Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime
Russia-Ukraine Updates: Cybersecurity News Amid Conflict
ISMG's Editorial Team Monitors the Latest Cyber-Related Reports in Ukraine CrisisRussian President Vladimir Putin invaded Ukraine, launching kinetic attacks and malicious cyberattack campaigns against the former Soviet state. During these chaotic times, it is unclear how the invasion may affect the West. National security experts at the White House, the nation's operational cyber agency, CISA, and Britain's National Cyber Security Center, among others, are calling for network defenders to be vigilant and prepare for possible retaliatory nation-state attacks.
See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation
In this thread, Information Security Media Group's editorial team recaps all the cyber headlines that have intersected with Putin's invasion in Europe.
March 25, 2022
ISMG Editors: Russia-Ukraine War Cyber Escalation Fallout?
ISMG editors discussed important cybersecurity issues, including the White House warning about escalated cyberthreats from Russia and the impact of the Russia-Ukraine war on the healthcare sector.
March 24, 2022
Ukrainian IT Official: Russian Cyberattacks Have Continued
Ukrainian IT officials continued to call out alleged Russian cyberattacks. This comes as hacktivists took matters into their own hands in the digital underground, striking Russian media agencies, government ministries and more.
March 23, 2022
Reports: Russian IPs Scanning US Energy Firms, Others
U.S. President Joe Biden warned that intelligence is pointing toward potential Russian cyberattacks against the U.S., the FBI reportedly issued an urgent bulletin contending that Russian IP addresses have conducted network scanning activity on at least five U.S. energy firms.
March 18, 2022
Russia Says It's Seen 'Unprecedented' Level of Cyberattacks
Russia said it experienced a greater number of cyberattacks leveraged against its government websites than ever before as Anonymous, the hacking collective, battled in the cyber war on behalf of Ukraine.
HHS: Health Sector Should Prepare for Russia-Ukraine Threats
Federal authorities advised healthcare sector entities to take precautions, including enhancing their cybersecurity posture and being prepared to implement four- to six-week business continuity plans, as they continue to face potential cyber incidents related to the Russia-Ukraine war.
ISMG Editors: Russia's War Changes Ransomware Landscape
Four editors discussed important cybersecurity issues, including how Russia's invasion of Ukraine further complicates cybercrime ransomware payments, a former U.S. Treasury senior adviser's take on Biden's executive order on cryptocurrency, and important points regarding the upcoming identity theft executive order.
Russia May Have Caused Widespread Satellite Network Outage
A security alert, issued by the FBI and the Cybersecurity and Infrastructure Security Agency, also said that "successful intrusions into SATCOM networks could create risk in SATCOM network providers' customer environments."
March 17, 2022
ISMG Editors: Russia's War Changes Ransomware Landscape
In this installment of the editor's panel weekly updates, ISMG's editors discuss how Russia's war further complicates the optics of paying money to ransomware-wielding criminals, based in Russia or that have ties to Russia-based crime operations.
Russia May Have Caused Widespread Satellite Network Outage
One of the big surprises in Russia's war with Ukraine has been the apparent lack of sophisticated cyberattacks to prepare the battlefield or support the invasion, cybersecurity experts said.
March 16, 2022
Ukrainian Cyber Official Offers Update on 'IT Army'
War in Ukraine continued into its third week, and Russia closed in on major Ukrainian cities, upping its targeting of civilian infrastructure. In the U.S., cybersecurity officials urged a "Shields Up" approach - while the digital conflict has devolved deeply into the underground.
Sanctions Halt Rewards for Bug Hunters in Belarus, Russia
The U.S., Europe and other nations have imposed a comprehensive set of sanctions against Belarus and Russia in retaliation for the invasion of Ukraine. But sanctions aren't a perfect tool, and their effects can reach people who don’t have decision-making roles or influence and may very well oppose Russia's invasion. The situation is already proving frustrating for researchers, including one in Belarus who says he is opposed to the war and that bug bounties are his only source of income.
