Articles

Russia-linked cyberattacks on Ukraine: A timeline

Cyber incidents are playing a central role in the Russia-Ukraine conflict. Here’s how events are unfolding along with unanswered questions.

It’s been almost six weeks since Russian troops entered Ukraine and the large-scale “cyberwar” expected to accompany the invasion has not yet materialized. Observers and experts have offered many theories about why Russia hasn’t launched a destructive cyberattack on Ukraine yet despite its full capability to do so.

The reasons range from Russia saving its most dangerous cyberattack until the bitter end to the Kremlin’s fear of a devastating Western response. The most intriguing explanation for why Russia hasn’t seemingly unleashed its cyber arsenal is because we’re already in the middle of what Thomas Rid, professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies, calls a secret cyberwar.

The digital cyberwar is playing out in the shadows, Rid argues, with the more apparent cyberattacks taking place to divert attention from the incidents that we’re not supposed to see. Cyberwar has been playing tricks on us, he argues, emerging in the form of seemingly random attacks and then slipping away into the future.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by opsa from Pixabay

 

 

 

Articles

Why metrics are crucial to proving cybersecurity programs’ value

Methodologies to measure the effectiveness of cybersecurity efforts exist. Tying them to the real world is the trick.

As solutions to managing cybersecurity threats increase, surprisingly few metrics are available on how well these methods work to secure organizational assets. The National Institute of Standards and Technology (NIST) has pioneered information security performance measurement models that can produce metrics. (Note: NIST’s work in this area is now being updated.)

Aside from government agencies’ requirements to produce information security performance measures, the measurement models NIST recommends can also be used for internal overall IT improvement efforts. Either way, NIST recommends considering four factors while developing and implementing an information security measurement program:

  • Quantifiable measures
  • Readily available data that support the measures
  • Repeatable information security processes
  • Utility for tracking performance and directing resources

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by Clker-Free-Vector-Images from Pixabay

 

 

Articles

States step up cybersecurity efforts as threats increase

Spurred by recent attacks, some U.S. states are taking action and allocating funds to boost their defenses against cyber threats.

Earlier this month, Mandiant announced that it had responded to an intrusion by a Chinese-backed hacking group, APT41, that targeted a U.S. state government’s computer network. The security company ultimately discovered a persistent effort that allowed the malicious hackers to successfully compromise at least six U.S. state government networks by exploiting vulnerable internet-facing web applications using a zero-day vulnerability.

Mandiant couldn’t determine the hackers’ motives but said the intrusions were consistent with an espionage operation. The company also predicted that further investigation would reveal even more states whose agencies were affected by the effort.

These incidents underscore that state governments are just as attractive, if not even juicier, targets for malicious hackers as the federal government or any other organization. It’s no surprise then that state governments are stepping up their efforts to bolster their cybersecurity protections, launching task forces, hiring advisors, creating security centers, and boosting cybersecurity spending.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by OpenClipart-Vectors from Pixabay

 

Articles

SEC filings show hidden ransomware costs and losses

A review of 2021 8-K filings with the U.S. Securities and Exchange Commission reveals a more complete picture of the financial damage from ransomware.

The ransomware scourge reached unprecedented levels in 2021, with ransomware threat actors demanding, and in many cases receiving, ransom payments in the millions of dollars. The world’s largest meat processor, JBS, confirmed in June 2021 that it paid the equivalent of $11 million in ransom to respond to the criminal hack against its operations.

Colonial Pipeline paid $4.43 million to its ransomware attackers in May 2021, although in a subsequent operation, the U.S Department of Justice (DOJ) seized $2.3 million of that amount. In May, backup appliance supplier ExaGrid paid a $2.6 million ransom to cybercriminals that targeted the company with Conti ransomware.

The actual costs of ransomware attacks, including lost revenue, can far eclipse the simple dollar amount of any ransom paid. For most private companies, the costs of ransomware attacks, and even the attacks themselves, can be hidden from view, which is one reason why mandatory ransom payment reports for all organizations became law last week.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

 

Articles

Cyber incident reporting measures approved in the omnibus spending…

Critical infrastructure entities and federal agencies will have to report significant cyber incidents to CISA within 72 hours and ransomware attacks within 24 hours under legislation passed by the House that will likely become law.

The U.S. House of Representatives has passed key provisions of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which would require critical infrastructure operations to alert the government when they are hacked or pay a ransom to threat actors. It is part of the $1.5 trillion omnibus spending bill passed by the House on Wednesday, which funds the federal government for the rest of the year.

