news220304

Ukraine

Naturally, coverage of the war in Ukraine has focused largely on the increasingly murderous cost of Russia's invasion - but the impact of cyber tactics shouldn't be underestimated even if large-scale attacks have not materialised, yet. Among Moscow's many miscalculations, it seems unlikely that President Putin expected the skill with which Ukraine has wielded social media as a weapon. As The Economist has pointed out ($), even before his country was invaded, President Zelensky had the fifth-biggest Instagram following of any world leader. He has used Telegram to talk directly to ordinary Russians and he peppers Twitter with pointed multi-lingual messages. Pro-Ukrainian accounts post powerful images and video which are quickly picked up and reposted, and which are having a radical impact on public opinion around the world (even if many most likely contravene the Geneva Conventions). Military commentators have already warned that if Russia continues to step up the intensity of its assault and civilians pay the price, the pressure on western governments to take concrete action to protect them may become irresistible.

While large-scale state-backed attacks may have not been seen, there has been a surge in activity by private groups and individuals whose efforts have focused on Russia. Whether it's electric vehicle charging stations (not only rendered inoperative, but hacked to display anti-Putin messages) or state media (displaying the current number of Russian casualties), there have been "constant massive hacker attacks," as Tass described them. 'We are creating an IT army." Ukraine's vice prime minister tweeted. The hacking group, Anonymous, has already been hard at work and has now turned its attention to China, apparently with some early success. Somewhat bizarrely, President Biden made no mention of cybersecurity in his State of the Union speech this week. Last year, he described it as a "core national security challenge." One reporter quipped, "Don't have to mention cyberwar if everything is cyberwar."

Thoughtful takes on a thorny issue; Cyber realism in a Time of War by Ciaran Martin, Unprecedented sharing of top-secret Intelligence by Naomi Schalt (Nieman Lab), Hacking, War, and Cyberwar in Ukraine by Matthew Gault (Motherboard), Cyberscoop

Information war: An antidote to the disinformation and nonsense flooding social media; Nieman Lab has produced a list of more reliable resources.

Internet: The internet's coordinating body has refused a Ukrainian request to cut off Russia from the global internet. Most observers described the request as a flawed idea - and Russia has practiced for such a move.

Refugees: Proofpoint says a group with a record of attacking NATO countries may be using stolen Ukrainian military email accounts to target European officials trying to manage the refugee exodus from Ukraine.

China: Last week, Chinese ride-sharing company, DiDi Chuxing, announced the withdrawal of its services from Russia in response to its invasion of Ukraine. After sustained protests, DiDi performed an abrupt u-turn.

Location: Google has blocked the ability to edit Maps in Ukraine, Russia and Belarus and is deleting user-submitted places and contributions. BuzzFeed says the decision was taken following claims that the information was being used to coordinate air strikes on Ukraine.

Internet: Access to the internet in Ukraine has been holding up despite some problems which have been particularly severe in the southern and eastern parts of the country. Satellite broadband provider, Viasat, said its service in Ukraine suffered a partial outage due to a "cyber event". Elon Musk activated his satellite broadband service in Ukraine and sent a shipment of terminals to the country. For the moment, it appears to be working, though there are concerns that the terminals might provide a target for Russian forces. That risk should not be underestimated.

Messaging

The Telegram messaging platform has become a key element in the war in Ukraine with radical increases in the number of users, particularly in anti-Russian cyber attack groups. Check Point says some of these now have over 250,000 members who are using them to to coordinate
attacks, select targets and share results, Depressingly, some groups portray themselves as fundraising for Ukraine but are suspected to be fraudulent. Meanwhile, encrypted messaging platform, Signal, has denied rumours that it had been hacked. "We believe these rumors are part of a coordinated misinformation campaign meant to encourage people to use less secure alternatives," it said.

Biter, bitten

One of the most ruthless ransomware gangs, known as Conti, is finding out what it's like to be on the receiving end of an attack. In what appears to be a decision driven by the invasion of Ukraine, an anonymous Twitter user has posted the group's source code as well as more than a year's worth of internal communications. Chat logs analysed by KrebsOnSecurity show Conti employees moaning about low pay, long hours, gruelling schedules, and bureaucratic inefficiency. Conti had announced its “full support” for Russia's invasion. “If anybody will decide to organize a cyberattack or any war activities against Russia, we are going to use all our possible resources to strike back at the critical infrastructures of an enemy,” Conti had said.

