Globaali Cybersota

[ctg]

The Florida water treatment facility whose computer system experienced a potentially hazardous computer breach last week used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees, government officials have reported.

The computer intrusion happened last Friday in Oldsmar, a Florida city of about 15,000 that’s roughly 15 miles northwest of Tampa. After gaining remote access to a computer that controlled equipment inside the Oldsmar water treatment plant, the unknown intruder increased the amount of sodium hydroxide—a caustic chemical better known as lye—by a factor of 100. The tampering could have caused severe sickness or death had it not been for safeguards the city has in place.

Breached water plant employees used the same TeamViewer password and no firewall

Shortcomings illustrate the lack of security rigor in critical infrastructure environments.

arstechnica.com

 

[ctg]

The attack, which is expected in the next fortnight, is in retaliation for the SolarWinds hack, the large-scale infiltration of American government agencies and corporations discovered late last year that was traced back to the Kremlin.

It comes after Joe Biden this week engaged in a war of words with Vladimir Putin, calling the Russian president a "killer", while the White Houses attacked China for rights abuses in a tense opening of face-to-face talks.

The US will not target civilian structures or networks, but the hack is instead designed as a direct challenge to Mr Putin, Russia’s President, and his cyber army, The Telegraph understands.

The White House confirmed it will take “a mix of actions” - both “seen and unseen” - although it did not provide specifics on when and how it would do so.

Any such move would mark a different tact taken by previous administrations, which have largely acted defensively against Moscow’s cyber warfare. Donald Trump took a much more cautious approach on Russia, being careful never to directly criticise or challenge the regime.

Biden administration to launch cyber attacks on Russia as feud with Putin escalates

 

[ctg]

The discovery of Russia's devastating SolarWinds spy campaign put the spotlight on the sophisticated supply chain hijacking techniques of Moscow's foreign intelligence hackers. But it's now apparent that, throughout that SolarWinds spying and its fallout, another group of Kremlin hackers has kept up up their usual daily grind, using basic but often effective techniques to pry open practically any vulnerable network they could find across the US and the global Internet.

On Thursday the NSA, the FBI, the DHS's Cybersecurity and Infrastructure Security Agency, and the UK's National Cybersecurity Centre issued a joint advisory warning of hundreds of attempted brute-force hacker intrusions around the world, all carried out by Unit 26165 of Russia's GRU military intelligence agency, also widely known as Fancy Bear or APT28. The hacking campaign has targeted a broad swath of organizations, including government and military agencies, defense contractors, political parties and consultancies, logistics companies, energy firms, universities, law firms, and media companies. In other words, practically every sector of interest on the Internet.

Russian hackers are trying to brute-force hundreds of networks

Moscow's Fancy Bear group has been on a password-guessing spree this whole time.

arstechnica.com

 

[ctg]

United States President Joe Biden has shared his view that a "real shooting war" could be sparked by a severe cyber attack.

In remarks made on Tuesday at the Office of the Director of National Intelligence, Biden spoke of the need to "make sure that we're positioning ourselves to stay ahead of security challenges that will stretch the IC [intelligence community] in new ways it has never been stretched before."

He next mentioned cyber attacks.

"We've seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world," he said.

"I can't guarantee this, and you're as informed as I am, but I think it's more likely … if we end up in a war, a real shooting war with a major power, it's going to be as a consequence of a cyber breach of great consequence.

"And it's increasing exponentially – the capabilities," he added, presumably a reference to the potency of cyber attacks.

Biden next mentioned Russian Federation President Vladimir Putin, characterising him as "sitting on top of an economy that has nuclear weapons and oil wells and nothing else" and therefore "in real trouble, which makes him even more dangerous, in my view."

Chinese President Xi Jinping was his next topic, and was described as "deadly earnest about becoming the most powerful military force in the world, as well as the largest – the most prominent economy in the world by the mid-40s."

Biden warns 'real shooting war' will be sparked by severe cyber attack

Suggests incident 'of great consequence' in the real world could be a tipping point

www.theregister.com

 

[ctg]

Ukraine has seen other volunteer-organized cyberdefense and attack efforts leading up to and early in the war effort. Separately hacktivists, including the hacking group Anonymous, have claimed DDoS attacks against Russian targets and taken data from Belarusian weapons manufacturer Tetraedr. But the development of the IT Army, a government-led volunteer unit that’s designed to operate in the middle of a fast-moving war zone, is without precedent.

