Articles

Russia-linked cyberattacks on Ukraine: A timeline

Cyber incidents are playing a central role in the Russia-Ukraine conflict. Here’s how events are unfolding along with unanswered questions.

It’s been almost six weeks since Russian troops entered Ukraine and the large-scale “cyberwar” expected to accompany the invasion has not yet materialized. Observers and experts have offered many theories about why Russia hasn’t launched a destructive cyberattack on Ukraine yet despite its full capability to do so.

The reasons range from Russia saving its most dangerous cyberattack until the bitter end to the Kremlin’s fear of a devastating Western response. The most intriguing explanation for why Russia hasn’t seemingly unleashed its cyber arsenal is because we’re already in the middle of what Thomas Rid, professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies, calls a secret cyberwar.

The digital cyberwar is playing out in the shadows, Rid argues, with the more apparent cyberattacks taking place to divert attention from the incidents that we’re not supposed to see. Cyberwar has been playing tricks on us, he argues, emerging in the form of seemingly random attacks and then slipping away into the future.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by opsa from Pixabay

 

 

 

Articles

Cyberwar’s global players—it’s not always Russia or China

Research reveals that countries such as Belarus, India, and Colombia are responsible for significant cyberattacks.

Over the past year, a string of high-profile cyberattacks coming from Russia and China has galvanized the United States and its western allies into taking swift action to counter the escalating incidents. Consequently, the SolarWinds spyware infiltration, the Microsoft Exchange hack, and ransomware attacks launched by criminal gangs harbored by the Kremlin dominate headlines and drive nation-state cybersecurity responses.

However, it’s not always Russia or China who are dangerous adversaries in the digital realm. Smaller threat groups from India, Iran, Belarus, Latin America, and Israel can hold their own when it comes to disruptive hacking or espionage operations. In addition, alleged “hacktivist” groups and threat actors of indeterminate origin engage in malign activities for often mysterious purposes.

Indian hackers pose as legitimate firms

Reuters journalists Chris Bing and Raphael Satter recapped at the recent Cyberwarcon event their ongoing investigation of a loose collective of Indian hackers that blur the lines between reputation management firms and outright hacking-for-hire services. Working for outfits such as Appin Security Labs and BellTrox, these hackers target lawyers, activists, executives, investors, pharmaceutical companies, energy firms, asset management companies, offshore banking entities, and high net worth individuals.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Pete Linforth from Pixabay

Advanced Persistent Threat

US DOJ indictments might force Russian hacker group Sandworm…

lead centered=”no”
Experts hope that indictments against six Russian military intelligence agents will make Russia rethink plans to disrupt the US election.
/lead

The US Department of Justice (DOJ) unsealed charges against six hackers who allegedly are part of Sandworm, a Russian military intelligence group responsible for a string of damaging and unprecedented acts of malicious digital activity. The breadth of crimes that DOJ accuses the hackers of committing is extensive, from shutting down Ukraine’s power grid — twice — to the launch of faux ransomware NotPetya, which caused billions of dollars in damages globally, to devastating cyberattacks on the 2018 Olympics in South Korea.

The indictment spells out multiple computer fraud and conspiracy charges against each defendant and is the first time Russia has been identified as the culprit behind the Olympic attacks. In those incidents, attackers deployed destructive malware called Olympic Destroyer to disrupt the 2018 games. The Russian hackers had attempted to blame North Korea, China and other adversaries as the culprit of those assaults through a series of false flags implanted in the malware that were designed to throw investigators off track.

The DOJ further alleges that the hackers and their co-conspirators helped Russia retaliate against former Russian spy Sergei Skripal by poisoning him, along with his daughter, with a weapons-grade nerve agent, Novichok. Other crimes outlined in the indictment are a series of spear phishing attacks against the country of Georgia and Georgian non-government organizations in January 2018 and a cyberattack in Georgia around October 2019 that defaced approximately 15,000 websites and disrupted service to them.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Steve Harvey on Unsplash

 

Articles

Cyber LEAP Act aims for innovations through Cybersecurity Grand…

lead centered=”no”New bill seeks to set up competitions across the US to spur security breakthroughs./lead

The Senate Commerce Committee approved last week what could prove to be an essential piece of legislation for cybersecurity researchers: The Cybersecurity Competitions to Yield Better Efforts to Research the Latest Exceptionally Advanced Problems, or Cyber LEAP Act of 2020. Sponsored by Commerce Committee Chairman Roger Wicker (R-MS) and Senators Cory Gardner (R-CO) and Jacky Rosen (D-NV), the bill establishes a national series of Cybersecurity Grand Challenges so that the country can “achieve high-priority breakthroughs in cybersecurity by 2028.”

The challenges set up under the legislation will offer prizes, including cash and non-cash prizes, to competition winners, although the prizes aren’t yet spelled out. The legislation directs the secretary of commerce to set up the competitions in six key areas:

Economics of a cyber attack, focused on building more resilient systems while raising the costs for adversaries
Cyber training, to give Americans digital security literacy and boost the skills of the cyber workforce
Emerging technology, to advance cybersecurity knowledge in emerging technologies such as artificial intelligence
Reimagining digital identity, aimed at protecting the digital identities of US internet users
Federal agency resilience, to reduce cybersecurity risks to federal networks and improve the federal response to cyberattacks
Other challenges as determined by the secretary of commerce

This article appeared in CSO Online. To read the rest of the article please visit here.