|
|
|
|
|
Cyber Daily: Ukraine Hacks Signal Broad Risks of Cyberwar Even as Limited Scope Confounds Experts
|
|
|
|
|
|
Hello. Security chiefs are watching what happens in Ukraine as Russian President Vladimir Putin threatens a ground war and Ukraine's government websites are attacked.
U.S., U.K. and Canadian officials have warned critical infrastructure companies to stay alert for potential cyberattacks if economic sanctions are issued against Russia.
As the CISO of a Fortune 25 company put it to me, "Cyber is becoming a part of the next generation of warfare." Big companies like his, he said, "will be on the front lines of these new situations before some declaration of war."
We remember the lessons of the NotPetya attack in 2017, which invaded corporate networks mainly through a corrupted software update from a small firm in Ukraine.
My question is, how much more alert can CISOs be?
Continued below.
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
How well do you know your own network?
Any company that does business online is vulnerable to cyberattacks. Protecting yourself comes down to knowing what your services depend on, and then using threat intelligence to enhance your defense.
Read More
|
|
|
|
|
|
Hackers installed destructive “wiper” software designed to render computer systems inoperable in at least two Ukrainian government agencies, said Viktor Zhora, deputy chief of Ukraine’s State Service of Special Communication and Information Protection.
Russia has denied any involvement in the cyberattacks.
The discovery of the wiper software, dubbed WhisperGate by Microsoft, is “particularly alarming,” because previous outbreaks of this type of software have caused world-wide disruptions, the U.S. Cybersecurity and Infrastructure Security Agency has warned.
WhisperGate was designed to look like ransomware, but its true purpose was to destroy systems, say security experts who have analyzed the code. It renders systems inoperable whether its ransom demand is paid or not, they say.
|
|
|
A warning message appeared in Ukrainian, Russian and Polish. PHOTO: PAVLO GONCHAR/ZUMA PRESS
|
|
|
That makes it similar to a devastating 2017 worm known as NotPetya that began in Ukraine before unfurling across Europe and the globe, wreaking havoc that cost some companies hundreds of millions in damages. But there are important differences between the two. Overall, WhisperGate is a less sophisticated piece of software than NotPetya, said Anton Cherepanov, a researcher with the antivirus company ESET.
|
|
|
NotPetya made a much better use of encryption to conceal its purpose from security researchers, he said.
Another difference: Unlike WhisperGate, NotPetya was designed to spread as a computer worm from computer-to-computer. NotPetya infected more than 12,500 computers in Ukraine, according to Microsoft. WhisperGate affected only a few dozen systems within Ukraine’s government, said Mr. Zhora, the Ukrainian official.
NotPetya and other major attacks linked to Russia have typically disrupted critical infrastructure, or relied on either a supply-chain hack or strategic web compromise to infect scores of victims, said John Hultquist, director of intelligence analysis at the U.S.-based cyber intelligence firm Mandiant who has tracked Russia’s most destructive hacking teams.
The recent activity in Ukraine so far appears to lack either of those components, though it is possible those elements exist but haven’t been activated yet, he said.
Read the full story.
|
|
|
|
|
ICRC director Robert Mardini
PHOTO: MARTIAL TREZZINI/ASSOCIATED PRESS
|
|
|
Red Cross investigates cyberattack that breached data of 'highly vulnerable' people. The Geneva-based International Committee of the Red Cross discovered a cyberattack on its systems on Jan. 18 after one of the organization’s partners detected “anomaly in the system,” spokeswoman Crystal Wells told WSJ Pro.
|
|
|
“We then did a deep dive with that supplier to better understand the full extent, breadth, and scope of the incident. Because of the type of attack, we could not guarantee the integrity of the system, so we took the compromised servers offline,” she said.
The non-profit humanitarian organization is now looking into short-term solutions to help family members who are separated or not in contact with each other, Ms. Wells said.
The ICRC said in a statement on its website that because of the cyberattack, it shut down a program called Restoring Families Links, which helps reunite families separated by conflict, disaster or migration. The attack compromised personal data from around 515,000 “highly vulnerable people,” the organization said.
Ms. Wells said the Red Cross is still assessing the extent of the breach. “We are going through each application in the server to see what has been compromised so that we can take the appropriate next steps with our Red Cross and Red Crescent partners for those affected,” she said.
In a statement, ICRC director Robert Mardini appealed to the attackers. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data,” he said.
— Catherine Stupp
|
|
|
|
Accellion reaches $8.1 million settlement over hack. Tech provider Accellion Inc. agreed to pay $8.1 million to resolve a proposed class-action lawsuit from individuals whose personal data was compromised in a 2020 hack of a file-transfer tool. Accellion disclosed the incident publicly in January 2021, saying its 20-year-old File Transfer Appliance, used by organizations world-wide, was hacked. This led to data breaches at supermarket chain Kroger Co., the Reserve Bank of New Zealand, law firm Jones Day and conglomerate Singapore Telecommunications Ltd., among others. A U.S. District Court judge in California must approve the settlement. (Reuters)
👉 Read more: Hack of Software Provider Accellion Sets Off Global Ripple Effects
Stress triggers employees to violate cyber policies, study says. Workers who have to jump through cybersecurity hoops to get work tasks done are more likely to violate those cyber policies when they experience stress, according to joint research from Brigham Young University and the University of Central Florida. In a survey of 330 remote employees, the researchers found that employees know they are going around the rules but do so to accomplish their jobs or help others do theirs. “Many leaders assume that employee security violations are either malicious or unintentional,” the researchers said. “Security policies should acknowledge the fact that many employee-driven breaches stem from an attempt to
balance security and productivity.” (Harvard Business Review)
|
|
|
|
|
|
|
MAP: HUSCH BLACKWELL LLP
|
|
|
|
Privacy patchwork: Legislators in seven states—Alaska, Florida, Indiana, Kentucky, New Jersey, Pennsylvania and Vermont—have proposed privacy laws so far this year. Law firm Husch Blackwell LLP is tracking the bills' progress, along with potential changes to existing laws in California, Virginia and other states.
Selfies for the IRS: The Internal Revenue Service plans to phase out existing usernames and passwords by the summertime in favor of photos and other forms of identification to verify taxpayers. The system from identity company ID.me will compare selfies to driver's license or passport photos, and could ask for a brief video call for further verification. (Fast Company)
Children's hospital to settle data breach suit. Rady Children's Hospital in San Diego agreed to pay up to $400 to each of 2,360 patients whose data was compromised in a breach that occured over six months in 2019 and 2020. Rady has denied charges of negligence in a proposed class-action lawsuit brought on behalf of several children. A hearing on the settlement is scheduled for May 6.
|
|
|
|
|
|