Nov 25 2023
Nov 17 2023
The skills employed, the hacktivists and other threat actors are not going anywhere. Right now, Russia might be overwhelmingly interested in Ukraine, but their aims and goals remain global.
“These skills will be turned in other directions and other targets in the future, they will be shared in threat actor groups online. This is the world you need to be preparing for right now,” he added.
His warning echoed a similar one by Viktor Zhora, Deputy Chairman and Chief Digital Transformation Officer at the State Service of Special Communication and Information Protection of Ukraine.
Russia’s attack force consists of “hackers in uniform”, cybercriminals and hacktivists congregating in various Telegram channels, but the nation is also working on engaging ever more younger people in their cyber offensive campaigns. They are seeking talented individuals in schools (and not just tech universities), selecting the most talented and training them, he shared.
“The Russians are in it for the long run,” Zhora warned during his IRISSCON talk, and called on countries that are – or expect to be – targeted by cyber aggressive nations to create a cyber coalition so they can prepare, share their experiences, and exchange information.
We can’t talk about the war in Ukraine and not mention cyber attacks aimed at disrupting operational technology (OT) used by companies that are part of the country’s critical infrastructure (CI).
In his talk, Ferguson briefly passed through the known attacks that hit CI entities with OT-specific malware, starting with Stuxnet in 2010 and ending with CosmicEnergy in 2023.
Some of the attacks are believed to be the work of the US and Israel (Stuxnet), cybercriminals (EKANS ransomware, 2020) or are still unattributed (the destructive 2014 attack against a steel plant in Germany). But the rest, he noted, are all believed to have been mounted by Russian state-backed attackers.
And, he says, they are getting better at it. Mirroring the development of attacks against IT systems, they have recently begun exploiting legitimate tools found in OT environments, so they don’t need to develop customized malware.
Many attackers are scanning for OT-specific protocols and probing OT devices, Ferguson noted. While their actual exploitation hinges on the skills of the attackers, some modes of attack (e.g., DDoS and phishing) are available to those who are less skilled, but eager. Hacktivists can target critical infrastructure that’s exposed on the internet as it’s easily discoverable via online tools.
Unfortunately, securing OT systems comes with a host of challenges: a complex infrastructure; an increasing number of endpoints; OT devices insecure by design (and generally not meant to be connected to the internet); rarely integrated OT and IT security teams, a lack of visibility into the OT infrastructure – to name just a few.
Since the start of the war, Russian hackers have been trying to shut down electrical power in the country, have gone after government agencies, IT companies, telecoms, software development firms, media houses, editors, and media personalities, Zhora noted.
While the initial attacks were mostly geared towards destruction, Russian cyber attackers are now also trying to get their hands on information that can help them determine the effectiveness of their kinetic attacks, discover whether their spies have been flagged by the Ukrainian authorities, and see what evidence those authorities have gathered about war crimes.
Clever and subtle psy-ops online campaigns are, as well, a favorite tactic employed by the Russian state to manipulate enemies. And, since the advent of generative AI, it has became easier to mount them, Ferguson added.
All these things should be taken in consideration by governments when preparing for the future. Looking at the cyber component of the unfolding wars in Ukraine and Israel, they can see what future conflicts will look like.
Zhora says that Ukraine is becoming more and more confident of its capacity to counter future attacks, but that each democracy needs to ask themselves: Are we prepared for a global cyber war? “And they need to be honest with the answer,” he noted.
If they are not, they should immediately begin investing in cyber defense and intensifying cooperation, he added.
InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory
Aug 29 2022
Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.
NATO is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web, according to a published report.
The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.
Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache being sold by threat actors on hacker forums after what appears to be a ransomware attack.
Contradicting the cyberattackers’ claims in their ads, nothing up for grabs is classified information, MBDA said. It added that the data was acquired from a compromised external hard drive, not the company’s internal networks.
NATO, meanwhile, is “assessing claims relating to data allegedly stolen from MBDA,” a NATO official told Dark Reading on Monday.
“We have no indication that any NATO network has been compromised,” the official said.
MBDA acknowledged in early August that it was “the subject of a blackmail attempt by a criminal group that falsely claims to have hacked the company’s information networks,” in a post on its website.
