At a glance.
- Cyberattack suspected of causing rocket-attack false alarms in Israel.
- Risk surface assessments.
- Fitness app's geolocation feature may be a privacy and security risk.
- Cyber options may grow more attractive to Russia as kinetic operations stall.
- Developments in Russia's account of events in Ukraine.
- DDoS in St. Petersburg.
Cyberattack suspected of causing rocket-attack false alarms in Israel.
Sirens used to warn Israelis of rocket attacks sounded a false alarm in Israel over the weekend. Haaretz reports that "Sirens sounded in Eilat and parts of Jerusalem Sunday night due to a cyberattack on local public address systems, Israel's Home Front Command said on Monday, in what is being investigated as a possible Iranian attack." Citing "diplomatic sources," the Jerusalem Post emphasizes that the attribution is preliminary, and that the incident remains under investigation. Israel Hayom notes that some of the evidence of cyberattack remains circumstantial: the systems apparently compromised were civilian warning systems, not presumably better protected military ones.
Risk surface assessments.
RiskRecon and Cyentia have published a report on risk surface assessment, finding that organizations that are "cloud-first" are 85% more likely to be a top performer in risk management: "When we take a look at the cloud adoption rates of the top and bottom performers, we start to see some very clear separation.... Every 10% increase in host cloud concentration, results in a 2.5% increase in the probability of being a top performer." The researchers add that "Choosing to go majority cloud with one of the ‘big three’ cloud providers, namely AWS, Azure, or GCP, has inconsequential effects rather than being simply cloud-first."
Fitness app's geolocation feature may be a privacy and security risk.
Computing reports that the fitness app Strava may constitute a risk to users' privacy and to operational security when those users are military service members. That risk may be an active threat. Computing writes, "Unidentified operatives have been exploiting a security weakness in the popular fitness tracking app Strava to track the movements of Israeli defence personnel, according to Israeli open source investigative group FakeReporter." This isn't the first time fitness trackers in general and Strava in particular have been flagged as a potential opsec problem: the US Department of Defense expressed its concerns about Strava in January 2018.
The stories that follow discuss developments in the cyber phases of Russia's hybrid war against Ukraine. CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.
Cyber options may grow more attractive to Russia as kinetic operations stall.
Reuters reports that US Deputy Treasury Secretary Wally Adeyemo warned the Bank Policy Institute last week that the threat of Russian cyberattack remained high. The Treasury Department reiterated its commitment to intelligence sharing during a period of heightened threat. "Treasury’s commitment to sharing appropriate intelligence and fostering an ongoing, real-time dialogue with financial institutions about threats as they arise."
Tanium's Teddra Burgess argues, in an essay published Friday by SC Media, that Russia's war against Ukraine represents a template for future, broader, cyber operations in other hybrid wars. She stresses the threat of both supply chain attacks and the disruption of critical infrastructure. She also argues that assessing that threat requires an understanding of the role criminal groups play in a hybrid war: "These most recent developments point to a concerning trend because of the escalation and atypical behavior displayed by established hacker groups, there’s potentially a power struggle in play after Russia’s invasion of Ukraine. This might explain the change in extortion patterns in an attempt to accumulate larger amounts of ill-gotten gain. As a result, we can expect to see this activity at the very least continue as we work to keep pace with the evolving attack surface."
Whatever course the present war takes, The Hill cites a range of cybersecurity experts who think one lesson of the war is already clear: cyber operations have become a routine part of combat, as much to be expected, we would add, as electronic warfare came to be in the Twentieth Century. The Hill's essay is also striking for the way in which it presents influence operations as a prominent and routine part of belligerents' larger cyber campaigns.
Mr. Putin's keynote address before the St. Petersburg International Economic Forum took as its theme optimism founded on the historic record and destiny of the Russian people. The view he expressed was that the "present difficult time" comes from the doomed American attempt to maintain a "unipolar world" under its own direction after "declaring victory in the Cold War." In summary, here's his view of the world situation: "This is the nature of the current round of Russophobia in the West, and the insane sanctions against Russia. They are crazy and, I would say, thoughtless. They are unprecedented in the number of them or the pace the West churns them out at."
A further refinement in Russia's account of events in Ukraine.
The moderator of the St. Petersburg International Economic Forum was Margarita Simonyan, editor-in-chief of RT. The Daily Beast (whose Julia Davis has been watching Rossiya 1 closely) reports that Ms Simonyan subsequently appeared on Sunday Evening With Vladimir Solovyov to offer an account of her discussions with President Putin. She said she asked him why he had shown so much restraint in attacks against Ukrainian cities, a restraint difficult for non-Russian observers to discern. “He said, “Would we want to turn those cities into Stalingrad?” Indeed, our people are there! Those are our future cities! It’s obvious... This is our land and our people, we’ll later have to restore it.” Ms Simonyan went on to offer her own characterization of the action in Ukraine, presumably derived from her discussions with President Putin. There's no war, not even, really, a Russian intervention. What's going on in the Donbas is a civil war between Russians and anti-Russians, and Russia is providing support to the Russians. As she explained:
"It’s obvious to any person that there is no war between Russia and Ukraine. This isn’t even a special operation against the Ukrainian Armed Forces. This is a civil war in Ukraine. Part of Ukrainians, who are Russophobes and are anti-Russian in the same sense fascists were antisemitic—absolutely the same way—is destroying another part of its own people. Russia is simply supporting one side of those warring parties. Why this particular side? That is obvious, because they are Russians. Those are our people. And over there, they are anti-Russians. That’s all.”
Her views on what should be done with "anti-Russians" were uncompromising: “There is a significant number of Nazis and indoctrinated people, with whom there isn’t much to be done, other than to have them shot under the laws of the DPR [the supposed Donetsk People’s Republic].”
DDoS in St. Petersburg.
Friday's proceedings at the St. Petersburg International Economic Forum were delayed for about an hour and a half, Reuters reports, by a distributed denial-of-service (DDoS) attack. The now-familiar Kremlin spokesman Dmitry Peskov put the delay down to a cyberattack that began on Thursday and affected the conference's admissions and accreditation systems, but he offered no attribution.