March 15, 2022
Senators Request Briefing on Infrastructure Cybersecurity
With the ground war worsening in Ukraine, the international community rallied behind the former Soviet state, and lawmakers in the U.S. sought guidance from the Department of Homeland Security on ways to continue fortifying U.S. cyber defense. The move comes as some cyber experts predict an ultimate escalation in Russia's malicious cyber activity targeting either Ukraine's infrastructure or NATO member networks.
Anonymous Reportedly Hacked Russian Energy Firm Rosneft
International hacking collective Anonymous on Monday hacked the German subsidiary of Russian energy company Rosneft, die Welt newspaper said, citing the country's cybersecurity watchdog, the Federal Office for Information Security.
Threat of Russia-Ukraine 'Spillover' Attacks on Healthcare
As the Russia-Ukraine war continues, healthcare sector entities in the U.S need to be prepared to deal with potential spillover cyber incidents, says Anahi Santiago, CISO of ChristianaCare, the largest healthcare delivery organization in the state of Delaware.
March 14, 2022
Top Cyber Officials Say Russians May Yet Escalate Cyberwar
As war in Ukraine rages and the Putin regime continues to drive toward major population centers in the former Soviet state, U.S. cybersecurity officials remain on high alert - questioning whether the Russians will elevate their cyberwar against their Western neighbor or against NATO member-states.
Russia's War Further Complicates Cybercrime Ransom Payments
What are the ethics of paying a ransom to a cybercrime syndicate that might be working as a proxy cyber force in support of the Russian government's war with Ukraine?
March 11, 2022
Anonymous Reportedly Hacks Russian Censorship Agency
International hacking collective Anonymous announced that it hacked the Russian censorship agency known as Roskomnadzor. The group released 364,000 files it said show intensified censorship around the perception of the Ukraine invasion, which began in late February.
US Congress Passes Cyber Incident Reporting Mandate
After months of political infighting, a landmark cybersecurity provision requiring critical infrastructure providers to report security incidents and ransom payments passed both chambers of Congress and now heads to President Joe Biden's desk.
Cybersecurity Picture Inside Russia Grows More Complicated
In response to widespread, ongoing disruptions, the Russian government allegedly weighed a move to disconnect the country from the internet and switch to its own "runet." While government officials denied any such plans, they announced the launch of a domestic, trusted TLS certificate authority to allow Russia to issue its own digital certificates, in the event that existing certificates get revoked.
March 10, 2022
Internet Experts Propose Blocking Culpable Russian Sites
In an open letter addressing a request by the Ukrainian government to the web governance entity the Internet Corporation for Assigned Names and Numbers, dozens of researchers, internet activists, politicians and academics voiced their disapproval, and called for precise, measured sanctions that could more effectively weaken Russian military and propaganda efforts.
March 9, 2022
Former US Cyber Official Warns of Russian War Repercussions
A former top U.S. cybersecurity official warned that the conflict in Ukraine will likely worsen before showing any signs of improvement, including potential cyber escalation with the U.S. and its NATO allies. Richard Clarke, former special adviser to the president of the U.S. on terrorism and cybersecurity, also urged security practitioners to ask hard questions if a system should fail.
March 7, 2022
White House Requests Billions in Tech Aid for Ukraine
As the ground war in Ukraine intensifies, U.S. and NATO officials looked to sharpen sanctions and rhetoric against Moscow, and cybersecurity proved a pivotal part of the discussion. The Biden administration requested $10 billion in emergency funds to address Russia's campaign, with sizeable pots for cybersecurity.
Ukraine Fighting First-Ever 'Hybrid War' - Cyber Official
Ukrainian cybersecurity official Viktor Zhora said his country is fighting the first-ever "hybrid war" that bridges both the physical and online realms.
March 4, 2022
ISMG Editors: Are Hacktivists the New Resistance Fighters?
