Dateline Moscow and Kyiv: a pause in preparation for hybrid war?
Limited objectives? And collaboration during conflict. (The CyberWire) Russian forces near the Ukrainian border (now estimated in media reports as having stabilized around a total troop strength of 100,000) remain in position as NATO and Ukraine increase their own readiness in the region. NATO pledges continued cyber support as the US and other members prepare sanctions against Russia.
Russia Steps Up Propaganda War Amid Tensions With Ukraine (New York Times) The disinformation campaign includes claims that NATO and Ukrainian forces are preparing to attack Russian speakers in Ukraine.
Russian Hybrid Threats Report: A push to recognize Ukrainian regions as independent states (Atlantic Council) Amid a legislative push to recognize the regions of Donetsk and Luhansk as independent states, Russia is spinning narratives of NATO aggression and continuing to mass troops and materiel near Ukraine.
Focused Russian attack on Ukraine seen as more likely than full-scale invasion (the Guardian) Officials and experts say several elements missing for full-scale invasion despite recent troop movements
What threat? Russian state TV plays down Moscow's role in Ukraine crisis (Reuters) NATO is scrambling to beef up its eastern flank and Western governments have warned of crippling economic sanctions if Russia invades Ukraine, but watching Russian state TV provides little sense, for now at least, that war may be imminent.
Center for Defense Strategies: How likely is large-scale war in Ukraine? (analysis) (The Kyiv Independent) Editor’s note: This is an analysis by the Center of Defense Strategies’ experts Andriy Zagorodnyuk, Alina Frolova, Oleksiy Pavliuchyk. It was originally published in Ukrainian by Ukrainska Pravda. The Kyiv Independent has translated it and is republishing it with permission. Many politicians and observers report that a significant escalation of […]
Ukraine's front line: Where lives turn on distant decisions (AP NEWS) In trenches dusted with snow and tinged with soot, men search for enough cellphone signal to hear the latest from the distant capitals that will decide their fate. Moscow, Washington, London, Paris, Berlin, Vienna .
Opinion: The fight ahead in Ukraine: Body bags and cyberwar (Washington Post) Russians sometimes speak of the bodies of dead soldiers arriving home from the battlefront as “Cargo 200,” a European defense expert told me last week in Kyiv. The term originated during Russia’s war in Afghanistan, when corpses were shipped home to Moscow in zinc-lined coffins.
Ukraine urges calm, saying Russian invasion not imminent (Military Times) Ukrainian leaders urging of calm comes as the Pentagon heightens readiness for 8,500 troops.
Putin's threatened invasion is already hitting the Ukrainian economy hard (Atlantic Council) While the world waits to see if Vladimir Putin will proceed with his threatened invasion of Ukraine, Russia’s menacing military posture is already hitting the Ukrainian economy hard.
A Russia-Ukraine War Could Ripple Across Africa and Asia (Foreign Policy) Beware of food price spikes and revolutions if Ukrainian grain deliveries are disrupted.
Will World War III begin in cyberspace? (Computerworld) It's not the 100,000 Russian troops on Ukraine's borders that worries me as much as cyberattacks that can easily get out of hand.
Belarus hacktivists target railway in anti-Russia effort (Federal News Network) A Belarusian hacktivist group says it has launched a limited cyberattack on the national railway company, aimed at impeding the movement of Russian troops and freight inside the Moscow-allied country…
Why the Belarus Railways Hack Marks a First for Ransomware (Wired) The politically motivated attack represents a new frontier for hacktivists—and won’t be the last of its kind.
Companies Prepare for Fallout From Cyberattacks Against Ukraine (Wall Street Journal) Businesses including utilities, manufacturers and financial-services companies are bracing for potential spillover from cyberattacks against Ukraine, as U.S. officials warn of Russia-linked hacks that could ripple outward.
NATO will continue to assist Ukraine in cyber defense - deputy secretary general (Ukrinform) The North Atlantic Treaty Organization, which has been working with Ukraine for years to increase its cyber defenses, will continue to do so in the face of growing threats from Russia. — Ukrinform.
Deputy Secretary General stresses NATO will continue to increase Ukraine’s cyber defences (NATO) Deputy Secretary General Mircea Geoană participated virtually at the Cybersec Global 2022 event today (25 January 2022). Focusing on the tensions between Russia and Ukraine during his keynote speech, the Deputy Secretary General stressed that NATO has been working with Ukraine for years to increase its cyber defences, and will continue to do so at pace.
