Archive for Ukraine

Ukraine Hit By Cyberattack By Russian Hacker Group

Posted in Commentary with tags , , on April 12, 2022 by itnerd

This morning, it came to light that there was an attack on Ukraine’s critical infrastructure by cyber-criminal group Sandworm:

On Tuesday, the Ukrainian Computer Emergency Response Team (CERT-UA) and the Slovakian cybersecurity firm ESET issued advisories that the Sandworm hacker group, confirmed to be Unit 74455 of Russia’s GRU military intelligence agency, had targeted high-voltage electrical substations in Ukraine using a variation on a piece of malware known as Industroyer or Crash Override. The new malware, dubbed Industroyer2, can interact directly with equipment in electrical utilities to send commands to substation devices that control the flow of power, just like that earlier sample. It signals that Russia’s most aggressive cyberattack team attempted a third blackout in Ukraine, years after its historic cyberattacks on the Ukrainian power grid in 2015 and 2016, still the only confirmed blackouts known to have been caused by hackers.

It shows that this war is on multiple fronts including cyberspace. And Justin Fier, VP of Tactical Risk and Response at Darktrace agrees:

This news represents a major step up from the relatively unsophisticated previous DDoS attacks, and it’s particularly interesting to see that Sandworm has reared its head again. CISA and other government agencies in the Five Eyes have been anticipating an attack like this and issuing sophisticated warnings for some time. Ukraine has been dealing with this type of threat for years and has been preparing with the help of global allies, including the U.S. 

While we cannot confirm these allegations, the hope is that governments worldwide will take this seriously and realize that the same type of attack could happen to them. Any attack on Ukrainian soil could also occur anywhere else, be replicated by other cyber-criminal groups or nation-states, or cause ripple effects across the global supply chain. During this ongoing “World War Wired,” we must be concerned not only with the prospect of an inbound warhead but also infrastructure destroying cyber-attacks. The responsibility will fall on each potentially at-risk organization to bolster their defenses: they must fight fire with fire, arming themselves with the latest technologies. You go to war with the army you have, not the one you wish you built, and organizations must prepare now.

In short, the time to prepare for this sort of attack is now because you can expect targets outside of Ukraine to be hit with this sort of attack in the near future.

New Malware Strain Seen To Be Attacking Ukraine

Posted in Commentary with tags , on March 15, 2022 by itnerd

Newly discovered data-destroying malware was observed yesterday in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. The Malware is called “CaddyWiper” and I have the string of Tweets from ESET Research providing the details:

CaddyWiper is the fourth data wiper malware deployed in attacks in Ukraine since the start of 2022 that I am aware of. That further confirms that cyber warfare is truly a thing. And organizations inside and outside Ukraine need to be prepared for more attacks as they are sure to come.

UPDATE: I have been provided some tips to protect yourself from Peter Stelzhamer, Co-Founder of AV-Comparatives on this:

“Use and keep your security software (i.e. anti-virus program) up to date and turned on. 

“Many users switch off their real-time protection to gain some speed, but safety should come before speed. We strongly recommend making sure that you use the latest version of the anti-virus software, and for that matter of any software that you are using on your computer. Newest versions come with improved and additional features to enhance software capability.

“Keep your firewall turned on

“Software based firewalls are widely recommended for single computers, while hardware firewalls are typically provided with routers for networks. Some operating systems provide native software firewalls (such as Windows OS). For Microsoft Windows home users we recommend using the firewall in its default settings.

“Always perform the updates of your OS

“If you use the Internet on your computer, then it is connected to the widest network there is – the World Wide Web. Since the WWW is a very dynamical space, operating systems permanently adapt to threats by releasing updates and patches that fix the eventual bugs, glitches or vulnerabilities that can prove to be exploited as security holes. Thus, it is very important to keep your OS up to date, as most new exploits are rendered inefficient by an updated system.

“Keep third party applications (like e.g. Java, Adobe Flash Player, Adobe Acrobat Reader, browsers, etc.) up to date

“Third party applications are programs written to work within operating systems but produced by individuals or companies other than the provider of the operating system. These can bebrowsers, e-mail clients, plugins (such as multimedia plugins for online streaming/gaming, or plugins for reading certain types of files). Since most of them are acting in the Internet environment, it is crucial that they always stay up to date and patched, because cyber-felons use vulnerabilities in older/unpatched versions to get the control of your system.

