Dateline Moscow, Kyiv, and Warsaw: Pro-war criticism of Russia's war.
Ukraine at D+313: OPSEC failures and the return of GhostWriter. (CyberWire) Cellphones are again shown to be an opsec disaster. GhostWriter is back, and pretending to be Polish.
Russia-Ukraine war: List of key events, day 315 (Al Jazeera) As the Russia-Ukraine war enters its 315th day, we take a look at the main developments.
Russia-Ukraine war live: Ukraine says Russian strikes targeted civilian infrastructure in past 24 hours; Moscow raises Makiivka death toll (the Guardian) Kyiv says there have been civilian casualties in Kramatorsk, Zaporizhzhia and Kherson; Russian defence ministry revises number of soldiers killed to 89
Russian Offensive Campaign Assessment, January 2, 2023 (Institute for the Study of War) Ukrainian air defenses reportedly intercepted all drones from two consecutive nights of Russian drone strike attacks against Ukraine on December 31 – January 2. Ukraine’s air force reported on January 1 that Ukrainian air defense forces shot down all 45 R
Russia says phone use allowed Ukraine to target its troops (AP NEWS) Unauthorized use of cell phones by Russian soldiers led to a deadly Ukrainian rocket attack on the facility where they were stationed, according to the Russian military, as it raised the death toll from the weekend attack to 89.
Russian soldier gave away his position with geotagged social media posts (Task & Purpose) A Russian service member geotagged his location in pictures and videos posted on social media
Russian commanders blamed for heavy losses in New Year’s Day strike (Washington Post) The deaths of scores of Russian troops in a devastating strike on New Year’s Day has set off a blame game among Russian officials now facing criticism for allegedly packing hundreds of soldiers into a barracks and storing ammunition in the same building — all within Ukrainian firing range.
Russian commanders 'must be punished for treason' over deadly Ukrainian Himars attack (The Telegraph) Kyiv claims hundreds of Vladimir Putin's troops were killed after a building housing them was flattened
Russia fighting for weeks to capture 'a single home', says Wagner head as he hits out at lack of equipment (The Telegraph) Progress to capture the area in the Donetsk region stagnates as troops struggle to break through defences, says head of the Wagner Group
Kremlin suffering heavy losses in Zaporizhzhia as fighting intensifies (The Telegraph) Russia has suffered heavy losses in the Zaporizhzhia, the general staff of Ukraine's armed forces has said, in a fresh uptick of fighting around a key gateway to the South.
An unexpected glimpse of disillusionment in Russia’s trenches (Military Times) The former frontline village of Novopetrivka, in southern Ukraine’s Mykolaiv oblast, offers a glimpse of the day-to-day existence for Russian soldiers.
Russia’s Basic Errors Jeopardize Its Ukraine Forces, Military Analysts Say (Wall Street Journal) Cellphone use, storage of ammunition near troops are called indicative of poor discipline
Russia-Ukraine War: Ukraine Defends Against Russia’s Inexpensive Drones With Far Costlier Missiles (New York Times) Analysts note that the damage the drones could cause would be extremely expensive, but question whether the cost imbalance between offense and defense can be sustained.
In Bucha, a Final Rampage Served as a Coda to a Month of Atrocities (New York Times) Hours before Russian troops began withdrawing from the suburban town, a Russian soldier left a trail of blood and devastated lives in a last paroxysm of violence.
Drone advances in Ukraine could bring dawn of killer robots (AP NEWS) Drone advances in Ukraine have accelerated a long-anticipated technology trend that could soon bring the world's first fully autonomous fighting robots to the battlefield, inaugurating a new age of warfare.
Ukraine: A battle over the future of Europe (POLITICO) Andrew A. Michta is dean of the College of International and Security Studies at the George C. Marshall European Center for Security and a nonresident senior fellow at the Scowcroft Strategy Initia…
Eight reasons for Ukrainian optimism in 2023 (Atlantic Council) Ukrainians have experienced an incredibly traumatic year but the country enters 2023 with reason for cautious optimism that Vladimir Putin's criminal invasion can be decisively defeated, writes Brian Mefford.
Peace May Be a Long Way Off in Ukraine in 2023 (Foreign Policy) Both sides believe they can win on the battlefield.
Russia’s Rebound (Foreign Affairs) Moscow has partly recovered from its military setbacks.
Opinion | Putin Has No Red Lines (New York Times) There are better ways to think about strategy.
Bakhmut: Fortress of freedom (Atlantic Council) Western support for Ukraine must remain strong in 2023 to prevent a Russian victory that would fuel a global authoritarian revival, warns the head of Ukraine's Office of the President, Andriy Yermak.
Ukraine Has Digitized Its Fighting Forces on a Shoestring (Wall Street Journal) Kyiv’s forces networked under Russian attack, achieving a cut-priced ‘MacGyver’ version of systems the Pentagon has spent decades developing
Ukraine Unplugged (The Atlantic) How Ukrainian citizens persevere in the darkness
Digitalization and transparency are vital for Ukraine’s reconstruction (Atlantic Council) Ukraine's reconstruction will depend on digitalization and the recruitment of motivated personnel from the military, writes Deputy Minister for Communities, Territories, and Infrastructure Development Oleksandra Azarkhina.
