Microsoft’s Defending Ukraine report offers fresh details on digital…

Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. “There is no going back to normal.”

Last week Microsoft published an in-depth examination of the early cyber lessons learned from the war in Ukraine, offering fresh insight into the scope of Russia’s malicious digital activities and new details about the sophisticated and widespread Russian foreign influence operations surrounding the war. Microsoft has been uniquely positioned to observe the digital landscape in Ukraine since Russia invaded on February 24 and even before then.

Company President Brad Smith noted in March that in addition to funding humanitarian technical relief efforts, Microsoft deployed its RiskIQ platform to identify cybersecurity vulnerabilities in the Ukrainian government system. The company “provided a list of exposed and vulnerable systems to the Ukrainian government that had unpatched high-impact common vulnerabilities and exposures (CVEs) that could provide a foothold for attackers.”

Microsoft security specialists were among the first to discover pre-invasion malware attacks in January that took down around 70 Ukrainian government websites. The company also deployed protections for newly discovered and destructive malware into Microsoft 365 Defender Endpoint Detection (EDR) and Anti-virus (AV) protection on-premises and in the cloud.

In his foreword to the new report, Smith discusses the importance of the first shot of any war, drawing parallels between the current conflict in Ukraine and the 1914 assassination of Archduke Franz Ferdinand, which launched World War I. In the present context, Russia’s first shot against Ukraine was a damaging cyber tool deployed against Ukrainian computers called Foxblade as early as February 23, right before the war began.

Smith said that Russia’s invasion strategy in Ukraine includes “three distinct and sometimes coordinated efforts—destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world.”

This article appeared in CSO Online. To read the rest of the article please visit here.


5 years after NotPetya: Lessons learned

NotPetya vastly broadened the scope of damage that malware attacks could do and forced CISOs and security researchers to rethink their approach..

On June 27, 2017, the eve of Ukraine’s Constitution Day holiday, a major global cyberattack was launched, infecting more than 80 companies in that country using a brand-new cyber pathogen that became known as NotPetya. NotPetya didn’t stay within Ukraine’s borders but spilled out to infect and cause havoc for thousands of organizations across Europe and worldwide.

NotPetya was so named because it was similar to but different from Petya, a self-propagating ransomware virus discovered in 2016 that, unlike other nascent forms of ransomware at the time, was incapable of being decrypted. In another departure from the earlier forms of ransomware, Petya also overwrote and encrypted master boot records and was, therefore, considered more a form of wiper malware than bona fide ransomware.

This article appeared in CSO Online. To read the rest of the article please visit here.


U.S. data privacy and security solutions emerging at the…

The American Data Privacy and Protection Act bill faces a tough battle for passage, but the Biden administration is considering actions of its own.

Although a handful of U.S. states have enacted strict privacy laws, the United States still lacks a comprehensive federal privacy statute, a vacuum that has fueled what many observers argue is a culture of “surveillance capitalism.” The lack of a national privacy law looms particularly large now as the Supreme Court seems poised to overturn its landmark abortion decision Roe v. Wade, which is likely to accelerate private data hunting expeditions by prosecutors and law enforcement in nearly 30 U.S. states.

Absent a federal privacy law that would protect the location data of abortion seekers, Senator Elizabeth Warren (D-MA) introduced a bill that would essentially outlaw the sale of location data harvested from smartphones. However, the U.S. Congress and the Biden administration have recently taken surprising steps to tackle the problem of data privacy on a national basis through legislation, policy and regulatory measures that seek to stem the escalation of privacy-invading practices and technologies.

This article appeared in CSO Online. To read the rest of the article please visit here.


Space-based assets aren’t immune to cyberattacks

Russia’s attack on Viasat satellites exposed how vulnerable space-based assets are and the potential for spillover damage.

One of the most significant cybersecurity incidents related to Russia’s war on Ukraine was a “multi-faceted” attack against satellite provider Viasat’s KA-SAT network on February 24, one hour before Russia’s invasion began. The assault, which both Ukraine and Western intelligence authorities attribute to Russia, was intended to degrade the Ukrainian national command and control.

However, the attack, which was localized to a single consumer KA-SAT network operated on Viasat’s behalf by another satellite company, a Eutelsat subsidiary called Skylogic, disrupted broadband service to several thousand Ukrainian customers and tens of thousands of other fixed broadband customers across Europe. It also highlighted how space-based assets, such as satellites are as vulnerable to malicious exploitation as any other piece of critical infrastructure.