“Backup your files and software

“Backup is essential in case of data loss caused by malware attacks or malfunctions. Operating systems will attempt to recover system data through features such as System Recovery (Windows), but this procedure does not cover files or third-party software. Therefore, we recommend using one or more of the following backup methods:

  • Backup on a third-party device such as mobile hard drive, CD, USB storage device, flash drive, etc. These should be precisely labelled as to contents and date and stored securely. Three securely guarded generations of copies to the critical/important data (referred to as generational backup) are recommended: grandfather/father/son. You should take time to identify the important/critical data stored on your computer and proceed accordingly with the backup.
  • Backup on a remote location, on a verified secure server. You can do this directly or via network.
  • You should perform backups regularly (at least every three months as a rule or with every change you made, for critical data). Take the time to test the restoring process from the back-up copy. Even though you spend some time doing this, remember the alternative of losing all your data. Additionally, consider using an imaging software to make regular backup images of your system.”

Ukraine Using Clearview AI Tech To Fight Russia

Posted in Commentary with tags , on March 14, 2022 by itnerd

To be honest, I am not sure how I feel about this news that Ukraine has apparently turned to Clearview AI to help them fight Russia:

Ukraine’s defense ministry on Saturday began using Clearview AI’s facial recognition technology, the company’s chief executive told Reuters, after the U.S. startup offered to uncover Russian assailants, combat misinformation and identify the dead. Ukraine is receiving free access to Clearview AI’s powerful search engine for faces, letting authorities potentially vet people of interest at checkpoints, among other uses, added Lee Wolosky, an adviser to Clearview and former diplomat under U.S. presidents Barack Obama and Joe Biden.

The plans started forming after Russia invaded Ukraine and Clearview Chief Executive Hoan Ton-That sent a letter to Kyiv offering assistance, according to a copy seen by Reuters. Clearview said it had not offered the technology to Russia, which calls its actions in Ukraine a “special operation….”

The Clearview founder said his startup had more than 2 billion images from the Russian social media service VKontakte at its disposal, out of a database of over 10 billion photos total. That database can help Ukraine identify the dead more easily than trying to match fingerprints and works even if there is facial damage, Ton-That wrote…. Ton-That’s letter also said Clearview’s technology could be used to reunite refugees separated from their families, identify Russian operatives and help the government debunk false social media posts related to the war.

The exact purpose for which Ukraine’s defense ministry is using the technology is unclear, Ton-That said. Other parts of Ukraine’s government are expected to deploy Clearview in the coming days, he and Wolosky said.

Part of me thinks that this is a good use of this technology. But another part of me screams “this is Clearview AI and they’re evil.” This is clearly an interesting (if “interesting” is a right way of saying it) dilemma. Using some evil tech for a good cause. I root for Ukraine as we all do, but where is the border between the right and wrong time to use facial recognition and how do we make sure it is stopped when this war is over? That’s the question that needs to be answered.

The Next Front Of The Ukraine/Russia War Is Going To Be Cyberspace

Posted in Commentary with tags , , on February 25, 2022 by itnerd

A swath of major American businesses — from major banks to utility companies — are preparing for possible cyberattacks against their computer networks as Russia on Thursday threatened “consequences” for nations that interfere with its invasion of Ukraine. 

Their concerns, echoed in C-suites and around Washington, follow recent warnings from the Biden administration that U.S. firms should harden their defenses against potential cyberattacks that could disrupt the nation’s critical infrastructure. American officials say there are no current threats against the U.S. But they have nonetheless urged organizations to plan for worst-case scenarios and more aggressively monitor their computer networks for possible intrusions. 

“Right now, everybody needs to be at a heightened alert in the event this continues to escalate, and Russia tries to sway political opinion by causing damage in the United States and its Western allies,” said David Kennedy, the chief executive officer of security firm TrustedSec. He said companies should be going through their computer infrastructure “with a fine-tooth comb” to ensure previous intrusions can’t be used to cause future, more damaging, attacks. Major U.S. banks, for instance, fear aggressive cyberattacks if Washington imposes deeper financial sanctions on Russia, said two banking executives who spoke on condition of anonymity to discuss private conversations. CEOs of major financial firms and their cybersecurity experts recently met with Treasury officials as Russian threats of war intensified, according to the executives.