Ukraine’s Volunteers (The New York Review of Books) It was dark and getting colder. The four-wheel drive was slipping and straining as we tried to yank the van out of a muddy field. We had already lightened
The time is now to question how NATO should look post Ukraine (Breaking Defense) "Now is the moment to consider what changes may be needed to ensure the alliance is strong, healthy and focused on its core task of keeping alliance members out of Russia’s grasp," writes Joshua Huminski of the Center for the Study of the Presidency & Congress.
Europe prepares to take in more Ukrainians, with less support, in 2023 (Washington Post) Last winter, Jaroslaw Olak, a Warsaw native, spent the early days of the Ukraine war handing out sweets with his young sons to refugees arriving in the Polish capital. Soon after, he was hosting Ukrainian families rent-free in his apartment downtown.
The Myth of America’s Ukraine Fatigue (Foreign Policy) No, the U.S. public isn’t giving up on Ukraine.
Germany Open to Seizing Russian Assets to Help Ukraine Rebuild (Bloomberg) Berlin backs Kyiv government’s demands for war reparations. Move hinges on resolving legal issues, allied coordination.
Poland warns of attacks by Russia-linked Ghostwriter hacking group (BleepingComputer) The Polish government is warning of a spike in cyberattacks from Russia-linked hackers, including the state-sponsored hacking group known as GhostWriter.
Poland targeted by persistent pro-Russian cyberattacks (SC Media) Poland's government services, private firms, media companies, and citizens are being subjected to persistent and exacerbating cyberattacks by pro-Russian hacking groups since the beginning of the Russia-Ukraine war, according to The Record, a news site by Recorded Future.
Time to Reconsider How State Actors are Defined in Cyberspace (OODA Loop) Since the late 1990s, geopolitics have increasingly become a driver of hostilities between nation states and their non-state sympathizers.
Sudden Russian Death Syndrome (The Atlantic) It’s not a great time to be an oligarch who’s unenthusiastic about Putin’s war in Ukraine.
Russia Is Afraid of Western Psychic Attacks (Foreign Policy) Pseudoscience and mysticism are common among the Moscow elite.
Attacks, Threats, and Vulnerabilities
Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks (BleepingComputer) More than 60,000 Microsoft Exchange servers exposed online are yet to be patched against the CVE-2022-41082 remote code execution (RCE) vulnerability, one of the two security flaws targeted by ProxyNotShell exploits.
Hackers' latest trick looks like free movie streaming (Fox News) Downloadable links with access to movies and shows could contain malware that gives hackers access to your information. Here's how you can protect your devices from malicious files.
Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware (The Hacker News) Cybercriminals Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware
BitRAT malware campaign uses stolen bank data for phishing (BleepingComputer) Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures in phishing emails designed to infect targets with the BitRAT remote access trojan, according to cloud security firm Qualys.
OpwnAI: AI That Can Save the Day or HACK it Away (Check Point Research) Latest Research by our Team
Cyber-attack threatens release of Port of Lisbon data (Port Technology) The Port of Lisbon suffered a cyber-attack on Christmas Day, raising concerns about the potential exposure of confidential information.
Rail giant Wabtec discloses data breach after Lockbit ransomware attack (BleepingComputer) U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information.
Huron-Superior Catholic District School Board employees likely affected by cyber attack (CBC) Employees with the Huron-Superior Catholic District School Board have likely had their personal information compromised due to a cyber attack.
Arnold Clark’s Christmas cyber attack recovery a ‘mammoth task’ (AM Online) Arnold Clark’s recovery from a Christmas cyber attack has been described as a “mammoth task” after the car retail giant was forced to axe internet access to protect its customer data.
LA housing agency is hit with cyberattack and is given a deadline to respond (Daily News) In an eerie replay of the cyberattack on LAUSD, the City of LA’s $1 billion housing agency is attacked.
Los Angeles housing authority says cyberattack disrupting systems (The Record by Recorded Future) The Housing Authority of the City of Los Angeles confirmed that it is dealing with a cyberattack on Monday.
The Guardian offices close after ransomware attack (New York Post) The Guardian staff have been told to work remotely since the hacking incident began on December 20.
The Guardian contacts data protection regulator after suspected ransomware incident (The Record by Recorded Future) The Guardian newspaper has contacted the United Kingdom’s data protection regulator following a suspected ransomware attack on December 20.
Trends
More than 200 U.S. institutions hit with ransomware in 2022: report (The Record by Recorded Future) Emsisoft researchers said more than 200 local governments, schools and hospitals were affected by ransomware in 2022.
Cyber attacks to one day become ‘uninsurable’ (Cyber Security Connect) CEO of Zurich Insurance Group Mario Greco has issued a warning that cyber attacks will one day become “uninsurable.” Insurance executives have been stating that natural catastrophes such as global
Defensive vs. offensive AI: Why security teams are losing the AI war (VentureBeat) What enterprises can do to counter weaponized AI and ML wielded by cybercriminal gangs and nation-state threat actors.