The company refused to pay the ransom and thus the data was leaked for sale online, according to the post.
Specifically, threat actors are selling 80GB of stolen data on both Russian- and English-language forums with a price tag of 15 bitcoins, which is about $297,279, according to a report from the BBC, which broke the news about the NATO investigation Friday. In fact, cybercriminals claim to already have sold data to at least one buyer.
NATO is investigating one of the firm’s suppliers as the possible source of the breach, according to the report. MBDA is a joint venture between three key shareholders: AirBus, BAE Systems, and Leonardo. Though the company operates out of Europe, it has subsidiaries worldwide, including MBDA Missile Systems in the United States.
The company is working with authorities in Italy, where the breach occurred.
MBDA reported $3.5 billion in revenue last year and counts NATO, the US military, and the UK Ministry of Defense among its customers.
Hackers claimed in their ad for the leaked data to have “classified information about employees of companies that took part in the development of closed military projects,” as well as “design documentation, drawings, presentations, video and photo materials, contract agreements, and correspondence with other companies,” according to the BBC.
Among the sample files in a 50-megabyte stash viewed by the BBC is a presentation appearing to provide blueprints of the Land Ceptor Common Anti-Air Modular Missile (CAMM), including the precise location of the electronic storage unit within it. One of these missiles was recently sent to Poland for use in the Ukraine conflict as part of the Sky Sabre system and is currently operational, according to the report.
This might provide a clue about the motive of threat actors; advanced persistent threats (APTs) aligned with Russia began hitting Ukraine with cyberattacks even before the Russian official invasion on Feb. 24.
After the conflict on the ground began, threat actors continued to throttle Ukraine with a cyberwar to support the Russian military efforts.
The sample data viewed by the BBC also included documents labelled “NATO CONFIDENTIAL,” “NATO RESTRICTED,” and “Unclassified Controlled Information,” according to the report. At least one stolen folder contains detailed drawings of MBDA equipment.
The criminals also sent by email documents to the BBC including two marked “NATO SECRET,” according to the report. The hackers did not confirm whether the material had come from a single source or more than one hacked source.
Nonetheless, MBDA insists that the verification processes that the company has executed so far “indicate that the data made available online are neither classified data nor sensitive.”
Mar 01 2022
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory to warn US organizations of data wiping attacks targeting Ukraine that could hit targets worldwide.
The advisory warns of the potential effects of the two destructive malware, tracked as WhisperGate and HermeticWiper, on organizations worldwide.
The US agencies believe that further disruptive data wiping attacks could target organizations in Ukraine and may unintentionally spill over to organizations in other countries.
This joint Cybersecurity Advisory (CSA) provides information on the two wipers as well as indicators of compromise (IOCs) that could be used by defenders to detect and prevent infections. The advisory also provides recommended guidance and considerations for organizations to address as part of network architecture, security baseline, continuous monitoring, and incident response practices.
“Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.” reads the advisory. “Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.”
Below is the list of actions recommended to the organizations:
• Set antivirus and antimalware programs to conduct regular scans.
• Enable strong spam filters to prevent phishing emails from reaching end users.
• Filter network traffic.
• Update software.
• Require multifactor authentication.
The advisory also includes recommendations for System and Application Hardening and Recovery and Reconstitution Planning along with Incident Response instructions.
Blackout Warfare: Attacking The U.S. Electric Power Grid A Revolution In Military Affairs
Jan 08 2022
Ambassador Middendorf delivers a seminal book for understanding military competition in an era of great-power competition. No one who is serious about the future security, prosperity and freedom of America should neglect this essential read.
Ambassador Bill Middendorf makes one unambiguous argument in his new book, The Great Nightfall: Why We Must Win the New Cold War. America won’t survive and thrive in an era of great-power competition without a strong, dominant military. There is one reason for that. China.
The Great Nightfall lays out the threat posed by the Chinese Communist Party. It also makes a compelling argument for the kind of military the U.S. needs to match the dangers posed by Beijing.
Middendorf has given a full lifetime of service to the nation, from his days at sea during World War II to diplomatic assignments and government posts. Among the latter, a turn as Secretary of the Navy. He was instrumental in designing the naval forces that completely outmatched the Soviets during the Cold War. Today, he remains America’s maritime Henry Kissinger, the nation’s preeminent thinker on naval modernization.