Related to the above, it shouldn’t come as a surprise that the government of Ukraine is asking for volunteers from the country’s hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops:

As Russian forces attacked cities across Ukraine, requests for volunteers began to appear on hacker forums on Thursday morning, as many residents fled the capital Kyiv. “Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country,” the post read, asking hackers and cybersecurity experts to submit an application via Google docs, listing their specialties, such as malware development, and professional references. Yegor Aushev, co-founder of a cybersecurity company in Kyiv, told Reuters he wrote the post at the request of a senior Defense Ministry official who contacted him on Thursday. Aushev’s firm Cyber Unit Technologies is known for working with Ukraine’s government on the defense of critical infrastructure. Another person directly involved in the effort confirmed that the request came from the Defense Ministry on Thursday morning.

Thus this conflict is about to get wider in scope. And it will be interesting to see if there’s actual nation state cyberattacks from countries like the UK or the US. After all, one could say that if Russia does this sort of thing, those countries have every right to retaliate.

Ukraine Under Some Sort Of Cyberattack As Tensions Escalate

Posted in Commentary with tags , on February 15, 2022 by itnerd

Today’s cyberattack on Ukrainian government and major bank websites is further proof of how cybercrime is being used to undermine international relations:

On Tuesday, Ukrainian officials said that some of their national security and financial sites are now under attack by hackers, as Russian troops and military equipment remain massed around Ukraine. The Ukrainian Defense Ministry tweeted that its website has likely been hit by a denial-of-service attack, noting that “an excessive number of requests per second was recorded.” The ministry said that it’s working on restoring the website. 

Ukraine’s Center for Strategic Communications and Information Security confirmed reports of the cyber attacks, stating, “For the last few hours, Privatbank has been under a massive DDoS attack.” Users reported that they were having problems with payments, as well as with the app. Some had trouble logging in, while others could not access their balance or recent transactions, according to the center.

Privatbank said that depositors’ funds face “no threat” — it’s just the app that is affected, and financial transactions “are perform[ing] normally.” Oschadbank’s internet banking is down. 

The center theorized, “It is possible that the aggressor resorted to the tactics of petty mischief, because by and large, his aggressive plans do not work.” However, it did not blame Russian President Vladimir Putin for the attacks, and it’s currently not clear who’s behind the attacks. 

The last significant cyberattack on Ukraine took place in January, and Ukraine’s ambassador told CBS News’ Margaret Brennan that an invasion by Moscow was likely to be preceded by hacking.

“If Russia decides on a full invasion, then we know that we should expect increased cyberattacks before that,” Ukrainian Ambassador to the U.S. Oksana Markarova told CBS News.

This has become a big deal as the US is assuming at this point that they will be a target as well. Justin Fier, Director of Cyber Intelligence & Analytics at Darktrace had this to say:

“With limited open-source information available, we must be careful at this stage to point fingers. Misattribution in cyber is a dangerous game, and any miscalculation can be detrimental. This attack could be another actor taking advantage of an already tense situation in the region. 

Current reports suggest this is yet another distributed denial of service (DDoS) attack, an attempt to bring down websites or networks by overwhelming the webserver with internet traffic. These attacks are not particularly sophisticated and relatively easy to mitigate. Attackers know this will make the news and spark global controversy without delivering enough damage to spark an aggressive response from the victim.  

Across our customer base, we sometimes see noisy attack techniques like this used to distract security teams while bad actors remain inside digital systems to carry out more deadly attacks behind the scenes – stealing or altering sensitive data, shutting down critical systems, or simply lying dormant until the right time comes. It remains to be seen whether that is the case here. 

It is alarming but unsurprising to see attackers hit their financial systems, especially when the global economy is facing significant pitfalls – the stakes are higher for defenders, and attackers can maximize damage. The cyber industry has been anticipating an attack of this nature in recent weeks, and until further details emerge, all organizations must be vigilant and heed the cautions issued by national federal agencies.” 

Given the level of tensions when it comes to Ukraine, I for one would not at all be surprised to see more attacks like this in the coming days.