Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

U.S. Government Warns Companies of Potential Russian Cyberattacks

Russian CyberattacksRussian Cyberattacks

The U.S. government on Monday once again cautioned of potential
cyber attacks from Russia in retaliation for economic sanctions[1]
imposed by the west on the country following its military assault on Ukraine[2] last month.

“It’s part of Russia’s playbook,” U.S. President Joe Biden
said[3]
in a statement[4], citing “evolving
intelligence that the Russian Government is exploring options.”

The development comes as the Cybersecurity and Infrastructure
Security Agency (CISA) and the Federal Bureau of Investigation
(FBI) warned of “possible threats” to U.S. and international
satellite communication (SATCOM) networks in the wake of a cyber
attack targeting Viasat KA-SAT network[5], used extensively by the
Ukrainian military, roughly around the time when Russian armed
forces invaded Ukraine on February 24.

“Successful intrusions into SATCOM networks could create risk in
SATCOM network providers’ customer environments,” the agencies
said[6].

Automatic GitHub Backups

To strengthen cybersecurity defenses[7]
against malicious cyber activity, the government is recommending
organizations to mandate the use of multi-factor authentication,
ensure that systems are up-to-date and patched against all known
vulnerabilities, encrypt data at rest, and maintain offline
backups.

“Build security into your products from the ground up — ‘bake it
in, don’t bolt it on’ — to protect both your intellectual property
and your customers’ privacy,” the U.S. government noted[8], while also urging
companies to scrutinize the provenance of software components,
open-source or otherwise, to watch out for supply chain
threats.

CERT-UA Sounds the Alarm

The warnings about spillover incidents also follow a barrage of cyber attacks[9] that have struck both
Ukraine and Russia over the past few weeks (although they have been
quite muted[10] compared to the
contrary). Russia, for its part, has urged[11] domestic firms to turn
off automatic software updates and switch to Russian DNS
servers.

Last week, Ukraine’s Computer Emergency Response Team (CERT-UA)
also notified[12] of new spear-phishing
campaigns targeting state entities with the goal of deploying a
backdoor called LoadEdge. The agency attributed the attacks to
InvisiMole[13], a hacking crew with
suspected ties to the Russia-based nation state group Gamaredon[14].

Separately, the CERT-UA alerted that information systems of
Ukrainian enterprises are being compromised by C#-based wiper
program called DoubleZero[15] that’s engineered to
overwrite all non-system files.

What’s more, the emerging[16] trend[17] of using “protestware[18]” to poison widely-used
open-source libraries as a way of condemning the war has led to
fears that it could risk damaging critical systems and undermine
confidence in the security of the software supply chain and the
open-source ecosystem.

Prevent Data Breaches

As a consequence, Russian state-owned bank Sberbank has advised
users to temporarily abandon software updates, in addition to
calling on “developers to increase control over the use of external
source code [and] conduct a manual or automated check, including
viewing the text of the source code,” according to state news
service TASS[19].

Conti Version 3 Leaks

That’s not all. The Russian invasion of Ukraine has also
manifested in the form of crowdsourced hacktivist efforts[20] to participate in a
variety of digital actions against Russia, primarily leaning on
DDoS attacks and publishing troves[21] of sensitive corporate
information.

Foremost in the list is an anonymous Ukrainian security
researcher[22] dubbed @ContiLeaks[23], who leaked[24] the source code of the
Russia-based Conti ransomware, including the more recent “version 3[25],” as well as nearly
170,000 internal chat conversations between the gang members
earlier this month, after the group sided with Russia.

In related news, Moscow’s Tverskoy district court outlawed[26] Meta-owned social media
platforms Facebook and Instagram for engaging in “extremist
activities,” banning the company from doing business in the country
with immediate effect. The ruling follows a temporary decision[27] on part of Meta
allowing[28] users in Eastern Europe
to post content calling for violence against Russian soldiers.

References

  1. ^
    economic
    sanctions     (www.whitehouse.gov)
  2. ^
    military
    assault on Ukraine     (en.wikipedia.org)
  3. ^
    said
    (www.whitehouse.gov)
  4. ^
    statement
    (www.c-span.org)
  5. ^
    Viasat
    KA-SAT network     (twitter.com)
  6. ^
    said
    (www.cisa.gov)
  7. ^
    cybersecurity defenses
    (www.cisa.gov)
  8. ^
    noted
    (www.whitehouse.gov)
  9. ^
    barrage
    of cyber attacks     (thehackernews.com)
  10. ^
    quite
    muted     (www.vice.com)
  11. ^
    urged
    (thehackernews.com)
  12. ^
    notified
    (cert.gov.ua)
  13. ^
    InvisiMole
    (thehackernews.com)
  14. ^
    Gamaredon
    (thehackernews.com)
  15. ^
    DoubleZero
    (www.facebook.com)
  16. ^
    emerging
    (github.com)
  17. ^
    trend
    (docs.google.com)
  18. ^
    protestware
    (thehackernews.com)
  19. ^
    TASS (tass.ru)
  20. ^
    crowdsourced hacktivist efforts
    (therecord.media)
  21. ^
    publishing troves
    (www.theverge.com)
  22. ^
    Ukrainian security researcher
    (twitter.com)
  23. ^
    @ContiLeaks
    (twitter.com)
  24. ^
    leaked
    (thehackernews.com)
  25. ^
    version 3
    (www.virustotal.com)
  26. ^
    outlawed
    (tass.ru)
  27. ^
    temporary decision
    (www.reuters.com)
  28. ^
    allowing
    (www.nytimes.com)

Read more