In The Great Nightfall, Middendorf deconstructs great-power competition. Regardless of how many internet trolls, little green men, bank accounts and businesses a state controls, it’s not enough to make the state a great power. That requires real military power.
Without the capacity to physically defend national interests, big states are fat banks waiting to be robbed. In contrast, nations that can defend themselves have a foundation on which to build sustainable diplomatic, economic and political policies. “The Cold War ended,” Middendorf argues in The Great Nightfall, “because we were the strongest military force in the world, backed by a unified NATO and strong allies in the Pacific.”
In short, in great-power competition, force is the coin of the realm. The problem with contemporary competition, Middendorf notes, is that “[t]imes have changed.” China is on a path to challenge the United States for number one.
One of the attributes the great-power competition shares with the Cold War is that our adversaries would prefer to “win without fighting.” In other words, they want to achieve victory without the debilitating costs and risks of direct military conflict. These opponents are predisposed to adopt indirect approaches to whittle-away at the strength and solidarity of the free world. That said, military competition plays an important role in their calculus, particularly for China. Chinese strategy envisions ultimately demonstrating sufficient military dominance that Beijing can intimidate other nations and bend them to its will.
In some ways, the new era of great-power competition resembles a new type of arms race. And, as was the case during the Cold War, there are concerns that the competition could turn into armed confrontation. Indeed, The Great Nightfall maps out several scenarios—from North Korea to the South China Seas—where great powers could actually come to blows.
The Great Nightfall, however, is fundamentally a book about how the United States can establish conventional and strategic deterrence in the modern world. “This book is not a call for war,” writes the author. “The best way to prepare for war is to be prepared to win it. We need to stop underfunding the military, especially in areas of research, non-conventional war, space, cyberwar, and artificial intelligence. War is changing, and we need to change with it. We cannot expect success fighting tomorrow’s conflicts with yesterday’s weapons.”
Middendorf’s blueprint for protecting America in the twenty-first century stands out in two ways. First, he provides a detailed assessment of how to protect the U.S. capacity to build and sustain a modern military. Here, he addresses issues from research and development, to establishing secure, “clean” supply chains, to ship-building. Second, he delivers a comprehensive overview of future U.S. naval needs.
It is not just his naval service and stint as Secretary of the Navy that lead the ambassador to focus on seapower. Fundamentally, China’s potential as a global threat is rooted in its ability to project maritime power. And naval power, in the modern sense, is multidimensional, linking the ability to sail the seas with undersea warfare, air, space, and cyber operations.
The outstanding contribution of The Great Nightfall is its extraordinarily deep evaluation of all aspects of naval power, covering the nature of the Chinese threats and the appropriate countermeasures. In the end, Middendorf delivers a seminal book for understanding military competition in an era of great-power competition. No one who is serious about the future security, prosperity and freedom of America should neglect this essential read.
Oct 14 2021
The former chief software officer for the U.S. Air Force, Nicolas Chaillan, says the U.S. is falling far behind China in cybersecurity. In a no-holds-barred interview, he unloads his frustrations, built up over three years of inept bungling at the Pentagon.
He quit his job last month, in disgust. “We are setting up critical infrastructure to fail,” Chaillan warned. And now Defense Department officials will be bracing themselves for more criticism as he vows to testify to Congress.
Lauren Knausenberger now holds the poisoned chalice. In today’s SB Blogwatch, we plan to fail.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Fruit salad word salad.
What’s the craic? Katrina Manson reports—“Chaillan speaks of ‘good reason to be angry’ as Beijing heads for ‘global dominance’”:
Kindergarten level”
In his first interview since leaving the post at the Department of Defense a week ago, Nicolas Chaillan told [me] the failure of the US to respond to Chinese cyber and other threats was putting his children’s future at risk. “We have no competing fighting chance against China in 15 to 20 years. Right now, it’s already a done deal; it is already over in my opinion,” he said.
…
Chaillan, 37, who spent three years on a Pentagon-wide effort to boost cyber security and as first chief software officer for the US Air Force, said Beijing is heading for global dominance because of its advances in artificial intelligence, machine learning and cyber capabilities. He argued these emerging technologies were far more critical to America’s future than hardware such as big-budget fifth-generation fighter jets such as the F-35.
