Tuesday, March 15, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal
Banks on alert for Russian reprisal cyber attacks on Swift
FROM THE MEDIA: Big banks fear that Swift faces a growing threat of Russian cyber attacks after seven of the country’s lenders were kicked off the global payments messaging system over the weekend. VTB, Russia’s second-biggest bank, and Promsvyazbank, which finances Russia’s war machine, were among the lenders removed on Saturday from Swift as part of the west’s sanctions campaign against Moscow in response to its invasion of Ukraine. Senior executives responsible for cyber security at several banks told the Financial Times that the threat to Swift, which enables banks to send trillions in payments across borders every day, could escalate if more Russia’s lenders are expelled from the system. Sberbank, Russia’s biggest bank, and Gazprombank have so far been kept on Swift as they facilitate much of the west’s payments for Russian oil and gas. The executives are concerned that Swift could be a more attractive target than individual banks as it is a pinch point in the global financial network. “There are lots of concerns about Swift,” said a financial regulator that supervises some of the banks. “Banks seem to be comfortable with their own cyber security levels, but a hit to Swift would be very detrimental to the whole banking system.” Although banks have become increasingly concerned about Swift as a potential target, so far Russia’s cyber attacks have targeted only Ukrainian government departments and infrastructure. Executives with oversight of cyber defense within their banks told the FT they had put their teams on alert for potential reprisal attacks.
READ THE STORY: FT (turn off java to bypass)
A QUICK LOOK:
Destructive Russian Cyber Attacks Against The West Are Imminent, Experts Warn
FROM THE MEDIA: Cyber criminals from Russia or other countries could retaliate and attack the energy infrastructure of the U.S. Cyber criminals are targeting the energy infrastructure in the U.S, including pipelines, refineries and power grids to attack their operations and supply chain systems, experts said. Hackers have targeted oil and gas producers in the past, such as the attack of the Colonial Pipeline, the largest U.S. fuel pipeline that resulted in shortages along the East Coast in April 2021. The cyber attackers demanded ransom via cryptocurrency since it is difficult to trace who the owners of an account are. Service from the pipeline did not begin again until May 12, 2021. The company wound up paying the hackers, who were known as DarkSide, a $4.4 million ransom. The hackers, an affiliate of a Russia-linked cybercrime organization, also stole almost 100 gigabytes of data. The hackers of Colonial Pipeline targeted the back-office systems and networks that most businesses use routinely, Jacob Ansari, security advocate and cyber trends analyst for Schellman, a Tampa, Florida-based security and privacy compliance assessor told TheStreet.
READ THE STORY: The Street
A QUICK LOOK:
Russian cyberattacks have been well-tested on US targets, security executive says
FROM THE MEDIA: Russian-based cyberattacks against U.S. targets have been well tested, a cybersecurity executive told Fox News Digital. As the war in Ukraine continues, cybersecurity professionals have warned about the possibility of Russian cyber capabilities being used on the U.S. Russia already has a proven ability to infiltrate U.S. systems, according to Tom Kelly, CEO of cyber breach response company IDX. "They've demonstrated that they've been able to go into our core infrastructure, be it SolarWinds in technology, be it Colonial Pipeline in energy, across the board we have evidence of their capability," the executive told Fox News. "It's advanced, it's capable and they've demonstrated for us their ability to do it," he continued. Cyberattacks, a part of modern warfare, can be used against critical infrastructure to turn off utilities, hamper communication and snarl supply lines, according to Kelly. "There are cyberattacks that would be hard to distinguish between a physical attack and therein lies great dangers for the escalation of conflict," said Kelly.
READ THE STORY: FOX NEWS
A QUICK LOOK:
Israel says government sites targeted by cyberattack
FROM THE MEDIA: Israel says its government websites were hit by a cyberattack but services have since been restored. The websites of the ministry of the interior, the ministry of defense and others were affected on Monday. “In the last few hours, a denial of service [DDoS] attack has been identified on a communications provider which, as a result, has for a short time prevented access to a number of sites, including government sites,” Israel’s National Cyber Directorate said on Twitter. “As of this hour all the sites are back for activity,” it added. In DDoS, attackers overwhelm their victims’ servers with a flood of data requests to paralyze them. The government-funded directorate that oversees cyber-defenses in a report published last year said it had witnessed “a dramatic increase” in the scale and quality of cyberattacks worldwide and in Israel. The Israeli daily Haaretz said a source in the country’s defense establishment believed it was the largest ever cyberattack launched against the country. Israel’s ministry of communications said it conducted an “assessment of the situation with the emergency services … following a widespread cyberattack on government websites”.
