Russia-Ukraine War update
Tech giants continue to unite to take action in response to Russia’s invasion of Ukraine. Apple announced that it is pausing all product sales in Russia, ceasing all exports to the country and limiting its use of Apple Pay and other services. Additionally, predominant Russian media channels, RT News and Sputnik News, are no longer available for download from the App Store outside Russia. Meta, TikTok, and Google’s YouTube have similarly limited access to the Russian media outlets, with Meta confirming Tuesday that it is taking the added step of suppressing the algorothmic spread of Russian state-linked Facebook and Instagram content. Finally, Google announced on Tuesday that it is increasing security measures to help protect Ukrainian civilians and websites, including SOS alerts, automated detection and blocking of suspicious activity, government-backed attack warnings in Gmail, increased authentication challenges, and the expansion of its Advanced Protection and Project Shield programs.
(ZDNet and TechCrunch and POLITICO and The Record)
And while Russian forces continue their assault on Ukraine, an undercurrent of cyberwarfare is also at hand. The barrage of Wiper malware that has been observed pummeling Ukrainian networks continues, with a third data wiper (behind FoxBlade and HermeticWiper), tracked by researchers as IsaacWiper, has been identified being utilized in attacks against an unnamed Ukrainian government network. IsaacWiper infections followed DDoS attacks against several Ukrainian websites, including the Ministry of Foreign Affairs, Cabinet of Ministers, and Rada. Over the weekend, CISA and the FBI warned US organizations that the data wiping attacks against Ukraine could spill over to other countries, urging US orgs to “increase vigilance” and reinforce their defenses.
(Bleeping Computer and Security Affairs)
But, as with the war being fought by troops on the ground, there is another side to the coin as a number of cyberattacks have taken aim at Russian targets. On Tuesday, Anonymous-linked group Network Battalion 65 claims to have compromised the Russian Nuclear Institute and released over 40,000 documents. Network Battalion 65 is asking for support translating the huge trove of documents (written in Cyrillic) to find sensitive data which could be used for sabotage operations. Anonymous have also claimed responsibility for taking down Russian media sites including state-owned news agencies TASS and Fontanka, and the daily newspaper Kommersant, which were defaced or temporarily taken offline on Monday. And finally, hackers likely recruited from online forums and endorsed by Kyiv officials have claimed responsibility for a cyberattack on the Moscow Stock Exchange, rendering the site inaccessible on Monday.
(Security Affairs and IT Security Guru and IT Security Guru)
Nvidia confirms company data was stolen in hack
Nvidia has confirmed that the LAPSUS$ hacking group has stolen data, including employee credentials and proprietary information, during a cyberattack last week and have begun to leak it online. Although the breach occurred a day before the Russian invasion of Ukraine, LAPSUS$ denies any affiliation with state-sponsored groups. LAPSUS$ claims it looted 1TB of data and is now demanding a cryptocurrency ransom from Nvidia to keep it secret. The hacking group is also attempting to sell a GPU driver they claim is capable of unlocking Nvidia’s Etherem mining limiter on the company’s RTX 3000 graphics cards. According to LAPSUS$, Nvidia has yet to contact them.
(PCMag)
There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week.
Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head to torq.io.
Half of employees use unauthorized file services at work
KnowBe4 Research has issued a new report entitled “Shadow IT Is Real”, which analyzes results of a global survey which focused on use of unauthorized cloud services and downloading content through unauthorized file sharing networks in the workplace. Alarmingly, the report found that one in two employees use unauthorized file services in order to get their job done. The report also revealed that Asia and Oceania are regions with the highest rates of using unauthorized practices while Africa was found to be the best performing region. Finance and tech sectors fared much better compared to lagging industries which included construction, manufacturing, educational and government-based organizations. Kai Roer, chief research officer, KnowBe4, notes, “To combat shadow IT, organizations should focus on strengthening their security culture and increasing employees’ level of security awareness.”
Biden address pushes for strengthening children’s privacy
In his State of the Union address Tuesday, President Biden urged Congress to strengthen children’s privacy, an issue that Congress has repeatedly pressed with tech giants in recent months. The speech grouped the initiative into four distinct calls to action including banning targeted advertising for children, prioritizing safety design standards for online platforms, stopping discriminatory algorithmic decision-making and investing at least $5 million in fiscal year 2023 toward research on social media’s effects on mental health. Congress has already floated several pieces of legislation that could work towards the initiatives outlined in the president’s speech.
NIST seeks feedback focusing on supply chain risk
The National Institute of Standards and Technology (NIST) is seeking feedback on how it can enhance its Framework for Improving Critical Infrastructure Cybersecurity. In its RFI on February 22, NIST stated it is seeking help evaluating and improving its framework with a focus on addressing supply chain risks. In parallel, NIST announced it would launch the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) to address cybersecurity risks in supply chains. NIST indicated that RFI responses, which are due by April 25, “will inform a possible revision of the Cybersecurity Framework as well as the NIICS initiative.”
Colonial Pipeline hires a CISO
Colonial Pipeline, victim of the now infamous cyberattack that resulted in disruption to fuel supplies in the Southeastern US back in May 2021, has named Adam Tice as its first-ever Chief Information Security Officer (CISO). Tice developed expertise in navigating post-data breach environments when he joined Equifax as the Senior Vice President of Cyber Operations after their 2017 incident. Earlier in his career, he worked as a consultant at cybersecurity consulting firm, Mandiant, and as a defense contractor at Lockheed Martin.