Tag Archives: Ukraine

Security News for the Week Ending April 8, 2022

Hackers Hack Russia’s Largest State Owned Media Corporation

Hackers stole 20 years of communications including almost a million emails from the All-Russia State Television and Radio Broadcasting Company (VGTRK). Those emails were published by DDoSecrets. VGTRK runs 5 national TV stations, 5 radio stations and numerous propaganda outlets. The data is available for download as an almost 1 terabyte torrent. The hackers say they did this because of Russia’s attack on Ukraine. This is part of the ongoing cyber war between Ukraine and Russia. Credit: Daily Dot

Apple AirTags Are Useful for Stalking

Motherboard asked dozens of police departments for reports that included Apple Airtags. They received 150 reports that mentioned Airtags. Remember that they asked for reports from something like less than one half of one percent of the departments. In 50 cases women called the police because they were being notified by THEIR iPhones that they were being stalked. Many of these women thought that either former or current intimate partners were to blame. Only one report came from a man. A few of the reports talked about robbery or theft as the potential reason. In any case, Apple has a challenge for which there is no easy fix. Credit: Motherboard

Russia’s Great Firewall has Some Holes in It

Russian citizens are turning to a variety of tools to bypass Russia’s attempt to block citizens from accessing western media. From VPN tools, to Telegram to Cloudflare’s WARP, they are effectively bypassing Russian controls and accessing French, British and U.S. newspapers. Credit: Bleeping Computer

Hotels Are Now Prime Targets for Hackers

As hotels use more tech and create more apps, they have more data for crooks to steal. And, since data is king, the crooks go after it. The Marriott/Starwood hack, back in the old days of 2014, netted the hackers information on a half billion people. With new laws like state privacy laws in the U.S. and GDPR in Europe, the stakes for breaches are just going to get a lot more expensive. Luxury hotels are particular targets as London’s Ritz recently found out. If you have to give information to a hotel, do what you can to minimize it. Credit: Financial Times of London

Government Sponsored Hacks not Limited to Russia-Ukraine

China continues to target India’s power grid, a year after the start of the attack campaign. Security researchers say the purpose right now is to gather intelligence to enable future attacks. They say the attackers would attempt to compromise the grid’s load management system. If it succeeds, it could cause cascading blackouts with no way to stop the dominoes until the country is dark. The FBI says that hundreds of U.S. critical infrastructure companies have been attacked as well, so this is not limited to India. Credit: The Hacker News

Cybersecurity News for the Week Ending March 25, 2022

FCC Publishes Notice of Inquiry on Digital Redlining

The recently passed jobs act gave the FCC two years to adopt rules that will “facilitate equal access to broadband internet access service.” Congress says that these rules should prevent “digital discrimination … based on income level, race, ethnicity, color, religion, or national origin”. The FCC is asking, publicly, an awful lot of questions. Stay tuned for what happens next. Comments are due by May 16th. Credit: Wiley Law

EU and US Sign New Data Transfer Deal

The EU and US signed a deal to replace Privacy Shield today, in Brussels. We have not seen the details of the deal and Max Shrems, who killed the last two versions of the deal in court says his group will review it in detail for compliance with EU law, so this is not over yet, but it is a good sign for US businesses who are looking for some certainty when it comes to data transfers. Credit: Security Week

Hackers Unlock and Remote Start Honda Civics for $300 in Parts

Nobody told Honda that sending security information from the fob to the car unencrypted or sending the same information each and every time to unlock or start the car is a problem. If you are worried about your Honda being stolen, the only thing you can do is, well, not much. The article says you can put your key fob in Faraday bag, but reality is, that doesn’t help at all. Credit: The Register

Google Trains Employees to CC: Attorneys to Claim Privilege

In the face of the massive anti-trust lawsuit between the feds, 14 attorneys general and Google, the government is asking the judge to sanction Google for arbitrarily CC:ing lawyers on sketchy emails and ask for an opinion. Google’s attorneys understand this is a scam and don’t respond. Google even trains its employees to do this. We shall see what the judge decides. Credit: Ars Technica