The IT Army’s tasks are being assigned to volunteers through a separate Telegram channel, Fedorov said in his announcement. So far more than 175,000 people have subscribed—tapping ‘Join’ on the public channel is all it takes—and multiple tasks have been dished out. The channel’s administrators, for instance, asked subscribers to launch distributed denial of service attacks against more than 25 Russian websites. These included Russian infrastructure businesses, such as energy giant Gazprom, the country’s banks, and official government websites. Websites belonging to the Russian Ministry of Defense, the Kremlin, and communications regulator Roskomnadzor were also listed as potential targets. Russian news websites followed.

Since then the IT Army channel has expanded its scope. On February 27, it asked volunteers to target websites registered in Belarus, one of Russia’s key allies. The channel has also told subscribers to report YouTube channels allegedly “openly lie about the war in Ukraine.”

Ukraine’s Volunteer ‘IT Army’ Is Hacking in Uncharted Territory

The country has enlisted thousands of cybersecurity professionals in the war effort against Russia.

www.wired.co.uk

“We already know that they are quite good at cyberattacks. But now we will find out how good they are in cyberdefense,” the former official says.

“For a country that’s facing an existential threat, like Ukraine, it’s really not surprising that this sort of call would go out and that some citizens would respond,” says J. Michael Daniel, the head of the industry group Cyber Threat Alliance and former White House cyber coordinator for President Barack Obama. “Part of it is also a signaling exercise. It’s signaling a level of commitment across the country of Ukraine to resisting what the Russians are doing.”

The impact of the IT Army is hard to gauge thus far. While thousands of members have joined the Telegram channel, there is no indication of who they are or their involvement in any response. The channel has shared screenshots of some Russian websites allegedly being taken offline, but it’s unclear how successful these efforts have been, or where they originated from.

Who exactly Ukraine recruits will have the most bearing on what tasks the IT Army takes on. But it’s likely to encompass the DDoS attacks that have been called for thus far, and potentially helping protect critical infrastructure. “The idea that you’re going to grab this ragtag group of folk, even if they have an extensive pen testing background, that they’re going to somehow hack into the Kremlin’s networks and get valuable intelligence that’s going to change the course, that’s fantasy,” says Jake Williams, an incident responder and former NSA hacker. “DDoS and defensive is probably more important for Ukraine right now than offensive.”

It will also be important for the group to avoid any misfires. Launching more sophisticated cyberattacks—such as a worm, which can self-propagate from one system to the next—would also risk spillover incidents, where the impact of a cyberattack goes well beyond its intended target. “You could take anything from emergency services, health care systems, or other things offline without meaning to. Which both has an immediate impact—you could hurt civilians inside Russia—and it could also inadvertently escalate things if the Russians perceive that as a direct order, the direct intent of the Ukrainian government, and they escalate and respond in kind,” Daniel says. That caution applies as well, and perhaps even more so, to independent hacktivist groups like Anonymous, which has vocally joined the fray. Russia-based ransomware group Conti has said it would use its “full capacity” to retaliate if the West attempted to target critical infrastructure in Russian or “any Russian-speaking region of the world.”

Tim Stevens, a senior lecturer in global security at King’s College London, says “the gloves are off” for both Russia and Ukraine. He warns that when it comes to cyberattacks there are a lot of unknown and hypothetical scenarios, but warns about the potential of escalation. “What concerns me is if there are non-Ukranians and Russians involved in this because that is effectively and internationalization of the cyber aspect of this conflict and could be treated by either combatant as a de facto escalation of the conflict beyond Ukraine's borders.”

But for the Ukrainians involved in the IT Army’s efforts, it’s all part of a broader push across the country to do whatever it takes to fend off an existential threat. “If Ukraine falls and they didn’t do everything possible to stop that,” says Williams, “why would you leave anything on the table?”

 

[ctg]

Information about nuclear plants and air force capabilities. Conti ransomware gang crooks conjecturing that the National Security Agency (NSA) was maybe behind the mysterious, months-long TrickBot lull. Doxxed data about 120K Russian soldiers.

Those are just some of the sensitive, valuable data that’s being hacked out of Russia in the cyber war zone – a war that erupted even before the country invaded Ukraine.

“Everyone is so focused on Russia hacking the world, but the world has been hacking Russia…. And dumping a lot of critical data on military, nuclear plants, etc.,” said Vinny Troia, cybersecurity Ph.D. and founder of ShadowByte, a dark web threat intelligence and cyber fraud investigations firm.

Russia Leaks Data From a Thousand Cuts–Podcast

It’s not just Ukraine: There's a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.

threatpost.com

 

[ctg]

The war between Russia and Ukraine has been widely anticipated to play out online, in addition to on the ground.