READ THE STORY: Alijazeera
A QUICK LOOK:
Ransomware gang member extradited to US from Canada, $28M in BTC seized
FROM THE MEDIA: A former Canadian government employee has been extradited to the United States to face wire fraud charges and conspiracy to commit computer fraud in connection with his role in the notorious ransomware gang NetWalker. As per a Department of Justice (DoJ) statement, Sebastien Vachon-Desjardins conspired to damage a protected computer to transmit a ransom demand intentionally. U.S. authorities have been going after Vachon-Desjardins for some time and liaised with their Canadian counterparts to bust him. On January 27, 2022, Canadian authorities arrested him in Gatineau, Quebec, and executed a search warrant in his home, where they found and seized 719 BTC, valued at just over $28 million at the time and CAD 790,000. “As exemplified by the seizure of cryptocurrency by our Canadian partners, we will use all legally available avenues to pursue seizure and forfeiture of the alleged proceeds of ransomware, whether located domestically or abroad,” Assistant Attorney General Kenneth A. Polite Jr. commented.
READ THE STORY: Coingeek
A QUICK LOOK:
Warner keeps eye on Russia cyber moves
FROM THE MEDIA: Sen. Mark Warner (D-Va.), chairman of the Senate Intelligence Committee, said on Monday he was surprised Russia hasn’t launched more destructive cyberattacks against Ukraine and the West despite having the capability to do so. “I am still relatively amazed that they have not really launched the level of maliciousness that their cyber arsenal includes,” Warner said during a cyber webinar hosted by the Center for Strategic and International Studies. Many cyber experts and U.S. intelligence officials predicted that Russia would launch massive cyberattacks, especially following crippling economic sanctions imposed by the U.S. and Europe, but so far those predictions haven’t materialized. Warner predicted on Feb. 28 that Russia would launch cyberattacks "in the coming days and weeks." In the lead up to Russia's invasion of Ukraine, Ukraine was hit by several cyberattacks that targeted government websites, including the parliament and the foreign affairs and defense ministries. Warner said that the cyberattacks thus far in Ukraine are “relatively mild” and said he had asked U.S. intelligence officials to explain “why we haven’t seen the real [Russian] A-team.”
READ THE STORY: The Hill
A QUICK LOOK:
The U.S. could publicize any Russian election hacking plans much faster
FROM THE MEDIA: Back in 2016, U.S. officials waited months to officially blame Russia for trying to influence the election by hacking Democrats' emails. Now researchers are urging the government to move a lot faster in the 2022 and 2024 elections to release any information it might garner about potential Russian cyber and disinformation campaigns. The goal is to subvert Kremlin plans, blunt the force of any hack and release operations and help guard against American voters being taken in by phony claims during an election cycle. It’s modeled on a rapid declassification of intelligence on Russia’s Ukraine invasion, which was widely celebrated by analysts who said it blunted Russian efforts to justify the invasion and helped strengthen U.S. allies’ opposition.
READ THE STORY: Washington Post
A QUICK LOOK:
‘It’s the right thing to do’: the 300,000 volunteer hackers coming together to fight Russia
FROM THE MEDIA: Ukraine appealed for a global army of IT experts to help in the battle against Putin – and many answered the call. We speak to people on the digital frontline. Kali learned how to use technology by playing with his grandfather’s phone. Now, the Swiss teenager is trying to paralyze the digital presence of the Russian government and the Belarussian railway. Kali – and many others who contributed to this article – declined to share his real name because some of the action he is taking is illegal and because he fears Russian retaliation. He is one of about 300,000 people who have signed up to a group on the chat app Telegram called “IT Army of Ukraine”, through which participants are assigned tasks designed to take the fight to Vladimir Putin. In so doing, they are trying to level the playing field between one of the world’s superpowers and Ukraine as it faces bombardment and invasion. The sprawling hacker army has been successful in disrupting Russian web services, according to NetBlocks, a company that monitors global internet connectivity. It says the availability of the websites of the Kremlin and the Duma – Russia’s lower house of parliament – has been “intermittent” since the invasion started. The sites for state-owned media services, several banks and the energy giant Gazprom have also been targeted.