Against this backdrop, the timing was perfect for the Space Cybersecurity Symposium III hosted by the U.S. National Institute of Standards and Technology (NIST) last week. “The multi-faceted and deliberate cyberattacks which took place during the invasion highlight the need for the United States Government to work with our international partners as well as the private sector to strengthen cyber resilience of existing and future space systems,” said Richard DalBello, director, U.S. Office of Space Commerce, National Oceanic, and Atmospheric Administration, said in kicking off the summit.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by TheoLeo from Pixabay




Ransomware attacks are increasing with more dangerous hybrids ahead

The re-emergence of REvil and anticipated convergence with business email compromise actors are among reasons why ransomware gangs are still dangerous.

Over the past several years, the emergence of big-ticket, destructive ransomware attacks jolted the U.S. government into action to circumscribe the predominately Russian-based threat actors behind the scourge. At the same time, ransomware has been a critical factor driving the growth in corporate cybersecurity budgets as organizations grapple with the often-crippling threat.

Despite the policy measures and increased private sector funding to slow down the drumbeat of attacks, ransomware threats remained a top topic at this year’s RSA conference. Experts at the event underscored that Russian state-sanctioned criminal actors are not the only ransomware threat actors to fear, nor are ransomware attacks decreasing despite the intensified efforts to nip them in the bud. The same actions taken to quash ransomware activity might end up forging alliances among financially motivated threat actors to create hybrid cyber-attacks that meld social engineering with ransomware.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Pete Linforth from Pixabay



Software supply chain security fixes gain prominence at RSA

Attendees are urged to improve asset management, use SBOMs, and collaborate with government cybersecurity agencies to better ensure software integrity.

Given the significant cybersecurity problems that the SolarWindsLog4j and other software supply chain infections created over the past two years, it’s no surprise that software security emerged as a hot topic at this year’s RSA conference. Ahead of the event, ReversingLabs released a survey it commissioned of over 300 senior software employees on the struggles their firms face in detecting supply chain attacks

Despite the recent spate of high-profile software supply chain security incidents, the ReversingLabs study found that fewer than four in ten companies say they can detect tampering with developed code. In addition, less than 10% of companies are reviewing software at each product lifecycle stage for evidence of tampering or compromises.

SBOM usage is sparse but expected to grow rapidly

When it comes to one crucial emerging tool that can better ensure software security, a software bill of materials (SBOM), ReversingLabs survey found that only 27% of the IT professionals surveyed said their employer generates and reviews SBOMs before releasing software. Of those respondents who do not develop SBOMs, 44% cited a lack of expertise and staffing needed to do so, while 32% cited a lack of budget for implementing SBOM. Only 7% of respondents at companies that don’t produce SBOMs said the reason was that an SBOM wasn’t needed.

The sparse usage of SBOMs is quickly becoming a thing of the past for two primary reasons, Allan Friedman, senior advisor and strategist at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told RSA attendees. First, because of events like SolarWinds, organizations are starting to demand SBOMs for the software they use as a security measure to identify problematic code.

This article appeared in CSO Online. To read the rest of the article please visit here.



U.S. cybersecurity congressional outlook for the rest of 2022

The U.S. federal government has enacted important cybersecurity laws in 2022 and will likely move forward with many of these bills before the year’s end.

As the 117th Congress moves into summer, typically the time for legislative doldrums, it’s helpful to look back at recently enacted cybersecurity-related legislation and peer ahead to see what bills could become law before the end of the year. Since the beginning of the current Congress on January 3, 2021, at least 498 pieces of legislation have been introduced that deal in whole or part with cybersecurity.

Of these, only 13 have passed both chambers, and even fewer, nine so far, have become law with a presidential signature. However, many of the most meaningful cybersecurity government actions since this Congress began have stemmed not from legislation but from executive branch actions, most notably through President Biden’s sprawling cybersecurity executive order signed in May 2021.

This article appeared in CSO Online. To read the rest of the article please visit here.






U.S. government proposals spell out 5G security advancements

A joint proposal from federal cybersecurity and defense agencies defines a process for ensuring the security of 5G networks.

Last week the U.S. federal government introduced a proposed five-step 5G Security Evaluation Process Investigation. “ was developed to address gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies,” Eric Goldstein, executive assistant director for the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said. CISA and its partners from the U.S. Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s (DoD) Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E) developed the evaluation process.