Moscow’s cyberwar capabilities have long been cause for concern. Russia has a record of coordinating cyber-attacks on the US, Ukraine, and other adversaries. And the country has established itself in recent years as an international hub for cybercrime.

Russia’s past has raised fears of a large scale cyberwar effort targeting Ukraine and its allies, including the US. While the Biden administration has reportedly played out potential responses to cyber warfare, some experts have argued that the US is not well prepared for a significant cyber-attack.
https://www.theguardian.com/technol...ukraine-russia-hasnt-happened-yet-experts-say
We spoke with Glenn S Gerstell, a senior adviser at the Center for Strategic and International Studies and the former general counsel of the National Security Agency, about the likelihood of serious cyber warfare – and whether the US is prepared to respond.

“If we had approached this correctly 20 years ago, we would be largely invulnerable to cyber-attacks,” he said. “But unfortunately that is not the case.”

‘We are not ready’: a cyber expert on US vulnerability to a Russian attack

Ukrainian websites have been subjected to a relentless series of attacks – but what will happen when the sights are set on America?

www.theguardian.com

 

[ctg]

Kybersota on hankalasti määriteltävä termi. Yleisesti sillä tarkoitetaan informaatioteknologian hyväksikäyttämistä sotilaallisen toiminnan rinnalla. Toisaalta usein kybersodankäynnin katsotaan pitävän sisällään vihollisten järjestelmiin kohdistuvien kyberhyökkäysten lisäksi verkkotiedustelun ja -vakoilun.

Kybersodan rajat ovat paljon hämärämmät kuin perinteisen sodan, jonka rajat eivät nekään ole täysin selkeät.

Jos valtioiden harjoittama verkkotiedustelu on kybersotaa, me olemme käyneet globaalia kybersotaa vuosikymmenten ajan. Jos taas kehittyneiden verkkohyökkäysten pitää olla yhteydessä fyysisiin sotilastoimiin, maailman ensimmäinen kybersota saattaa olla vasta edessä.

Tietokonematoja ja vaalisabotointia â Ukraina oli vuosia Venäjän kybervoimien koelaboratorio, nyt jopa Anonymous käy kybersotaa Venäjää vastaan

Kybersota on julistettu alkaneeksi useita kertoja viime vuosikymmenien aikana. Jälkikäteen julistukset ovat paljastuneet ennenaikaisiksi. Onko nyt toisin?

yle.fi

 

[vompatti]

Muistanko oikein että USA linjasi jo aiemmin että kaikki sitä vastaan kohdistetut cyber-hyökkäykset tulkitaan sotatoimiksi?

 

[ctg]

Muistanko oikein että USA linjasi jo aiemmin että kaikki sitä vastaan kohdistetut cyber-hyökkäykset tulkitaan sotatoimiksi?

Ei kaikki. Siinä on tulkinnan varaa. Kriittisen infran lamauttaminen yksi varma sellainen. Joten jos valtiolliset hyökkäävät esim sairaalaa vastaan se voidaan arvioida sotatoimeksi.

 

[ctg]

A report commissioned by cloud security company Barracuda found that 94% of respondents have experienced some form of attack on their industrial IoT (IIoT) or operational technology (OT) systems during the last 12 months. From a report: The State of Industrial Security in 2022 report surveyed 800 senior IT and security officers responsible for these industrial systems. "In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organizations at risk," said Tim Jefferson, senior vice president for data protection, network, and application security at Barracuda said in a statement accompanying the report.

Recent attacks such as those targeted through the SolarWinds attack, and the Russian DDoS attack on Lithuania last month, have raised concerns over nation state-backed attacks on industrial systems. As a result, the survey found that 89% of the respondents are very or fairly concerned about the current geopolitical situation. Constellation Research analyst Liz Miller acknowledged that "the Russian invasion of Ukraine set the world on high alert as it anticipated vulnerabilities in IIoT devices becoming prime targets should the battle enter the cyberspace."

Almost Everyone Faced an Industrial Attack in the Last Year - Slashdot

A report commissioned by cloud security company Barracuda found that 94% of respondents have experienced some form of attack on their industrial IoT (IIoT) or operational technology (OT) systems during the last 12 months. From a report: The State of Industrial Security in 2022 report surveyed...

it.slashdot.org

The state of industrial security in 2022 | Barracuda Networks

Don’t miss this insightful IIoT security report with the latest details about the current challenges related to infrastructure protection, remote access security, and digital transformation.

lp.barracuda.com