and Google has increased account security protections (including more frequent authentication challenges) for people in the region. Its Advanced Protection Program, which delivers Google’s highest level of security, is currently protecting the accounts of hundreds of high-risk users in Ukraine, Google said.

• Lookout: Integrated endpoint-to-cloud security firm Lookout has upgraded all its users in Ukraine to the Premium Plus version of its application for free. This ensures that Ukrainian users are protected against mobile phishing, device compromise, malicious network connections, and identity theft.

• SafeBreach: Breach and attack simulation platform SafeBreach has prioritized three “Cert Alerts” that use its platform to help customers plan their response to threats related to the situation in Ukraine and the associated cyber fallout. It can be used to test the robustness of systems in the face of threats such as CERT AA22-047A and CERT AA22-057A. A blog post, Resources for Securing Organizational Posture During Geopolitical Uncertainty, describes resources organizations should be aware of when responding to CISA warnings of cyberattacks on the U.S.

• DomainTools: Threat intelligence firm DomainTools has released a free feed of newly observed or registered Ukraine-related domain names to help prevent users falling victim to bad actors that create forgeries of existing charities raising funds for those impacted by the conflict. The feed is updated daily and contains domains observed either through the DomainTools domain name discovery process or Farsight’s passive DNS data feeds.

• DNSFilter: DNS security provider DNSFilter has started a coalition of technology vendors to drive donations to Ukraine. It is also providing its DNS security solution to those in the country that have been impacted by the invasion free of charge.

• Outpost24: Risk management solution provider Outpost24 has become a United Nations Global Compact participant in response to the Russia-Ukraine crisis. It has donated €10,000 to the United Nations refugee agency and provided local goods and volunteering in Barcelona, Copenhagen, London, Sophia Antipolis, Naperville, and Karlskrona. It is also providing remote working opportunities for displaced Ukrainian nationals, offering a free vulnerability scan to government and private organizations at risk of cyberattack, and complimentary access to real-time threat intelligence on Russian APT groups.

• SOC Prime: Threat detection marketplace SOC Prime has urged the security community to sign a petition to help prevent the spreading of misinformation, fake news, lies, and propaganda relating to the Ukraine-Russia conflict. SOC Prime users who support it in its appeal will receive free access to curated detections to combat Russian-backed cyberthreats.

• Hornetsecurity: Security and backup solution provider for Microsoft 365 Hornetsecurity is offering a year of its managed cloud security services for free to Ukrainian businesses. The offer is for all of Hornetsecurity’s services with a focus on its 365 Total Protection Suite. The company asks Ukrainian businesses interested in the offer to contact them by email.

• F-Secure: Global cybersecurity and privacy company F-Secure has made its FREEDOME VPN freely available in all of Ukraine. F-Secure FREEDOME VPN blocks harmful websites and hacking attempts and protects IP addresses and online traffic, allowing users to browse securely and privately.