| Welcome to The Cybersecurity 202! In case you missed the Ukrainian Chorus Dumka of New York's great performance on "Saturday Night Live," check it out here. Below: Ukrainian hackers are trying to blunt Russian disinformation, and a key Huawei competitor is in hot water. | Ukrainians are bracing themselves for powerful cyber attacks |  A woman at a peace march for Ukraine in Cologne, western Germany on Monday. (Photo by Ina Fassbender / AFP) | | | Five days after Russia invaded Ukraine, digital attacks have been mostly a footnote to the military campaign upending years of relative peace on the European continent. But far worse hacks could be coming. Ukrainians are steeling themselves for powerful Russian cyberattacks that could shut off power, disrupt communications and wreak further havoc among citizens. U.S. officials, meanwhile, are warning companies to brace for Russian hacks in retaliation for multiple rounds of punishing sanctions. The list of players is also getting far more complex as a cadre of cybercriminals and hacktivists have joined the fray, dramatically increasing the possibility of digital errors and unintended consequences that could force the United States and Russia into a larger cyber conflict. Here are three big stories to pay attention to: | What role will ransomware gangs, hacktivists and other nongovernment hackers play? | | The field of cyber actors involved in the conflict has ballooned since the invasion began. | - Ransomware hackers that announced allegiance to the Kremlin
- Ukrainian civilians who've banded together in an "IT Army" to launch digital attacks that take down sites sharing Russian propaganda, as Siobhán O'Grady, Sudarsan Raghavan, Isabelle Khurshudyan and Kostiantyn Khudov report
- A hacktivist group in Belarus that says it's working to stymie troop movements in the Russian-allied nation
- People affiliated with the hacktivist collective Anonymous who claimed to briefly take down the Russian government-backed news site RT and may be connected to an attack that took down the Kremlin website
- Another digital attack defaced the website of Russia's TASS state news agency with an anti-Putin message.
| | Ransomware drama: Among the most concerning entrants is the Conti ransomware gang, which has potential links to Russian intelligence agencies and announced it will use "all possible resources to strike back at the critical infrastructures" of nations that hack Russia. That could signal a resumption of ransomware attacks against critical industries, such as last year's Colonial Pipeline attack, which threatened U.S. oil supplies. The Kremlin had seemed to rein in such activity recently — even arresting some hackers. Conti's statement could backfire. At least one person with access to the gang's communications appears to have been displeased by the statement and leaked the gang's internal communications. Another ransomware gang with Russian ties, LockBit, announced it will steer clear of the conflict. Here's more from Allan Liska, director of threat intelligence at the cybersecurity firm Recorded Future: | | All that hacking by third parties also raises concerns about big errors — such as hacks that are excessively destructive, hit the wrong target or get mistaken for government-backed hacks and lead to escalating retaliation. Here's more from Robert M. Lee, CEO of the cybersecurity firm Dragos: | Will Russian hacks reach outside Ukraine? | | The Cybersecurity and Infrastructure Security Agency has issued a raft of warnings for companies to be on alert for such attacks — especially firms in critical sectors such as finance and health care. Here's CISA Director Jen Easterly on Twitter yesterday: | | Such attacks could come as a direct response to Western sanctions. | | The Kremlin has a track record of that kind of cyber score settling. For example, Russian hackers attacked the 2018 Olympics after the International Olympic Committee banned Russian teams from the Games for doping violations. Those attacks could be calibrated to pester NATO nations but not provoke a major retaliation in cyber or other domains. They might also target NATO nations with less developed cyber protections, raising questions about when a cyberattack might spark the alliance's commitment to collective defense, Sen. Mark Warner (D-Va.) told Cat Zakrzewski and Joseph Menn. Computer bugs targeted at Ukraine could also leak out and infect Western nations. There's some evidence that's already happening. A new strain of malicious software that wiped data from hundreds of computers in Ukrainian government agencies, banks and other key industries was also spotted at a handful of firms in Latvia and Lithuania, researchers say. Those attacks "appeared to be spillover, rather than a concerted effort to attack allies in NATO," Cat and Joseph report. Ukrainian government agencies have also been pushed offline by denial of service attacks that likely originate in Russia. | Will the West punch back in cyberspace? | | The United States has been highly hesitant to launch cyberattacks against its adversaries out of concerns about causing collateral damage and undermining the cyber rules of the road that U.S. officials have tried to convince allies to follow in cyberspace. Yet, President Biden has pledged the United States will respond to any "disruptive cyberattacks against our companies or critical infrastructure" and suggested in the past that cyber retaliation might be on the table. The handful of publicly known U.S. offensive cyber operations have been focused