…
Senior defence officials have acknowledged they “must do better” to attract, train and retain young cyber talent. … Chaillan announced his resignation in a blistering letter at the start of September, saying military officials were repeatedly put in charge of cyber initiatives for which they lacked experience, decrying Pentagon “laggards” and absence of funding.
…
Chaillan said he plans to testify to Congress about the Chinese cyber threat to US supremacy, including in classified briefings, over the coming weeks. … He added US cyber defences in some government departments were at “kindergarten level.”
Ex-DoD Security Chief: China is Winning—it’s ‘A Done Deal’
The New Art of War: China’s Deep Strategy Inside the United States
Sep 19 2021
But creating an identity layer wasn’t imperative for the creators of the internet as they didn’t predict the emergence of online platforms that facilitate people-to-people interaction.
The digital presences most of us have are based on browsing or consumer habits and are siloed within various accounts and social networks. Indeed, they don’t present an accurate picture of our unique identifiers and who we are.
Establishing a verified digital identity is a complex process. Authenticating that a person performing an action online is who they say they are, and then validating that they exist is tedious for two major reasons.
Self-Sovereign Identity
May 04 2021
America has a serious infrastructure problem.
America’s most urgent infrastructure vulnerability is largely invisible and unlikely to be fixed by the Biden administration’s $2 trillion American Jobs Plan.
I’m thinking about vulnerabilities that lurk in your garage (your car), your house (your computer), and even your pocket (your phone). Like those devices of yours, all connected to the Internet and so hackable, American businesses, hospitals, and public utilities can also be hijacked from a distance thanks to the software that helps run their systems. And don’t think that the American military and even cybersecurity agencies and firms aren’t seriously at risk, too.
Such vulnerabilities stem from bugs in the programs — and sometimes even the hardware — that run our increasingly wired society. Beware “zero-day” exploits — so named because you have zero days to fix them once they’re discovered — that can attract top-dollar investments from corporations, governments, and even black-market operators. Zero days allow backdoor access to iPhones, personal email programs, corporate personnel files, even the computers that run dams, voting systems, and nuclear power plants.
It’s as if all of America were now protected by nothing but a few old padlocks, the keys to which have been made available to anyone with enough money to buy them (or enough ingenuity to make a set for themselves). And as if that weren’t bad enough, it was America that inadvertently made these keys available to allies, adversaries, and potential blackmailers alike.
The recent SolarWinds hack of federal agencies, as well as companies like Microsoft, for which the Biden administration recently sanctioned Russia and expelled several of its embassy staff, is only the latest example of how other countries can hack basic American infrastructure. Such intrusions, which actually date back to the early 2000s, are often still little more than tests, ways of getting a sense of how easy it might be to break into that infrastructure in more serious ways later. Occasionally, however, the intruders do damage by vacuuming up data or wiping out systems, especially if the targets fail to pay cyber-ransoms. More insidiously, hackers can also plant “time bombs” capable of going off at some future moment.
ON THE INTERNET THE “COLD” WAR HAS TURNED HOT
Dec 13 2020
Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.
Three of the people familiar with the investigation said Russia is currently believed to be behind the attack.
Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.
The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.
Source: Suspected Russian hackers spied on U.S. Treasury emails – sources
RUSSIAN GOVERNMENT HACKING GROUP ‘APT29’ BEHIND CYBER HACK ON US GOVERNMENT
httpv://www.youtube.com/watch?v=FM66FgFk6Ls
U.S. Agencies Hit in Brazen Cyber-Attack by Suspected Russian Hackers
httpv://www.youtube.com/watch?v=vlVGnu7i0tY
#Sandworm: A New Era of #Cyberwar and the Hunt for the #Kremlin’s Most #Dangerous #Hackers Paperback
May 22 2019
If there is a new tech cold war, it is one with shots fired over a decade ago, largely by China. The questions going forward are about both leverage and values.
Source: China, Leverage, and Values
5G is a war the US is about to lose warns DoD
more on Cyber War …
Jack Goldsmith: “The United States is Losing the Digital Cold War” | Talks at Google