Cybersecurity News for the Week Ending March 18, 2022

Incident and Ransomware Reporting Requirement in Just Passed Spending Bill

President Biden signed a bill that requires critical infrastructure operators to report significant cyber incidents to CISA within 72 hours after they reasonably believe an incident has occurred and within 24 hours of making a ransomware payment. The ransomware reporting requirement applies even if it is not connected to a covered incident. Critical infrastructure and federal agencies that do not report on time may be subpoenaed. Failure to comply with the subpoena risks contempt of court. Credit: CSO Online and The Record

Germany Warns Against Using Kaspersky Products

Germany’s Office of Information Security is warning users to find alternatives as the antivirus company could be required to spy for Mother Russia. Kaspersky says, of course, that won’t happen. And I believe in the Easter Bunny too. The U.S. government banned Kaspersky’s software in government offices in 2017, but there are plenty of companies that still use it. I agree with Germany. Credit: SC Magazine

Deep Fake Videos Enters Ukraine Invasion

No doubt you have heard about deep fake videos where a video seems to be of someone, usually famous, saying something or doing something that they never did. Often these videos are pornographic in nature, but a new video is part of the Russian invasion of Ukraine. The video is of Ukraine’s President Zelenskyy saying that he was surrendering to Russia. He never said that and he did not surrender. Even so, a lot of people saw the video because the hackers hacked a Ukrainian TV channel and broadcast it. The new world of war. Credit: Metacurity

Hacking is a Business

Just like other modern businesses, the hacking business is optimizing its processes. Google’s Threat Analysis Group exposed a new Initial Access Broker, related to Russian hacking gangs, whom they are calling Exotic Lily. All these folks do is figure out how to break into your organization. They don’t steal anything or do any damage. They do, however, sell that access to the highest bidder and those folks do the crime. Credit: The Hacker News

Russia Jamming GPSS and Satellites, Imperiling Airplanes, etc.

The EU Aviation Safety Agency and CISA say someone is jamming satellite navigation systems in eastern Europe, including parts of Finland, Cyprus, Turkey, Lebanon and Israel, among others. Depending on the situation, a plane that is using the satellite for navigation might go in the wrong direction or fly into a war zone. Planes trying to land could crash into the ground or be forced to land at a different airport. Aviation authorities are telling pilots to make sure that backup navigation tools are working. Credit: Threatpost

Telecomm and Russia

First, who is NOT pulling out of Russia – at least not yet. Cloudflare and Akamai are not going to pull out of Russia. They say that pulling out would not hurt the Russian government but would hurt Russian citizens trying to access content outside of the country. Cloudflare says that if they shut down, the government would celebrate, and that, possibly, could be true. Credit: ZDNet

On the other hand, backbone provider Cogent pulled out of Russia a few days ago. I suspect this was a combination of optics and the fact that Russia was unlikely going to be able to pay them due to sanctions and their economy crashing.

Now another massive Internet backbone provider, Centurylink, AKA Lumen, AKA Level 3, pick a name, is pulling out. Initially, they said they were just going to stop selling in Russia – like anyone in Russia is worried, right now, about ordering new Internet service, but quickly came around to realize the optics of that didn’t work and said that they are disconnecting from Russia.

That will hurt Russia because Lumen is the top international Internet provider in the country (although, as a percentage of revenue, it is minor). Among its customers are the Russian telecomm giants Rostelcom and TTK. Besides that, all three major cellular providers – MTS, Megafon and VEON – are customers.

It probably doesn’t help that Russia passed a law that penalizes anyone who tells the truth about the invasion of Ukraine could be sentenced to 15 years in a Russian Goolag.