Four editors at Information Security Media Group discuss important cybersecurity issues, including the accelerating invasion of Ukraine by Russia and its potential short- and long-term impact on the cybersecurity industry; whether hacktivists are the new resistance fighters and the dangers that might trigger; and how a data leak may help researchers track and fight the Conti ransomware gang and its affiliates.
US Officials Push Collaboration, AML Controls for Crypto
High-ranking U.S. officials said that while it would be nearly impossible for Russia to "flip the switch" and convert to cryptocurrency to stabilize its sanctioned economy, they caution that Russian elites and entities might try to skirt the measures by transferring and obfuscating funds across the blockchain.
Russia Lists 17,576 IPs Used in DDoS Attacks
Russia's National Coordination Center for Computer Incidents published a list of 17,576 IP addresses and 166 domains that it says are targeting the country's information resources via distributed denial-of-service attacks.
March 3, 2022
US Senators Express Concern Over Russian Use of Crypto
Key financial members of the U.S. Senate sent a letter to Treasury Secretary Janet Yellen regarding potential sanctions evasions and the department's ability to police crypto assets, as adversarial countries have previously leveraged them to fund weapons programs and infuse their economies with needed cash flows.
9 Essentials for Global CISOs During Russia's Ukraine War
How can CISOs be prepared as nation-state and other activity remains a threat in light of Ukraine's invasion? Here are nine ways to consider bolstering network defenses.
Phishers Target European Nations Aiding Ukrainians
A fresh phishing campaign, aimed at victimizing those donating aid to Ukraine, was carried out - most likely - by nation-state actors, according to cybersecurity researchers.
Conti Gang Members Fretted Over Putin's Ukraine Invasion
A Wisconsin-based consultancy that analyzes cybercrime activity, Hold Security, released an excerpt of a private chat between two Russian Conti members. In the chat, the two express misgivings about the war in Ukraine due to its violence. One participant bad-mouthed Russian President Vladimir Putin and said he had lost his mind.
Russia-Ukraine Cryptocurrency Scams Detected by Researchers
Mikhail Sytnik, security expert for threat analysis firm Kaspersky, tells ISMG that cryptocurrency-related phishing scams continue to grow in 2022. More than 460,000 phishing attempts were made in 2021 and with an increased interest in digital assets, Sytnik says there will not be a shortage of cryptocurrency-related scams.
March 2, 2022
US Senate Passes Incident Reporting, FISMA Update Bill
The U.S. Senate passed a landmark cybersecurity package that bundles three substantial measures - mandatory 72-hour incident reporting for critical infrastructure, an update to federal IT security strategy, and authorization for the governmentwide program standardizing security assessment, authorization and monitoring for cloud services.
Personal Data of 120,000 Russian Soldiers Published Online
Ukrainian online newspaper Pravda published details on 120,000 Russian soldiers, citing Ukraine's Center for Defense Strategies as the source. But chatter seen by Information Security Media Group on Telegram suggests that the source of the dataset is the hacker group ENIGMA.
March 1, 2022
Feds Warn Health Sector of Russia-Ukraine Conflict Threats
Federal authorities cautioned that while they are unware of specific cyberthreats to the U.S. healthcare and public health sector related to Russia's attack on Ukraine, entities in those sectors should stay proactive and vigilant to at least three main potential threat groups and two wiper malware variants.
US Officials Tracking Russian Cyberattack Escalation Risk
Amid the Russia-Ukraine crisis, cybersecurity officials in the U.S. and European Union expressed surprise over Russia's lack of pervasive cyber strikes and warned that cyberattacks could follow as Russia's economy reels from sanctions.
Feb. 28, 2022
Anonymous Extends Its Russian Cyberwar to State-Run Media
International hacktivist collective Anonymous reported by way of social media that it successfully hacked websites connected to the Russian government, state media and banks as Russia experienced partially sanctions from SWIFT, the international messaging system used by banks around the world.
