Ukrainian Software Firms Servers Seized After Cyber Attack

Last Updated : August 18 2017

Ukrainian Software Firms Servers Seized After Cyber Attack

by Mike Whitaker 2017 July 06

Ukrainian software firm's servers seized after cyber attack

Spread of malware virus online can cause serious damage and cripple the operation of company servers, no matter the level of security in place. Last week, such a virus halted computer systems at various multinationals, causing great inconvenience and loss of time and valuable resources. On Tuesday, the offices of Ukrainian accounting software giant M.E Doc were visited by the police, resulting in the seizure of their servers.

Serhiy Demedyuk, the head of Ukraine's Cyber Police confirmed that M.E Doc's servers were taken into police custody in what appears to have been a decisive move by the law enforcers.

M.E Doc are accused of releasing a malicious update which caused the initial infection. The firm is believed to have been preparing to release another update and as a pre-emptive move, according to Ukrainian Intelligence and security firms. The company owners deny these allegations but were however not reachable to comment on the issue.

Premium Service, who deal in M.E Doc's accounting software, posted on M.E Doc's Facebook page that the software supplier's offices had been raided by masked men, with the software services and servers non-operational. Premium Service did not provide further details on the reported incident. It was expected that more light would be shed on the issue on Wednesday, according to Yulia Kvitko, the Cyber Police Spokeswoman

The police acted decisively after it was revealed by cyber security investigators revealed that the attack had clearly been properly planned beforehand by hackers who then proceeded to take advantage of a weakness in M.E Doc's software.

ESET researchers said that the hackers had found a vulnerability in M.E Doc's software updates, likely to access to the company's source code, and this provided an avenue for the hackers to enter the company's system undetected.

In a technical note, Anton Cherepanov who is a leading professional in the field confirmed that an illegal access avenue had been introduced into one of M.E Doc's modules, meaning that it would not be sufficiently secure as expected

The board chairman at ISSP Oleg Derevianko gave details on how a prior update back in April introduced another virus to the company's clients, inducing them to download a sizeable amount of data from an anonymous location online.

The virus then subsequently uploaded data from the company system to the suspected hackers. He explained further that such a breach could lead to leaks of private and really sensitive client and company information including details such as bank transactions.

In Ukraine, M.E Doc manages company operation tasks and transactions for the majority of firms. It is also a link between the firms and the country's tax system making it a vital cog in the financial environment in Ukraine, with 80% of the nation's companies using its software.

Due to the attack. Many transactions were impaired both at a business level and in relations to the filing of taxes with the Ukrainian government. With that occurring, many companies were facing fines and penalties after they missed the July 13th deadline. It prompted the idea of introduction of a bill in parliament to both extend the deadline to July 15th and waive the looming fines and penalties. This goes to show how vital the embattled software company is to the tax service process. 

A single attack on an accounting software provider M.E Doc has had adverse effects on firms within Ukraine, on the nation's tax system and has also affected multinationals. The importance of data security cannot be over-emphasized.

Mike Whitaker
#1 Mike WhitakerAuthor 18 March, 2014, 12:37 Mike is a father of four young boys and is happily married to his wife of 16 yrs. They live in Carlsbad, CA and loves to play golf with his sons.