Depending how many other carriers join Lumen and Cogent, it could set Russian business back 40 or 50 years, which is the objective. When rich Russian business people discover that their wealth is going to disappear, they might, gently, suggest to Vlad that he should stop, or, perhaps, something bad might happen to him. They tend to play for keeps there. Credit: Brian Krebs

Security News for the Week Ending January 28, 2022

Biden May Use China Rule on Russia if it Invades Ukraine

This COULD be a bluff, but the administration may use the foreign direct product rule on Russia, like they did on Huawei, if Russia invades Ukraine. Depending on how it is used, it could have crushing implications on anything in Russia that uses microchips. When used against one company in China, Huawei, it reduced their revenue by 30 percent. If it used against a country, it could be worse. This could be a threat, but no one knows if a threat could be real. Credit: WaPo

The Donald Trump Virus

No, this has nothing to do with Covid. The Donald Trump Packer malware delivers both remote access trojans (RATs) and other infostealers. It gets its name from a hard coded password named after Trump. The malware is called DTPacker. The campaign is active and has used fake British football web sites, among others, to deliver its malware. Credit: Threat Post

Let’s Encrypt to Revoke 2 Million Certificates Today

Let’s Encrypt found two bugs in their certificate issuing software and as a result, they will revoke about 2 million certificates on Friday the 28th. That number represents about 1 percent of the active Let’s Encrypt certificates so, while it is a large number, it is a small percentage. Users who are affected will get an email and will have to renew their certificates. This is NOT the result of a breach or a hack, just them being extra cautious. Credit The Register

Microsoft Mitigates Largest DDoS Attack Ever Reported

Microsoft says its Azure DDoS protection platform stopped a 3.47 terabit per second attack last November. This translated to 340 million packets per second. The attack came from about 10,000 computers in multiple countries and used multiple techniques. Can your infrastructure handle this? Credit: Bleeping Computer

World Economic Forum Says it Takes 9 Months to Identify and Respond to a Cyberattack

In 2021 ransomware attacks rose by 151%. Each successful attack cost the company $3.6 million, on average. The Forum says that even after 6 month of a breach becoming public, company share price underperforms the NASDAQ by -3%. More concerning, on average, companies need NINE MONTHS to identify and respond to a cyberattack. Read the details at Cybernews

Security News for the Week Ending December 24, 2021

Russian Hackers Make Millions by Stealing SEC Earning Reports

A Russian hacker working for a cybersecurity company has been extradited to the U.S. for hacking into the computer networks of two SEC filing agents used by multiple companies to file their quarterly and annual SEC reports. Using that insider information, the hacker traded stock in advance of the earnings being made public and earned millions. The hacker made the mistake of visiting Switzerland. I guess he figured that the U.S. did not know who he was. He was wrong. Credit: Bleeping Computer

Security Flaw Found in Popular Hotel Guest WiFi System

I always tell people not to use hotel guest WiFi systems because they are not secure. A researcher says that an Internet gateway used by hundreds of hotels for the guest WiFi are not secure and could put guest personal information at risk. The gateway, from Airangel, uses extremely easy to guess and hardcoded passwords. You can pretty much guess the rest. Credit: Tech Crunch

Feds Recover $154 Million in Bitcoin Stolen by Sony Employee

The U.S. has taken legal action to seize and recover $154 million stolen from Sony Life Insurance by an employee in a very basic business email compromise attack. The funds were supposed to be transferred between company accounts but were diverted. The hacker was not very smart, was in a country friendly to the U.S. (Japan), used a U.S. bank account and a Coinbase Bitcoin account, making it pretty easy to recover once found. The FBI managed, somehow, to obtain the private key for the hacker’s Bitcoin wallet, which made recovering the funds even easier. What the FBI has not disclosed is how they were able to recover the private key, probably because they do not want to disclose methods. Score one for the good guys. Credit: Bleeping Computer

Former Uber CSO Faces New Charges for Breach Cover-Up

Here is a tip about covering up a breach. Joe Sullivan, Uber’s Chief Security Officer between 2015 and 2017, faces more charges of covering up Uber’s breach. This time it is deliberately covering up a felony, which could bring him 8 years in prison and a $500,000 fine. Knowing Uber, they are probably not paying his legal costs. Moral: don’t lie. Credit: Data Breach Today

Russia Surging Both Tanks and Cyberattacks on Ukraine

In addition to moving 175,000 soldiers to the Ukraine border as Ukraine plans to join NATO, Russia is also stepping up cyberattacks on Ukraine’s financial system and critical infrastructure. In response, the US, UK and other friendly (NATO) countries have sent cyber experts to Ukraine to help defend their digital frontier. What war looks like now. Credit: Data Breach Today