FAST THINKING: The US bets big on NATO to deter Russia (Atlantic Council) Can the United States convince the twenty-nine other NATO members to support a troop movement in Eastern Europe?
Britain, Canada Flex Hard-Power Muscles in Showdown With Russia (Foreign Policy) Other NATO allies deploy fighter jets and naval forces to shore up its eastern flank.
How Germany can best support Ukraine (Atlantic Council) What can the new German government do to push back more against Russia’s growing threat? What tools are at its disposal that can enhance credible deterrence, strengthen unity, support Ukraine, and pressure Putin?
US, NATO Discuss Ukrainian Cyber Aid Amid Tensions (GovInfoSecurity) As tensions continue to flare between Ukraine and Russia, which has amassed at least 100,000 troops along Ukraine's eastern border, the U.S. continues to mull
U.S. Plans Sanctions, Export Controls Against Russia if It Invades Ukraine (Wall Street Journal) The Biden administration is working to mitigate market shocks if Russia withholds energy supplies in retaliation.
Biden Says Putin at Risk of Personal Sanctions Over Ukraine (Bloomberg) U.S. has threatened ‘serious’ sanctions, but scope unclear. Biden prepares 8,500 troops, rules out deployment in Ukraine.
Biden's big test: Proving he can rally allies against Putin (AP NEWS) President Joe Biden’s effort to rally support, both at home and abroad, ahead of a potential Russian invasion of Ukraine is just the latest big test of his ability to bridge ideological gaps and balance competing interests to build effective coalitions.
Israel has a lot to lose from a Russia-Ukraine war (Haaretz) As one of the few countries to have close diplomatic ties with both Kyiv and Moscow, Israel will be aiming to stay on the sidelines if the two sides go to war
Russia just laid the trap to start Ukraine war (Newsweek) Separatists in the Donbas region say Kyiv has built up military hardware as President Joe Biden seeks to present a united front against Russia.
Ukraine Crisis: Putin the gambler may have gone too far to back down (Atlantic Council) Russian President Vladimir Putin has gained the world's attention with his threat to launch a full-scale invasion of Ukraine but he may now feel he must act or risk a serious loss of credibility on the international stage.
Attacks, Threats, and Vulnerabilities
N.Korean internet downed by suspected cyber attacks -researchers (Reuters) North Korea's internet appears to have been hit by a second wave of outages in as many weeks, possibly caused by a distributed denial-of-service (DDoS) attack, researchers said on Wednesday.
New macOS Malware 'DazzleSpy' Used in Hong Kong Attacks (SecurityWeek) A new piece of macOS malware named DazzleSpy has been used in an espionage operation aimed at individuals in Hong Kong.
Watering hole deploys new macOS malware, DazzleSpy, in Asia (WeLiveSecurity) The website of a Hong Kong pro-democracy radio station was compromised to serve a Safari exploit that installed cyberespionage malware on visitors’ Macs.
MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks (Threatpost) A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy.
New Threat Campaign: AsyncRAT Introduces a New Delivery Technique (Morphisec) Morphisec Labs identified a new threat campaign. Through a simple phishing tactic with an HTML attachment, threat attackers are delivering AsyncRAT.
TrickBot now crashes researchers' browsers to block malware analysis (BleepingComputer) The notorious TrickBot malware has received new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs when it detects beautified scripts.
Android malware will factory-reset a phone after stealing a user's funds (The Record by Recorded Future) An Android banking malware strain has recently received a new feature that allows its operators to reset a device to factory settings after they have stolen money from a victim's bank account as a way to distract the owner from the recent theft and prevent them from taking any preventive measures.
Microsoft warns about this phishing attack that wants to read your emails (ZDNet) Attackers have targeted hundreds of organisations, says Microsoft security.
Analysis of Xloader’s C2 Network Encryption (Zscaler) In this blog post, we perform a detailed analysis of Xloader’s C2 communications and the network infrastructure that hosts the malware.
Tax scam emails are alive and well as US tax season starts (Naked Security) If in doubt, don’t give it out! (And don’t forget that no reply is often a good reply.)
Segway store compromised with Magecart skimmer (Malwarebytes Labs) Magecart Group 12 is still alive and well in the latest attack against popular brand Segway.
Data Breach Compromises Personal Information of Koons Customers (NBC4 Washington) Koons Automotive Group identified a data breach that may have compromised customers’ personal information.
A woman checked her spam and found she won $3 million in the lottery — but you should still be wary of scams (Washington Post) Experts say such emails are usually scams and that people should be careful with their junk mail folder.
