Ukraine has once again accused Russian intelligence services of launching cyberattacks against one of its government organizations. Ukrainian security service SBU announced that its employees blocked an attempt by Russian special services to breach information and telecommunications systems used by the country’s judiciary.
According to the SBU, the attack started with a malicious email purporting to deliver accounting documents. The documents hid a piece of malware that could have been used to disrupt judicial information systems and steal data.
Read more about the cyberattack attributed to Russia on SecurityWeek.
To address the growing concern of cyber-warfare, NATO has launched the “Cyber Coalition 2018” in Estonia. The exercise is a “War Game” focused on defense and counter-attack in the arena of digital battle.
The activity is taking place just 50 kilometres (30 miles) from the border with Russia, seen by the West as the biggest cyber threat after a string of attacks blamed on the Kremlin. Targets have included world sports bodies, the US Democratic Party and the world chemical weapons watchdog in the Netherlands. NATO says such assaults are becoming more “frequent, complex, destructive and coercive”, and are launched not just by state actors like Russia, China and North Korea but also by criminal gangs intent on extortion and “hacktivists” looking to embarrass big organisations.
Cybersecurity headlines in recent years have been dominated by companies losing money by being hacked and leaking the data of millions of customers. But today, cybersecurity is moving beyond the financial impact to concerns over public safety, national security, and even cyberwarfare.
To understand the state of cyberwar and its potential impact, we should all keep in mind two things:
The proliferation of cyberweapons is already happening
Arms control of cyberweapons hasn’t caught up
Read more about the current state of cyberwarfare on ZDNet.
It’s the time of the year for cybersecurity predictions. This time, Suzanne Spaulding, former DHS Under Secretary and Nozomi Networks advisor believes that in 2019, provides her insights.
The things that have been holding back Russia, China, North Korea and Iran from a critical infrastructure attack on the U.S. could shift. When it comes to nation state threats on U.S. critical infrastructure, we think of four key actors: Russia, China, Iran and North Korea. Each country has been held back from attacking the U.S. for different reasons. Think about a graph with an x and y axis. The x axis represents capabilities and the y axis represents destructive intent. At the moment, Russia and China have the highest capabilities, but they fall lower on the scale of destructive intent.
Read more about Suzanne Spaulding’s predictions and learn why she believes hackers from Russia, China, North Korea or Iran may launch a critical infrastructure attack on the US in 2019, on Information Security Buzz.
A groups of hackers believed by American intelligence to be controlled by a Russian spy agency has launched its first attacks with Brexit as a focus.
Known as Fancy Bear, the hackers have previously stolen files from the Democratic National Committee in the U.S. They often use recent events, like the October crash of a Lion Air 737 MAX plane off the coast of Indonesia, as lures for malicious documents that, when opened, infect the target computer. But the interest in Brexit is a first for the prolific Russian crew, also known as APT28 and Sofacy. That’s according to a former FBI official, Howard Marshall, who now heads up cybersecurity intelligence at Accenture.
Read more about the new Brexit-themed campaign by Fancy Bear on Forbes.
The Sofacy APT group is back, with a new second-stage custom malware payload that researchers have dubbed “Cannon.” A campaign against several government entities around the globe, including in North America, Europe and a former Soviet state, came in waves during late October and early November, according to Palo Alto’s Unit 42.
The researchers attributed it to Russian-speaking Sofacy, a.k.a. Fancy Bear, Sednit or APT28, after intercepting a series of weaponized documents that load remote templates containing a malicious macro. Unit 42 was able to retrieve the payloads, which included the known Zebrocy trojan in the first stage, and a new malware, the Cannon dropper trojan, for the second stage.
Read more about the recent activity of the Fancy Bear APT on Threatpost.
UK ministers are failing to act with “a meaningful sense of purpose or urgency” in the face of a growing cyber threat to the UK’s critical national infrastructure (CNI), a parliamentary committee has warned.
The joint committee on national security strategy said at a time when states such as Russia were expanding their capability to mount disruptive cyber-attacks, the UK’s level of ministerial oversight was “wholly inadequate”. It urged Theresa May to appoint a cybersecurity minister in cabinet to take charge of the efforts to build national resilience.
A Russian state-sponsored cyber-espionage group has come back to life after a one-year period of inactivity with a relative large spear-phishing campaign that has targeted both the US government and private sector.
The hacking group is known in infosec circles as Cozy Bear, APT29, The Dukes, or PowerDuke, and is infamous because it’s one of the two Russian state hacking crews that hacked the Democratic National Committee before the 2016 US Presidential Elections. “On 14 November 2018, CrowdStrike detected a widespread spear-phishing campaign against multiple sectors,” Adam Meyers, VP of Intelligence told ZDNet.
Read more about the new attack campaign by Cozy Bear on ZDNet.
McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims’ computing power to mine for cryptocurrencies. WebCobra silently drops and installs the Cryptonight miner or Claymore’s Zcash miner, depending on the architecture WebCobra finds. This cryptocurrency mining malware is uncommon in that it drops a different miner depending on the configuration of the machine it infects.
The researchers believe this threat arrives via rogue PUP installers. They have observed it across the globe, with the highest number of infections in Brazil, South Africa, and the United States.
Read more about the WebCobra cryptojacking malware on McAfee.
The Pentagon and the US intelligence community plan to launch a counter-cyberattack on Russia if the country interferes with US midterm elections, according to a recent report from the Center for Public Integrity. In preparation, US military hackers have already been given permission to access Russian cybersystems necessary to complete the attack, said the report.
This movement is one of the cyber battle plans organized since President Donald Trump signed an executive order that streamlines the review of such operations, said the report. Essentially, the new policy allows for potential offensive actions to be executed more quickly upon attack.
Read more about how the US plans to combat possible Russian influence in the midterm elections on TechRepublic.