“The intent of this joint security evaluation process is to provide a uniform and flexible approach that federal agencies can use to evaluate, understand, and address security and resilience assessment gaps with their technology assessment standards and policies,” Goldstein said. “As the nation’s cyber defense agency, CISA views a repeatable process agencies can use during the RMF Prepare step as an essential tool for new federal 5G implementations. Such a process will provide assurance that the government enterprise system is protected and cybercriminals cannot gain backdoor entry into agency networks through 5G technology.”

The goal of the evaluation process is to allow the federal government to better understand and prepare for the security and resilience of any 5G network deployment before. Specifically, the agencies seek to get ahead of the curve before any federal office conducts a security assessment to obtain authorization to operate (ATO).

A study group across CISA, the National Institute of Standards and Technology (NIST), and the MITRE Corporation was assembled to “investigate how 5G may introduce unique challenges to the traditional ATO process defined in security assessment processes and frameworks such as Risk Management Framework (RMF).”

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by torstensimon from Pixabay





Remote bricking of Ukrainian tractors raises agriculture security concerns

Modern agriculture depends on internet-connected machinery that is centrally controlled and collects and analyzes massive amounts of data, making it an inviting target for threat actors.

Against the backdrop of horrific reports from Russia’s Ukraine invasion, an encouraging story emerged earlier this month when unidentified Ukrainians remotely disabled tractors worth $5 million that Russian soldiers in the occupied city of Melitopol stole from Agrotek-Invest, an authorized John Deere dealer. The soldiers stole 27 pieces of farm machinery and shipped them primarily to Chechnya, 700 miles away, only to discover they had been rendered inoperable due to a “kill switch.”

The dealership tracked the machinery using the tractors’ embedded GPS technology. Although the equipment was reportedly languishing at a farm near Grozny on May 1, one source said the Russians had found consultants who would try to bypass the digital protection that bricked the machines.

Some observers fear that malicious actors could exploit the same technology Deere and other manufacturers use to update and monitor farm equipment. If successfully accomplished on a large-enough scale, a cyberattack could disrupt significant portions of what has become critical agricultural infrastructure.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Momentmal from Pixabay




Data protection concerns spike as states get ready to…

The use of personal data from brokers, apps, smartphones, and browsers to identify those seeking an abortion raises new data protection and privacy risks.

The U.S. Supreme Court will almost certainly stick to its leaked draft decision to overturn the landmark Roe v. Wade decision that legalized abortion 50 years ago. According to some tallies, abortion may be banned or tightly restricted in as many as 28 states in the weeks after the Court formally hands down its decision next month.

As the American Civil Liberties Union (ACLU) has noted, “The lack of strong digital privacy protections has profound implications in the face of expanded criminalization of reproductive health care.” Enforcement of the law will likely hinge on increased digital surveillance by authorities to more efficiently identify, arrest, and prosecute pregnant people who contemplate or seek abortions. “Expanded criminalization of abortion will become an increasingly attractive target for prosecutors and police,” the ACLU says.

Lawmakers press data brokers and apps for answers
Law enforcement and other state agencies can track suspected abortion seekers using commercial services even without direct surveillance by authorities. Location data firms sell information related to clinics such as Planned Parenthood that provide reproductive health services and can even show where people visiting abortion clinics live.

Data marketplaces sell information on users who have downloaded period-tracking apps. Privacy experts are already warning people not to use period-tracking apps because of the extensive personal data they retain.

Federal lawmakers are taking note. Senate Democrats are already demanding answers from location data firms SafeGraph and to provide information about any collection or sales of cellphone data tied to visits to abortion clinics. “Especially in the wake of the Supreme Court’s leaked draft opinion overturning Roe v. Wade, your company’s sale of such data—to virtually anyone with a credit card—poses serious dangers for all women seeking access to abortion services,” the senators reportedly wrote to SafeGraph, with similar wording in a letter to Placer.

Representative Suzan DelBene (D-WA), who has introduced several pieces of privacy legislation, said, “It’s important that people are aware of the information that’s out there that isn’t protected today, and what the risks are to consumers and, in particular, the huge concerns and risks that would be in place for women if the Supreme Court moves forward and we don’t protect their personal information.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Manny Becerra on Unsplash