No Spam Here: Oakland County Woman Wins $3 Million Mega Millions Prize (Michigan Lottery Connect) An Oakland County woman got the surprise of a lifetime when she checked the spam folder in her email account and saw an email that she’d won a $3 million Mega Millions prize from the Michigan Lotte…
Security Patches, Mitigations, and Software Updates
GE Gas Power ToolBoxST (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: GE Gas Power
Equipment: ToolBoxST
Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in data exfiltration or arbitrary write, overwrite, and execution.
Trends
Global Threat Report Full Year 2021 (Zix) Threat actors did not skip a beat in 2021. They continued to propagate attacks while constantly cycling through both new and old tactics.
Ransomware Spotlight Year End 2021 Report (Ivanti) Read this report analyzing the increased sophistication of ransomware groups and increased volume of ransomware attacks. Stay informed on how ransomware groups are broadening their attack spheres and finding newer ways to compromise organizational networks and fearlessly trigger high-impact assaults.
Would you join the metaverse? (NordVPN) NordVPN asked internet users how much they know about the metaverse and whether they're planning to join it. Read more about the results.
Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected (ProPublica) A surge in identity theft during the pandemic underscores how easy it has become to obtain people’s private data. As hackers are all too happy to explain, many of them are cashing in on it.
Why do employees break cybersecurity rules? There's a 'middle ground between ignorance and malice.' (Advisory) Writing for the Harvard Business Review, Clay Posey and Mindy Shoss suggest four ways organizations can reevaluate their cybersecurity policies to address the underlying issues that put them at risk for a cyberattack.
Careless employees behind the majority of insider threat incidents: report (CIO Dive) As companies come to terms with the semi-permanence of mass remote work, insider cybersecurity threats continue to rise — and it's partially due to employee apathy.
Vulnerability Disclosures Rise to Meet Federal Requirements (Security Boulevard) For all its other security milestones, 2021 was the year that vulnerability disclosures began to get their due, taking on greater importance across all
Council Post: Cyber Insurance Is Inspiring The Threats It's Supposed To Protect Against (Forbes) Removing financial incentives to mount attacks will be a crucial factor in decreasing the likelihood of future ransomware attacks.
Cisco Study Finds Privacy is Now Mission Critical for Organizations Worldwide (Cisco) Cisco’s 2022 Data Privacy Benchmark Study surveyed more than 4,900 professionals across 27 geographies. It finds that 90 percent of respondents consider privacy a business imperative.
Privacy Becomes Mission Critical: Cisco 2022 Data Privacy Benchmark Study (Cisco) Over the past few years, privacy has become mission critical for organizations around the world. More than two-thirds of countries have enacted privacy laws, customers are not buying from organizations who don’t protect their data, and privacy metrics are regularly being reported to Boards of Directors. I
Marketplace
SparkCognition, which develops AI solutions for a range of industries, nabs $123M (VentureBeat) SparkCognition, an Austin, Texas-based company developing AI solutions for a range of markets, has raised $123 million in capital.
PQShield raises $20M for its quantum-ready, future-proof cryptographic security solutions (TechCrunch) Quantum computing promises to unlock a new wave of processing power for the most complex calculations, but that could prove to be just as harmful as it is helpful: security specialists warn that malicious hackers will be able to use quantum machines to break through today’s standards in crypt…
Bishop Fox Triples Annual Recurring Revenue and Reports Record Growth (Bishop Fox) The Company’s Award-Winning Continuous Offensive Security Platform Sees Exponential Demand, Fueled by Increasingly Complex Security Challenges. Read more.
Trellix, McAfee, FireEye, Mandiant: What's next for four big names in cyber (CyberScoop) On Jan. 19, the private equity firm that bought FireEye and McAfee Enterprise announced that the two acquisitions would “emerge” to form Trellix, a cybersecurity business with 5,000 employees and 40,000 customers.
AppSec Leader Veracode Thrives in Record-Breaking Year for Cybersecurity | Veracode (Veracode) 2021 delivers strong growth and business momentum, with 13 percent revenue increase YoY
‘Snake oil’: doubts loom over tech firm Darktrace’s high-octane sales strategy (the Guardian) The UK cybersecurity outfit has been on a rollercoaster ride from a meteoric share price rise to a plunge in market value
Open Letter to our Customers from CEO, Hoan Ton-That: January 18, 2022 (Clearview AI) Clearview AI was an unknown startup until the New York Times put us on their front page in January 2020. We were only a tiny company at the time with barely 10 employees. I was unprepared for intense pressure, both personally and professionally, that would be typically reserved for multi-billion-dollar corporations. I weathered those tough days by remaining focused on the mission I share with all of you: to make this world a safer place.