Update: Cyber Hacktivists Target Belarus for Supporting Russia
Belarus has renounced its nonnuclear status and began moving the Kremlin's nuclear weapons into the country for the first time since it gave up nuclear weapons at the fall of the Soviet Union. This action sparked a heavy backlash from several cyber hacktivist groups, who started disrupting Belarus' railway services and banking systems.
Ukrainian Researcher Leaks Conti Ransomware Gang Data
Researchers released more than a year's worth of data on Conti, a Russian ransomware gang known for its attack on the Health Service Executive of Ireland. The leak is being called a "must read" for security experts.
Ukraine Assembles IT Army to Perform DDoS on Russia
The Ukrainian Ministry of Defense, with the support of Ukraine's vice prime minister and minister of digital transformation Mykhailo Fedorov, reportedly issued a call for Ukrainian hackers to safeguard its networks and potentially tap into Russian infrastructure. Elon Musk also provided internet services to Ukraine by way of Starlink satellites.
Feb. 27, 2022
Feds Advise 'Shields Up' as Russian Cyberattack Defense
The U.S. Cybersecurity and Infrastructure Security Agency and the FBI issued a joint advisory pointing to Russian state-sponsored activity using WhisperGate and HermeticWiper malware to target Ukrainian organizations. The agency has also updated the Shields Up webpage to include recommendations for corporate leaders and actions to protect critical assets.
Feb. 26, 2022
Belarusian Spear-Phishing Campaign Targets Ukraine Military
A nation-backed group called UNC1151 aka Ghostwriter launched a malicious spear-phishing campaign aimed at members of the Ukrainian military. Meanwhile, the Ukrainian Ministry of Defense reportedly issued a call for Ukrainian hackers to safeguard its networks and potentially tap into Russian infrastructure.
Feb. 25, 2022
Ukraine Invasion: What if US Strikes Back Against Russia?
Sam Curry, CSO for Cybereason, discussed the potential fallout as Russia-Ukraine tensions heighten and how security leaders can prepare in this video interview.
Ukraine Reportedly Calls for Volunteer Cyberwarriors
The Ukraine's Ministry of Defense allegedly issued a notice to recruit hackers to launch cyberattacks on Russia's critical infrastructure. Hacktivist group, Anonymous, is also reportedly leveraging attacks against Russia.
Wiper Malware Attacks Have Not Escaped Ukrainian Networks
Focusing on doomsday scenarios related to the Russia-Ukraine crisis will not help security teams, but running through emergency incident response preparation plans can. Wiper malware attacks, in terms of the Russia-Ukraine conflict, stayed contained in the Ukraine.
Sound Off: How Can Banks Prepare for Russia-Ukraine Crisis?
In the new video series "Sound Off," which explored a single question in depth, David Pollino, former CISO of PNC Bank, discusses how financial institutions should - and must - strengthen their incident response plans. Pollino, in this short video, provides specific examples of how security teams protecting bank networks can mitigate the risks of potential cyberattacks leveraged by nation-states.
Feb. 24, 2022
New Malware in Russia-Linked Sandworm's Portfolio
A new form of malware named Cyclops Blink and developed by Russian threat actor Sandworm aka Voodoo Bear was detected. U.K National Cyber Security Center and CISA issued joint advisory statements warning of Cyclops Blink, which has been active since June 2019 and attacks small home office routers and network devices.
White House Denies Mulling Cyber Strikes on Russia
U.S. officials, in an effort to disrupt Russia's web services, electric grid and other critical infrastructure, reportedly presented President Joe Biden with several offensive cyber options. But White House press secretary Jen Psaki has denied these reports. Threat analysts also discussed how cyberattacks could extend beyond Ukraine into other areas of Eastern Europe.
Russia-Ukraine War: Threats Facing the Healthcare Sector
In light of recent events in Ukraine, healthcare security experts warned of potential cyber threats the U.S. could face, including malware, disinformation and phishing campaigns to launch retaliatory attacks. CISOs, researchers and other security experts weighed in on the risks.