Marketplace
The cybersecurity industry will undergo significant changes in 2023 (Help Net Security) The cybersecurity industry is set to undergo some significant changes in 2023, due to consolidation and workers returning to the office.
Twitter to Relax Ban on Political Ads (New York Times) Elon Musk’s social media service said it would begin to permit cause-based advertising to “facilitate public conversation around important topics.”
Twitter whistleblower Zatko lands new job at a security consulting firm (Washington Post) Former Twitter security chief Peiter Zatko, whose whistleblower claim against the company triggered multiple ongoing investigations, has joined security company Rapid7, where he will advise a range of consulting clients, the Boston-based company told The Washington Post.
John W. Thompson Joins Rubrik as the Lead Independent Board Director (Enterprise Security) We've built an elite leadership team of cybersecurity experts across public and private sectors to better equip our customers in the ongoing battle against...
R Street welcomes Brandon Pugh as new director of Cybersecurity and Emerging Threats team (R Street) WASHINGTON (Jan. 4, 2022) — This week the R Street Institute welcomed Brandon Pugh as policy director for our Cybersecurity and Emerging Threats team. He was previously a senior fellow on the same team. In this role, Pugh will spearhead public policy strategy for the department with a focus on data security and data privacy […]
Products, Services, and Solutions
Intel and Check Point Extend Collaboration for Ransomware Defense (Spiceworks) Check Point’s upgraded solution will be available to customers in early 2023 at no extra cost.
Illumio Government Cloud Achieves FedRAMP® In Process Designation to Help Federal Agencies Stop the Spread of Breaches and Reduce Risk (GlobeNewswire News Room) Illumio is a Zero Trust Segmentation platform...
Technologies, Techniques, and Standards
Cyber Chiefs Face Scrutiny and Challenges in 2023’s Uncertain Economy (Wall Street Journal) Security chiefs will likely be told to do more with less in 2023, as economic uncertainty batters budgets and companies brace for a potential recession.
CYBER101: Joint Force Headquarters–Department of Defense Information Network (JFHQ-DODIN) (U.S. Cyber Command) A digital revolution in cyberspace has swept the globe over the last three decades leading to the interconnectivity of disparate nations, organizations, groups, and people across a worldwide network
How Can the White House's New IoT Labels Improve Security? (Security Intelligence) The White House is attempting to establish globally used and recognized labels for IoT to improve security.
Research and Development
Breaking RSA with a Quantum Computer (Schneier on Security) A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong.
Can these researchers help defend satellite systems targeted by hackers? (CyberScoop) Despite growing cyberattacks on satellite networks, efforts to protect communication systems in space remain nascent.
Legislation, Policy, and Regulation
Govt releases draft online gaming rules for public consultation (Moneycontrol) These draft regulations come at a time when India's gaming sector has seen unprecedented growth in terms of app downloads and revenue
Watching porn now requires age verification in La. because of new law (Fox 8 Live) A new law that was passed in Louisiana requires age verification for any website that contains 33.3% or more pornographic material.
Litigation, Investigation, and Law Enforcement
Meta’s Ad Practices Ruled Illegal Under E.U. Law (New York Times) The decision is one of the most consequential issued under the E.U.’s landmark data-protection law and creates a new business headwind for the social media giant.
Meta Fined More Than $400 Million in EU for Serving Ads Based on Online Activity (Wall Street Journal) European regulators ruled the Facebook and Instagram parent can’t use its contracts with users to justify sending them ads based on their online activity, a blow to the digital-advertising industry.
Meta's New Year kicks off with $410M+ in fresh EU privacy fines (TechCrunch) Meta is starting the new year with more privacy fines for its business in Europe following enforcement of complaints over the legal basis it claims to run behavioral ads.
How Social Media Can Come Back to Bite You During the Security Clearance Process (Government Executive) Lindy Kyzer joins the podcast to discuss networks like Twitter and Tiktok relates to the continuous vetting of employees working for the federal government.
Sam Bankman-Fried Pleads Not Guilty as Trial Set for October (Wall Street Journal) The FTX founder faces eight criminal counts, including conspiracies to commit securities fraud and commodities fraud. A judge set his trial to begin Oct. 2.
Sam Bankman-Fried, Founder Of The Crypto Exchange FTX, Has Pleaded Not Guilty To Fraud And Other Charges (BuzzFeed News) If convicted on all counts, he faces up to 115 years in prison.
Crypto Hack Lawsuits Rise as Theft Victims Try Untested Claims (Bloomberg Law) Lawsuits against cryptocurrency exchanges, digital wallet providers, and mobile service companies following cyberattacks reached a new high in 2022, as hacking victims increasingly test unproven legal claims to recoup their crypto losses.
Google settles user location tracking lawsuits for $29.5M (SC Media) Google has agreed to settle for $29.5 million two lawsuits involving "deceptive" location tracking, reports The Hacker News.