The incident report provisions contained in the Act, part of the broader Strengthening American Cybersecurity Act, failed to become law last year but passed the Senate unanimously on March 1.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

 

Articles

Biden’s cryptocurrency executive order addresses illicit financial risks

Early indications are that the cryptocurrency industry will work with the U.S. government to help minimize risk and make it harder for cybercriminals to profit from their activities.

The Biden administration issued its much-anticipated cryptocurrency executive order, laying out a wide-ranging investigation into digital assets to gain at least a preliminary grasp on how to address the rapidly growing $3 trillion financial market and its role in ransomware and other illicit activities. The order, entitled “Ensuring Responsible Development of Digital Assets,” outlines a series of far-reaching goals, including reducing the risks that digital assets could pose to consumers and investors, improving business protections, financial stability, and financial system integrity, combating and preventing crime and illicit finance, enhancing national security, fostering human rights and financial inclusion, and addressing climate change and pollution.

“Without oversight, the explosive growth in cryptocurrency use would pose risks to Americans and to the stability of our businesses, our financial system, and our national security,” an administration official said during a press briefing preceding the order’s release. “The absence of sufficient oversight can also provide opportunities for criminals and other malicious actors to leverage cryptocurrencies to launder the proceeds of their crimes or circumvent justly-applied sanctions,” the official said.

Reflective of the order’s even-handed tone, the official added, “At the same time, however, digital assets can also provide opportunities for American innovation and competitiveness, and promote financial inclusion.” To ensure that the U.S. government is not left out of these opportunities, the order also spells out a series of measures to create a federal central bank digital currency (CBDC) that at least 80 monetary authorities around the world are also exploring, and, in some cases, have introduced.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

 

Articles

Purported massive leak of Russian soldiers’ data could sink…

The publication of personal data on 120,000 Russian soldiers, if accurate, could provide a means to demoralize troops in Ukraine and make them targets for cyber campaigns.

In what security experts say is an unprecedented wartime leak, Ukrainian newspaper Ukrayinska Pravda published what it claims are the personal details of 120,000 Russian service personnel fighting in Ukraine. The nearly 6,000 pages of information, if accurate, contain names, registration numbers, and place of service for well over half of the estimated number of Russian soldiers who have invaded Ukraine.

The data was obtained by a Ukrainian think tank called The Center for Defense Strategies, which was created to monitor defense reforms and develop key government policies affecting Ukraine’s security and defense sector, with a particular focus on building independent analytical capabilities “at the level of the United States and Britain.” The Center is headed by former Ukraine Defense Minister Andriy Zahorodniuk. Its board includes international security expert Alina Frolova, state asset management expert Oleksiy Martsenyuk, former Ukrainian Foreign Minister Volodymyr Ohryzko, and economic and energy security expert Oleksandr Kharchenko.

High-profile Western security experts also sit on the Center’s board. Among them are the former U.S. Ambassador to Ukraine William Taylor, former Commander-In-Chief of U.S. European Command General Wesley Clark, former Special Defense Advisor to the Ukrainian Defense Ministry from Britain Phil Jones, and Professor of the Department of War Studies at King’s College Neville Bolt.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Kevin Schmid on Unsplash

 

 

Articles

Rash of hacktivism incidents accompany Russia’s invasion of Ukraine

Some in the cybersecurity community say actions on behalf of Ukraine help even the odds, while others warn that unauthorized hacking could interfere with government cyber operations.

In keeping with the hybrid nature of Russia’s invasion of Ukraine, several hacktivist groups and hackers have joined the fight in the embattled nation, including some hacktivists encouraged by the government of Ukraine itself. Although the hacktivists have been waging their version of cyber warfare mostly against Russian organizations, hacktivists sympathetic to Russia are also turning their weapons against Ukraine.

The following are notable hacktivist events that have occurred so far related to the Russian invasion of Ukraine.