U.S. venture capital firm in talks to buy Israel's infamous spyware maker NSO (Haaretz) Negotiations with Integrity Partners, which seeks to acquire control of NSO in 2022-2023, are in advance stages. The plan: rebuilding NSO
Chairman of Israeli spyware firm NSO says he has stepped down (Reuters) Asher Levy said on Tuesday he had quit as chairman of Israeli spyware firm NSO Group but denied that his departure was linked to lawsuits or media coverage of the international furore that has erupted over the company's Pegasus hacking software.
NSO chairman quits as cyber firm reels from Israeli police scandal (Haaretz) NSO’s Pegasus spyware was reportedly used by Israeli police to snoop on mayors and protesters without warrant, but chairman says he’s leaving for other reasons.
Coalition Appoints Chung-Man Tam as its First Chief Product Officer (GlobeNewswire News Room) Veteran product leader to fuel Coalition’s growth and expand product suite...
Products, Services, and Solutions
Team82 ENIP & CIP Stack Detector Simplifies Protocol Identification (Claroty) Team82 is releasing today a custom, generic EtherNet/IP stack detection tool that will be free and publicly available via our GitHub repository.
Cequence and Tetrate Partner to Embed Security into Cloud Native Applications (Business Wire) Cequence and Tetrate Partner to Embed Security into Cloud Native Applications
News - Virsec Delivers an End to Attacks on Server Infrastructure and the Software Supply Chain (Virsec) New Deterministic Protection Platform (DPP) by Virsec Maps Exactly What an Organization’s Software is Supposed to Do and Immediately Stops What it Should Not
Free OSS Tools to Defend Against Malicious NPM Packages (JFrog) Current npm installation processes may cause use of malicious packages in applications. See how JFrog’s new OSS tools help detect and prevent this behavior >
LiveAction Launches ThreatEye NV, a Network Detection and Response Platform That Delivers Complete Encrypted Traffic Analysis and Visibility (Yahoo Finance) LiveAction, a leader in end-to-end visibility for network security and performance, today announced the release of ThreatEye NV. A network detection and response platform (NDR), ThreatEye NV combines next-generation data collection, advanced behavior analysis and streaming machine learning to give SecOps teams unprecedented visibility into encrypted traffic, threats and network anomalies. Utilizing Deep Packet Dynamics (DPD) that eliminates the need for paylo
SpaceNet Taps LogRhythm’s NextGen SIEM Platform (Fast Mode) SpaceNet announced that it is significantly expanding its security portfolio through the use of LogRhythm’s NextGen SIEM platform
CyberSheath Federal Enclave offers cybersecurity compliance requirements for federal contractors (Help Net Security) CyberSheath has introduced a new service that provides all federal contractors with a solution to meet cybersecurity requirements.
Darktrace secures extended airline contract (Technology Decisions) Darktrace has announced that a major airline will continue to use the company's cybersecurty AI technologies to safeguard against escalating cyber threats.
Strobes Security Inc. Announces Availability of Game-Changing Vulnerability Management Platform (Longview News-Journal) FRISCO, Texas, Jan. 25, 2022 /PRNewswire-PRWeb/ -- Strobes Security Inc. announced today its availability of Strobes in the US market. Backed by angel investors including high net worth individual (HNI)
SafeBreach Launches Free Ransomware Assessment (PR Newswire) SafeBreach, the pioneer in breach and attack simulation ("BAS"), today announced it has launched the ransomware challenge, a free assessment...
Technologies, Techniques, and Standards
NIST Releases Final Cybersecurity Assessment Guidance (Nextgov.com) The document extensively reviews best practices in security assessments for organizations.
Log4Shell crisis averted thanks to Y2K-like efforts (Register) Anti-malware biz weighs in on one of the worst security flaws of recent times
UK's NCSC Pushes NMAP Scanner Scripts to Fill Defender Gap (SecurityWeek) The U.K. government’s cybersecurity agency plans to ship a collection of well-tested, reliable scanning scripts to help defenders mitigate high-priority software flaws.
CISA preps update to the zero trust maturity model (FCW) The Cybersecurity and Infrastructure Security Agency will update its zero trust maturity model to assist agencies in meeting goals outlined in the cybersecurity executive order released last year, an official said Tuesday.
More than 90 Percent of Federal Cybersecurity Decision Makers Have Increased Confidence in Implementing Zero Trust following Government Mandates (Business Wire) Merlin and MeriTalk unveil the findings of their Zero Trust report providing insight into federal agencies’ momentum, priorities and challenges.