Feb. 23, 2022
Cyberattack Hits Ukrainian Government, Banking Websites
Ukraine's government and banking websites suffered a distributed denial-of-service outage that lasted for several hours - less than a week after the Ministry of Defense site fell in a similar attack. Global cybersecurity agencies warned organizations to enable multifactor authentication and be on high alert for other malicious activity.
Report: Ukrainian Government Prepared to Wipe Servers
As the Russia-Ukraine conflict escalated, the Ukrainian government looked to the possibility of wiping servers to protect sensitive data. Cybersecurity experts also weighed in on the possibility of a spike in ransomware and other cyberattacks as Russia's cyber warfare tactics heated up.
Proof of Concept: Is the New Age of Cyber War Here?
In ISMG's new series "Proof of Concept," guests discussed the probability of a cyber incident resulting in a kinetic response. This came as tensions between Ukraine and Russia rose sharply.
Russia's Invasion of Ukraine Triggers Resiliency Reminders
As Russia began its invasion of Ukraine, security experts reminded network defenders to stay prepared for any contingency. Britain's NCSC called for Western security agencies to bolster online defenses.
Feb. 22, 2022
EU Activates Cyber Rapid Response Team Amid Ukraine Crisis
The U.S. confirmed that the distributed denial-of-service attack on Ukraine's Ministry of Defense had been launched by Russia's Main Intelligence Directorate, aka GRU. In the wake of the escalating conflict, the European Union activated its group of cyber military experts to safeguard Ukrainian networks.
As Russia Invades Ukraine, Cyber Escalation Threat Looms
World leaders moved to sanction Russia for its aggression, and Ukraine remained on high alert in the face of potential cyberattacks. Ukraine's Computer Emergency Response Team issued an alert urging security teams to report suspicious activity to the government.
Feb. 21, 2022
Cybersecurity Readiness Advised as Russian Threats Loom
Russian President Vladimir Putin delivered alarming remarks from the Kremlin, further legitimizing U.S. President Joe Biden's fears that invasion of Ukraine was imminent. Financial institutions, the state of New York and others advised on cybersecurity readiness in case Russia retaliated against the West.
Feb. 15, 2022
Report: Cyberattack Hits Ukrainian Defense Ministry, Banks
Ukraine's defense ministry, as well as two banks, Privatbank and Oschadbank, were reportedly hit by a cyberattack. The defense ministry's website, which supports the Armed Forces of Ukraine, went dark.
Feb. 14, 2022
CISA Warns Orgs to Prep for Potential Russian Cyberattacks
After Russia amassed some 100,000 troops along the borders of Ukraine, the U.S. Cybersecurity and Infrastructure Security Agency released its "Shields Up" warning, designed to advise network defenders on how to protect against nation-state attacks.
Feb. 9, 2022
Report: European Central Bank Warns Against Russian Hacking
The European Central Bank warned against Russian cyberattacks on European banks, conducting numerous cyber war games in order to test the resiliency against a Russian cyber offensive. At one time, the banking system had focused predominantly on pandemic-related scams, but it then turned its attention to the possibility of Russia initiating direct cyberattacks on financial institutions.
Jan. 24, 2022
Report: DHS Fears Russian Cyberattack If US Acts on Ukraine
The DHS cautioned that Russian cyberattacks in retaliation of U.S. support of Ukraine could be on the horizon.
Jan. 21, 2022
Ukraine Cyber Attacks: A Case of Hacktivism?
ISMG's Anna Delaney and Mathew Schwartz analyzed cyberattacks aimed at Ukraine's government agencies. Seventy government agencies were targeted in an attempt to deface them.
Dec. 24, 2021
Cyber Activity Surges as Russia Masses on Ukraine's Border
Russia moved 175,000 soldiers to the Ukrainian border after President Vladimir Putin criticized Ukraine's intention to join NATO. Cybersecurity experts, who noticed an increase in Russian intelligence operations, warned this could be a precursor to invasion.