  • IT Army of Ukraine emerges: Developers in Ukraine are joining an “IT army,” the IT Army of Ukraine, which has assigned them specific challenges. Announced on February 26, the group already has nearly 200,000 users on its main Telegram channel that it uses to hand out assignments and coordinate operations. The group was ostensibly responsible for shutting down the API for Sberbank, one of Russia’s major banks and Kremlin-aligned Belarus’s official information policy site. It’s not clear if the Ukraine government is behind the IT Army of Ukraine, even though Ukrainian officials have endorsed the effort.
  • Anonymous claims credit for website take-downs. Late last week, a Twitter account purporting to represent Anonymous wrote that “The #Anonymous collective has taken down the website of the #Russian propaganda station RT News.” The Russian state-run TV channel RT website said it was a victim of a hacker attack, which it attributed to Anonymous.
  • Cyber Partisans of Belarus claim train hacks. Activist hackers in Belarus called the Cyber Partisans allegedly breached computers that control that country’s trains and brought some to a halt in the cities of Minsk and Orsha and the town of Osipovichi. The hackers purportedly compromised the railway system’s routing and switching devices and rendered them inoperable by encrypting data stored on them.
  • AgainstTheWest targeted Russian interests. Another hacktivist group known as AgainstTheWest claims to have hacked a steady stream of Russian websites and corporations, including Russian Government contractor promen48.ru, Russian Railways, the State University Dubna, and the Joint Institute for Nuclear Research.
  • The Anon Leaks says it messed with Putin’s yacht information. The Anon Leaks, a group purportedly an offshoot of Anonymous, said it changed the callsign of Russian President Vladimir Putin’s superyacht Graceful on MarineTraffic.com to FCKPTN. The hackers also found a way to alter the yacht’s tracking data, making it look as if it had crashed into Ukraine’s Snake Island and changing its destination to “hell.”
  • Presumed hacktivists hacked Russian EV charging stations. Hackers, presumably activists, hacked electric vehicle charging stations along Russia’s M11 motorway to display anti-Russian messages. The hackers likely gained access through a Ukrainian parts supplier called AutoEnterprise.
  • “Patriotic Russian hackers” helped hit Ukraine websites with DDoS attacks: Last week, some independent Russian hackers, so-called “patriotic Russian hackers,” or vigilantes who operate in a hacktivist-like mode, claim they helped bring down Ukrainian websites during the second round of DDoS attacks that hit the country.
  • Russian media outlets hacked to display anti-Russian messages. The websites of several Russian media outlets were hacked to display anti-Russian messages, with some of the sites going offline. The sites affected were TASS rbc.ru, kommersant.ru, fontanka.ru, and iz.ru of the Izvestia outlet. Some Russian media sources say anonymous was the source of these hacks.
  • Researcher leaked Conti gang’s messages: A Ukrainian security researcher leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang publicly sided with Russia over the invasion of Ukraine. (Conti backpedaled from its robust support of Russia after its Ukrainian affiliates objected). The leaked messages were taken by a Ukrainian security researcher who reportedly had access to Conti’s backend XMPP server from a log server for the Jabber communication system used by the ransomware gang.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Max Kukurudziak on Unsplash

 

Articles

NIST seeks information on updating its Cybersecurity Framework

Security community welcomes the update, but a U.S. GAO report cites slow adoption among government.

As it begins planning to revise its widely praised Cybersecurity Framework (CSF), the National Institute of Standards and Technology (NIST) has requested that interested parties supply comments on how NIST can improve the effectiveness of the CSF and its alignment with other cybersecurity resources. NIST’s last update of the framework, first released in 2014 under an executive order issued by President Obama, was in 2018.

“There is no single issue driving this change,” NIST Chief Cybersecurity Advisor Kevin Stine said in a statement. “This is a planned update to keep the CSF current and ensure that it is aligned with other tools that are commonly used.”

This article appeared in CSO Online. To read the rest of the article please visit here.

 

 

Articles

Skyrocketing cryptocurrency bug bounties expected to lure top hacking…

Bounties as high as $10 million dollars make hunting cryptocurrency vulnerabilities lucrative for those with the proper skillsets. It might eventually drive up fees for traditional bounties, too.

As high-stakes cryptocurrency and blockchain projects proliferate and soar in value, it’s no surprise that malicious actors were enticed to steal $14 billion in cryptocurrency during 2021 alone. The frantic pace of cryptocurrency thefts is continuing into 2022.

In January, thieves stole $30 million in currency from Crypto.com and $80 million in cryptocurrency from Qubit Finance. February started with the second-largest decentralize finance (DeFi) theft to date when a hacker exploited a token exchange bridge in Wormhole to steal $320 million worth of Ethereum.

The largest cryptocurrency hack so far took place last August when blockchain interoperability project Poly Network suffered a hack that resulted in a loss of over $600 million. In an unusual move, Poly unsuccessfully attempted to publicly negotiate with the hacker a post-theft “bug bounty” of $500,000 in exchange for returning the $600 million, a bounty worth six times more than that typically offered in traditional cryptocurrency bug bounty programs.

This article appeared in CSO Online. To read the rest of the article please visit here.

Image by WorldSpectrum from Pixabay