Articles

New threat group underscores mounting concerns over Russian cyber…

Crowdstrike says Ember Bear is likely responsible for the wiper attack against Ukrainian networks and that future Russian cyberattacks might target the West.

As fears mount over the prospects of a “cyberwar” initiated by the Russian government, the number of identified Russian threat actors also continues to climb. Last week CrowdStrike publicly revealed a Russia-nexus state-sponsored actor that it tracks as Ember Bear.

CrowdStrike says that Ember Bear (also known as UAC-0056, Lorec53, Lorec Bear, Bleeding Bear, Saint Bear) is likely an intelligence-gathering adversary group that has operated against government and military organizations in eastern Europe since early 2021. The group seems “motivated to weaponize the access and data obtained during their intrusions to support information operations (IO) aimed at creating public mistrust in targeted institutions and degrading government ability to counter Russian cyber operations,” according to CrowdStrike intelligence.

Ember Bear is responsible for using the WhisperGate wiper malware against Ukrainian networks in January before Russia invaded Ukraine. The malware masquerades as ransomware but lacks a payment or data recovery mechanism, masking WhisperGate’s true intent, which is the destruction of data. The WhisperGate campaigns began with website defacements containing threatening messages in Ukrainian, Russian and Polish languages.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Zdeněk Macháček on Unsplash

Articles

Sprite Spider emerging as one of the most destructive…

Having flown under the radar for several years, the Sprite Spider group is using a ransomware code suite that is effective and hard to detect.

At the recent SANS Cyber Threat Intelligence Summit, two CrowdStrike cybersecurity leads, Senior Security Researcher Sergei Frankoff and Senior Intelligence Analyst Eric Loui, offered details on an emerging major ransomware actor they call Sprite Spider. Like many other ransomware attackers, the gang behind Sprite Spider’s attacks has grown rapidly in sophistication and damage capacity since 2015.

Today Sprite Spider is poised to become one of the biggest ransomware threat actors of 2021 and has a threat profile on par with what advanced persistent threat actors were five or ten years ago. Sprite Spider’s rise as a sophisticated threat is not surprising given that it, like many other organized ransomware gangs are filled with hackers who are often gainfully employed by nation-state threat actors.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Dev Leigh on Unsplash

 

Articles

US elections remain vulnerable to attacks, despite security improvements

lead centered=”no”Continued Russian interference, insecure paperless voting processes will sow doubt about the next election./lead

Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today as they did in 2016, when Russian state-backed hackers and social media trolls threw U.S. political campaign and election efforts into chaos, turmoil that has only become clear after the fact.

Certainly, voting security has made great strides since 2016. State and local governments took advantage of a funding boost under the Help America Vote Act to improve their infrastructure and better coordinate among themselves to harden election systems. Congress allocated an additional $425 million as part of a spending compromise that was passed and enacted in late-December, giving election officials even more latitude to make improvements.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

2020 outlook for cybersecurity legislation

lead centered=”no”Here’s a rundown of all the security-related bills working their way through this year’s U.S. Congress, plus some hot security topics likely to be debated./lead

As the partisan divide in Washington widens during this 116th Congress, the prospects of enacting any meaningful legislation that bolsters the nation’s cybersecurity seem, at first blush, dim. Of the nearly 300 pieces of legislation that touch on some aspect of cybersecurity, or more urgently, election security, introduced since the current Congress began last year, only nine have become law. Most were budget-related measures that appropriated or increased funds for federal agencies to spend on cybersecurity or election security as part of the fiscal 2020 spending deal passed in December.

Now, roughly halfway through the current Congress, it’s time to take stock and review where things stand in the legislative arena. A number of bills have been passed by either the House or the Senate and are awaiting further action. They are worth watching in 2020 because they have progressed the farthest and arguably might come closest to gaining some momentum toward passage.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

High-profile departures widen federal government’s security talent shortage

lead centered=”no”Recent key departures–voluntary and forced–might make it harder for government agencies to find the talent needed to fulfill their security missions./lead

Respected and influential government cybersecurity veteran Jeanette Manfra announced this month that she is leaving her position at DHS to join Google as its global director of security and compliance as part of a new security team at Google Cloud. At Google, Manfra, who currently holds the title of Assistant Director for Cybersecurity for the Office of Cybersecurity and Communications at DHS’ Cybersecurity and Infrastructure Security Agency, will spearhead an “Office of the CISO” initiative at Google Cloud to help customers improve their security postures.

Manfra’s departure is just the latest in a string of high-profile departures from the ranks of well-regarded cybersecurity experts from the federal government. Google recruited at least two other prominent government cybersecurity officials to join its ranks. Kate Charlet, who served as acting Deputy Assistant Secretary of Defense for Cyber Policy at the Department of Defense, left in 2017 and is now Director of Data Governance at Google. Daniel Pietro, who was Director for Cybersecurity Policy on the staff of the National Security Council, left his role in 2017 to work at Google as an executive for Public Sector Cloud at Google.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

The race for quantum-proof cryptography

lead centered=”no”Lawmakers briefed on quantum computing’s threat to encryption and the urgent need for mathematical research/lead

One of the biggest threats to privacy and national security is the ability of the immensely powerful quantum computers to break prevailing methods of encryption almost instantaneously. Once quantum computers become a reality, something that could conceivably happen in the next decade or two, all of the data protected by encrypted systems on the internet will become decrypted and unprotected, accessible to all individuals, organizations or nation-states.

Dr. Jill Pipher, President of the American Mathematical Society, VP for Research, and Elisha Benjamin Andrews Professor of Mathematics at Brown University led a briefing last week for lawmakers on Capitol Hill called “No Longer Secure: Cryptography in the Quantum Era” about the threats that quantum computing poses to existing cryptographic systems that support national and economic security. Senator Jack Reed (D-RI) began the briefing by saying “we’re acutely aware of the potential advantages and disadvantages that quantum presents. And we’re also very concerned that some of our adversaries and competitors are investing a great deal in quantum computing.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

CrowdStrike, Ukraine, and the DNC server: Timeline and facts

lead centered=”no”Politicizing cybersecurity only serves to undermine trust in its practices and objectivity, experts fear./lead

President Donald Trump, Senator John Kennedy from Louisiana and Secretary of State Mike Pompeo have all given credence to what cybersecurity experts and the US intelligence community deride as a baseless conspiracy theory pushed by Russia. That theory posits that Ukraine, and not Russia, was responsible for hacking into the networks of the Democratic National Committee (DNC) in the run-up to the 2016 presidential election.

Kennedy quickly backtracked from blaming Ukraine for the DNC hack, but nonetheless left wiggle room to return to this contention. After admitting he was “wrong” to imply Ukraine and not Russia hacked the DNC, he went on to say, “There is a lot of evidence, proven and unproven — everyone’s got an opinion — that Ukraine did try to interfere, along with Russia and probably others, in the 2016 election.”

This article appeared in CSO Online. To read the rest of the article please visit here.