Striking a Balance Between Cybersecurity Awareness and Anxiety (Dark Reading) Employees don't have to be paralyzed by fear to keep the company safe. They just have to understand what threats look like and how to stop them.
How Biometric Technology Offers the First Step Towards an Effective Zero Trust Strategy (Fingerprints) Discover Fingerprints’ blog to learn more about how biometric solutions support the first step towards a Zero Trust security strategy
Design and Innovation
The Army wants someone to make comics about its information warfare doctrine (Breaking Defense) The intent is to generate conversation within the community and a more broad audience about potential threats and what the service can do to prepare for the future.
Academia
University of Louisville working with US Defense Department to fight cyber attacks (WDRB) The University of Louisville has partnered with the U.S. Department of Defense to help strengthen the country's cyber defenses.
UW partners with U.S. Cyber Command for cybersecurity education (Channel3000.com) U.S. Cyber Command selected UW to join its new cybersecurity education initiative, officials announced Monday.
Legislation, Policy, and Regulation
White House attempts to strengthen federal cybersecurity after major hacks (CNN) The White House plans to release an ambitious strategy Wednesday to make federal agencies tighten their cybersecurity controls after a series of high-profile hacks against government and private infrastructure in the last two years, according to a copy shared with CNN.
Delay in Creating New Cybersecurity Board Prompts Concern (SecurityWeek) A key part of President Joe Biden's plans to fight major ransomware attacks and digital espionage campaigns has been languishing for more than eight months
FISMA Bill Drops in House Amid Confusion Over Federal CISO Role (Nextgov.com) Rep. John Katko is continuing a campaign to make the Cybersecurity and Infrastructure Security Agency a central Chief Information Security Office—or CISO— for federal civilian agencies.
Bipartisan bill would update federal cybersecurity rules, responsibilities (The Record by Recorded Future) The leaders of the House Oversight Committee on Tuesday introduced legislation meant to revamp federal cybersecurity rules and clarify roles and responsibilities of top officials.
What the Cybersecurity Executive Order Means for the Private Sector (ReadWrite) Companies and governments suffered from delaying the fundamental cybersecurity overhauls necessary to defend against cyber attacks too long.
The Role for DHS in Countering the Disinformation Threat (Just Security) DHS is well-placed to serve as the "truth-teller" to the American public through the coordination and dissemination of unclassified reports.
Doctor-style register planned for UK infosec professionals (Register) Are you competent? Ethical? Welcome to UKCSC's new list
Cyber workforce ranks among least diverse segments of federal government (Federal News Network) The federal cybersecurity workforce is less diverse than the rest of the federal government, and a unique series of challenges make it harder for agencies to show progress.
Editorial: Time to bring state wiretap law into 21st century (Sentinel and Enterprise) With his time in office winding down, Gov. Charlie Baker has decided to mount another effort to pass previously stalled law-enforcement surveillance legislation. The governor has refiled his bill, …
Litigation, Investigation, and Law Enforcement
Cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021 (The Record by Recorded Future) Cybercriminal gangs laundered an estimated $8.6 billion worth of cryptocurrency last year, in 2021, a 30% rise from the previous year, according to a Chainalysis report published today.
DeFi Takes on Bigger Role in Money Laundering But Small Group of Centralized Services Still Dominate (Chainalysis) This blog is a preview of our 2022 Crypto Crime Report. Sign up here to reserve your copy and we’ll email you the full report when it comes
Huawei Brings ICSID Claim Against Sweden Over 5G Ban (Law360) Chinese telecom manufacturer Huawei brought an investment treaty claim against Sweden after it excluded Huawei from the rollout of the country's 5G network technology amid national security concerns.
Pegasus hack reported on iPhones of Human Rights Watch official (Washington Post) Victim is latest among dozens of journalists, politicians, human rights workers, diplomats and other targets discovered in recent months, as scrutiny of Pegasus-maker NSO Group intensifies.
Two more Poles identified as victims of hacking with spyware (AP NEWS) Two more Poles have been identified as victims of phone hacking with the notoriously powerful spyware from Israel’s NSO Group: an agrarian political leader at odds with Poland's right-wing government and the co-author of a book about the head of Poland's secret services.
Businessman gets 4-yr term for selling N.K.-made software program in S. Korea (Yonhap News Agency) SEOUL, Jan. 25 (Yonhap) -- A South Korean entrepreneur was sentenced to four years in pris...