Passwords

We've been in business for 6 years and one of our enduring messages is the risk of reusing passwords. We understand completely why people continue to do this, but it's hard to overstate how risky it is. SpyCloud says 64% of consumers repeat passwords for more than one account and 70% of passwords that have been compromised are still in use. SpyCloud reports that in 2021 it "recaptured" more than 15 billion credentials and pieces of personal data from the criminal underground; a 200% increase compared to the previous year. Lookout's annual list of most common stolen passwords still have lousy passwords at the top; 123456, 123456789, Qwerty and Password are the most common. The only practical solution is a password manager. Our guide is here.

Updates

Chrome: Version 99 addresses 28 separate security issues. This means other Chromium-based browsers, including Microsoft Edge, Vivaldi, Brave and Opera will be updated as well.

Messaging: An open-source multimedia communication library has as many as five security vulnerabilities. PJSIP is used by popular solutions including WhatsApp and BlueJeans. Updates to address the issues were released last week, meaning it's essential to make sure your apps are up-to-date. JFrog

Microsoft: Is beginning to roll out Defender for Business which is aimed at organisations with up to 300 employees. It includes simplified client configuration, and all recommended security policies are enabled by default.

Cisco: Fixes for critical vulnerabilities in Expressway Series and TelePresence Video Communication Server (VCS) unified communications products.

Threats

Phishing: Last December saw 316,747 phishing attacks, according to the Anti Phishing Working Group - the highest monthly total since its reporting program began in 2004. The overall number of phishing attacks has tripled since early 2020.

Russia: Predictably, there are attempts to exploit the war in Ukraine by sending emails telling the recipient there have been attempts to log into their Microsoft account from an IP address in Moscow. Malwarebytes

Consumers: Attackers are expected to turn their attention from big organisations to consumers, according to ReasonLabs. "As attack surfaces have expanded, enterprises have begun to shift their cybersecurity practices from reactive to proactive, [making] it harder...to carry out successful attacks against large institutions," it says.

Anchor: A revamped version of the 'Anchor' malware has been seen targeting Windows systems. Anchor is a known backdoor that has been used to deliver Conti ransomware. IBM X-Force

Instagram: Sophos says that it's seeing intense efforts to compromise Instagram accounts. Lures include bogus Instagram warnings including "Community guidelines violation" and Copyright infringement". Do set up two-factor authentication (Settings | Security | Two-factor authentication).

Websites: BleepingComputer reports on an offer to invest or purchase its site. It turned out to be an attempt to install malicious software that would provide remote access to its devices.

Twitter: Attackers seeking to target journalists took over the account of former intelligence specialist, Reality Winner. They changed the profile name to "Feedback Team" to impersonate Twitter staff before messaging verified users. Bleeping Computer

British Airways: Following the latest IT meltdown (which saw all short-haul flights cancelled on Monday morning), some passengers say they're receiving phishing emails designed to obtain their BA login credentials.

In brief

NSO: The spyware manufacturer is suing an Israeli newspaper over reports that Israeli police used its Pegasus product to spy on public figures. Unhappily for NSO, another newspaper says Mossad intelligence officials frequently used Pegasus for unofficial attacks on target cellphones.

Deepfakes: Research at MIT has found that people are pretty good at spotting artificial 'deepfake' video and images. That's the good news. The bad news is that we're not so good at identifying made up text. The Register

BBC: A Freedom of Information request has revealed the vast scale of malicious emails received by the BBC. There were 50 million between 1 October 2021 and January 2022; an average of 383,278 a day. Parliament Street via ITPro

Offboarding: As organisations see sharp increases in the number of employees leaving, Dark Reading has a useful safety checklist. It focuses on security staff, but also has wider applicability.

Infusion: Crowdsourced data from more than 200,000 medical infusion pumps revealed that 75% of them have security weaknesses that could allow them to be compromised remotely. Unit 42

Facebook: Less than two years after its launch, Meta is closing its student-focussed Campus pilot. The venture aimed to shore up Facebook's connections with younger users. Apparently it didn't.

Windows: Microsoft warns that resetting a Windows 10 or 11 device using the "Remove everything" option may not....remove everything. Do take note if you're disposing of an old machine.

Generation Gamer: The US military reckons that years of sedentary video gaming has left young Americans unable to withstand the rigours of basic training. “The ‘Nintendo Generation’ soldier skeleton is not toughened by activity prior to arrival, so some of them break more easily,” it opines.

FFT news digest March 4 2022