on disabling adversaries' cyber capabilities. Notably, U.S. Cyber Command cut off Internet to the Internet Research Agency, a Russian troll farm, before the 2018 elections. | | |  | The keys | | Facebook disrupted a disinformation campaign targeting Ukraine |  A girl looks at a notebook next to her mother as they stand in the Kyiv subway, using it as a bomb shelter. (AP Photo/Emilio Morenatti) | | | The firm, whose parent company is Meta, also blocked efforts to hack the Facebook accounts of prominent Ukrainians, Elizabeth Dwoskin reports. "The influence operation Facebook said it disrupted 40 accounts and pages on Facebook and its photo-sharing service Instagram that pretended to be associated with news outlets in the Ukrainian capital of Kyiv," Elizabeth reports. The operation ran websites that posed as independent news outlets and published claims that the West had betrayed Ukraine and Ukraine was a failed state. The accounts had fewer than 4,500 followers on both Facebook and Instagram. The group ran similar disinformation campaigns on Twitter, YouTube, Telegram and the Russian platforms Odnoklassniki and VK, Facebook officials said. | Ukrainians and allies are also trying to blunt Russian disinformation |  They have targeted media outlets that have pushed pro-Russian disinformation. (Andrey Rudakov/Bloomberg News) | | | The Ukrainians, who launched denial of service attacks against Russian propaganda sites described above, are also trying to fight back with fact checks and information campaigns of their own, my colleagues report. Here's a rundown: | - Some volunteers are gathering information on attacks and casualties and posting their findings on Telegram and Russian social media platforms
- Others "target Russian military and intelligence officers, flooding their emails and other platforms with messages"
- "Volunteers are reaching out to the mothers of Russian soldiers to convince them to call for Putin to bring their boys back home"
| | The effort is in some ways an uphill battle. Moscow has far more experience using tactics like disinformation alongside more traditional military strategies. | NSO Group sues Israeli newspaper Calcalist for defamation |  It comes after disputed Calcalist reports on Israeli police's use NSO Group spyware. (Sebastian Scheiner/AP) | | | The lawsuit stems from Calcalist's disputed reports that Israeli police used NSO spyware to snoop on high-profile executives, activists and other Israelis without warrants, the Times of Israel reports. The lawsuit comes days after Israel's deputy attorney general, Amit Marari, found "no indication that the Israel Police used Pegasus without a court order" to infect the phones of numerous Israeli citizens as Calcalist claimed, the Times of Israel reported. Israeli police did receive court approval to target three people named by Calcalist with spyware, the Justice Ministry said. Context: The disputed Calcalist stories came in the wake of a string of stories by The Post and other media that extensively documented numerous cases in which NSO's government clients used its hacking tools to target journalists, political opponents and activists. NSO is also disputing a Calcalist report that the company's spyware had a feature that could turn off internal records about its use. NSO called that claim "sensationalist." The company is seeking around $300,000 in damages but said it will give the damages to groups that support Holocaust survivors and sexual assault victims if it wins. The company said it filed the lawsuit "solely for the purpose of uncovering the truth and presenting it publicly." | | |  | Global cyberspace | | Ericsson, a Swedish Huawei alternative, faces new corruption allegations |  The allegations hinge on Ericsson's dealings in Iraq. (Mark Schiefelbein/AP) | | | An internal report from the company documents "bribes and kickbacks," "fraud and embezzlement," and disturbing details about the company's decisions to send workers into areas in Iraq controlled by the Islamic State, Greg Miller and Louisa Loveluck report. Context: The U.S. government has said the Chinese company Huawei cannot be trusted to build Western 5G networks, so Ericsson is seen as a crucial alternative. Ericsson and Finland-based Nokia are Huawei's main rivals in the race to 5G. Ericsson has issued a news release acknowledging "serious breaches of compliance rules" and circumvention of Iraqi customs authorities using routes controlled by "terrorist organizations, including ISIS." | - The company also said it was "committed to conducting business in a responsible manner, applying ethical standards in anti-corruption, humanitarian and human rights terms." Ericsson chief executive Borje Ekholm has said that the company's settlement agreement with U.S. authorities "limits our ability to comment."
| | |  | Cyber insecurity | | | |  | Industry report | | | |  | Securing the ballot | | | |  | Government scan | | | |  | Daybook | | - Senate Intelligence Committee Chairman Mark Warner (D-Va.) discusses Russia's invasion of Ukraine at a Washington Post Live event today at 2 p.m.
- Rep. John Katko (N.Y.), the top Republican on the House Homeland Security Committee, discusses cybersecurity and other issues at a Washington Post Live event on Tuesday at 10 a.m.
- New America's Open Technology Institute hosts an event on the next steps on consumer cybersecurity and privacy labels for connected devices on Tuesday at 2 p.m.
| | |  | Secure log off | | | Thanks for reading. See you tomorrow. | | |
No comments:
Post a Comment