READ THE STORY: The Guardian
A QUICK LOOK:
How Canadian tech is navigating Russian ‘naughty list’
FROM THE MEDIA: The day after Russia’s invasion of Ukraine last month, the Canadian Centre for Cyber Security fired off a bulletin, warning citizens the war would be more than just an armed conflict. A new malware known as HermeticWiper was targeting Ukrainian organizations, and weeks earlier, even before tough sanctions were enacted against Russia, the Cyber Centre was urging the “Canadian cybersecurity community – especially critical infrastructure network defenders – to bolster their awareness of and protection against Russian state-sponsored cyber threats.” At the same time some B.C. tech companies are being deployed to enact economic sanctions, this heightened threat of retaliatory cyberattacks emanating from Russia may serve as an urgent wake-up call to Canadian organizations, according to experts. “Canada has always been a target, like other governments, like other nations,” said Derek Manky, Fortinet Inc.’s (Nasdaq:FTNT) chief security strategist and vice-president of global threat intelligence, who is based out of the American cybersecurity giant’s B.C. offices.
READ THE STORY: BIV
A QUICK LOOK:
Demand for VPNs in Russia skyrockets after Facebook and Instagram block
FROM THE MEDIA: As Russia blocked access to Meta Platforms Inc’s flagship social media platforms, Facebook and Instagram, demand from internet users for tools to skirt the restrictions skyrocketed, data from a monitoring firm showed. Instagram access in Russia was cut from Monday in response to Meta’s decision last week to allow social media users in Ukraine to post messages such as “Death to the Russian invaders.” Facebook was already banned over what Moscow said were restrictions on access to Russian media there. On the eve of the Instagram ban, demand for Virtual Private Networks (VPNs) that encrypt data and obscure where a user is located spiked 2,088% higher than the daily average demand in mid-February, data from monitoring firm Top10VPN showed. Russia has been targeted by unprecedented western sanctions over its actions in Ukraine and is battling to control the flow of information, stifling foreign social media firms with traffic slowdowns and, in the case of Facebook and Instagram, outright bans. Demand for VPNs had already been on the rise in the region as Russian and Ukrainian websites fell victim to cyber attacks. Russia banned several VPNs last year, but has failed to block them entirely, as part of a wider campaign critics say stifles internet freedom.
READ THE STORY: Japan Times
A QUICK LOOK:
Hackers target German branch of Russian oil giant Rosneft
FROM THE MEDIA: The German subsidiary of Russian energy giant Rosneft has been hit by a cyberattack, the Federal Office for Information Security (BSI) said on Monday, with hacker group Anonymous claiming responsibility. Rosneft Deutschland reported the incident in the early hours of Saturday morning, the BSI said. Anonymous had published a statement on Friday claiming responsibility for the attack and saying it had captured 20 terabytes of data. Prosecutors in Berlin have opened an investigation, according to a report in Der Spiegel magazine. Rosneft Deutschland reportedly subsequently took its systems offline. Its pipelines and refineries continue to operate as normal, the report added. The BSI had warned in early March of a heightened risk of cyberattacks and an “increased threat situation for Germany” after Russia’s invasion of Ukraine, advising businesses to increase IT security measures. It has now issued a new cybersecurity warning to other companies in the oil industry. Rosneft Deutschland says it has been responsible for around a quarter of all crude oil imports to Germany in recent years and has stakes in three refineries in the country.
READ THE STORY: Expatica
A QUICK LOOK:
Items of interest
Traffic interception and MitM attacks among security risks of Russian TLS certs(Article)
FROM THE MEDIA: Russia is offering its own Transport Layer Security (TLS) certificates to bypass sanctions imposed by Western companies and governments that are limiting citizens’ access to websites amid the nation’s invasion of Ukraine. Restrictions on foreign payments are leaving many Russian websites unable to renew certificates with international signing authorities causing browsers to block access to sites. As a result, the Russian state has launched a domestic TLS certificate authority (CA) for the independent issuing and renewal of TLS certificates. The risks of Russian-owned and -issued TLS certificates are significant and include traffic interception and man-in-the-middle (MitM) attacks.
READ THE STORY: CSO
More Phishing Attacks = More Ransomware(Video)
FROM THE MEDIA: ActualTech Media moderators David Davis and Scott Bekker discuss phishing attacks and how prevalent they remain. This has special relevance to ransomware, as so many ransomware incidents start as phishing attacks.
Russia JUST ATTACKED Starlink In Space!(Video)
FROM THE MEDIA: On Sunday, the Starlink app hit the top spot among free iPhone apps on Ukraine's App Store, Sensor Tower said. It went on to spend part of Monday in the top spot before ending the day in second place behind Air Alarm, which alerts users to air raids. Musk sent Starlink terminals to Ukraine after Mykhailo Fedorov, the country's vice prime minister, requested on February 26 that he do so. At the time, the Russian invasion was disrupting the country's internet services. Musk said later that Starlink had been activated in Ukraine, and promised that more terminals were on the way. Could Russia be targeting it?
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com