While recently reviewing Verimatrix’s threat intelligence telemetry data, we noticed a 16-fold increase in activity from Russia and a 7-fold increase from Ukraine; both jumps coincided with the start of the invasion/incursion.
Figure 1 – Activity from Russia
Figure 2 – Activity from Ukraine
Drilling into the data, we discovered it was all coming from VPN services that Verimatrix protects. This is a trend that has been observed elsewhere too – with some VPN providers reporting up to 3500% increase usage from Russia over the past month.
Looking at the data from Russia, it is the 4th of March that usage starts to climb – there is a step change. This coincides with the country banning Facebook and Twitter. Soon afterwards, access to other social media and international news outlets was also restricted. It is logical to conclude the VPNs are being used to circumvent the firewalls put in place by government. This provides a backdoor for citizens to access their preferred social networks to do as they wish; with many of them able read a different viewpoints about the conflict than the one presented by government approved news outlets.
The Russian authorities have been cracking down on VPN services in recent years. With this intensifying (coupled with sanctions stopping international payment schemes operating in Russia making it harder for users to pay for these services) it will be interesting to watch the data over the coming months to see what trends develop.
The Ukrainian data shows a different pattern. While the growth starts at the same point – one week after the invasion/incursion began – there was not step changes; instead it was much more gradually before falling back 5 days later, though it does settle at a much higher level than before.
In Ukraine there wasn’t the sudden restriction on services that we saw triggering VPN uptake in Russia – this explains the more gradually growth. Rather, what the data may reflect is the (dis)trust Ukrainians are putting into their domestic telecommunications structure. Russian cyberattacks on the country are well documented; plus parts of the country are failing under foreign control with a fear more will follow. It is safe to assume, the VPN usage is a direct measure of that fear.
Also, it would be interesting to know how much Ukraine’s so called “IT Army” of amateur hackers is behind the increased usage.
Share this article with your community:
Where does Verimatrix’s data come from?
Verimatrix provides a service for protecting mobile apps called Verimatrix App Shield. One component of this service allows our customers to receive threat telemetry from protected apps.
These VPN services use Verimatrix security technology to harden their mobile apps. Their desire is to make sure that their customers get the privacy service they’ve paid for. That means building protection into the apps to:
- Stop attackers “Modding” the app. Sometimes called a repackaging attack, modding involves taking the original app and inserting extra code which performs malicious activity – perhaps adding a wiretap. Users are then phished to download the modded version. A protected app detects these modifications and stops the mod from running.
- Minimise the risk from compromised devices. Once malware has penetrated a device or the operating system sandboxes have been broken down, an app is much more vulnerable to eavesdropping and remote-control attempts. A protected app is aware of its environment and can protect its user from these compromises.
Real-world use cases
As all good engineers are aware, it’s easy to get caught up in tech for tech’s sake. The reality is that technology is at its most exciting when solving real-world problems.
This is doubly true when working in cybersecurity. The challenges we solve are frequently deeply technical, requiring complex engineering solutions, while often seeming theoretical – both to our customers and to ourselves – well until a cyber-attack hits and then things become very real very quickly.
Nothing is more real than the current, horrendous situation in Ukraine. Several of our colleagues have friends and family in the country. The recounts they’ve given make the nightly news stories very poignant and personal, and all the more shocking for it.
It may not be solving the big issues at hand, but by maximizing security for apps that are depended upon by so many, we aim to help play a small part in helping to maintain the free flow of information.
See how we can help protect your business:
- Mobile applications and APIs
- Video content
- Digital payments
