The US and the European Union have officially blamed Russia for a series of destructive data-wiping malware infections in Ukrainian government and private-sector networks – and said they will "take steps" to defend against and respond to Kremlin-orchestrated attacks.
Beginning in January, and continuing after Russian troops illegally invaded Ukraine the following month, as Ukrainian websites were vandalized or pummeled offline in distributed denial-of-service attacks, Russian cyberspies planted malicious data-destroying code in Ukraine's computers.
"The United States has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, including WhisperGate, on Ukrainian Government and private sector networks," US Secretary of State Antony Blinken said in a statement today.
WhisperGate corrupts an infected Windows system's master boot record, displays a fake ransom note, and irreversibly scrambles documents based on their file extensions, according to the US government's Cybersecurity and Infrastructure Security Agency (CISA). Ghostwriter, a crew thought to be connected to Russia's GRU military intelligence service, started using this strain of malware against organizations in Ukraine on January 15, we're told.
It's just one of at least six significant strains of data-wiping malware that Russia has deployed against its neighbor since the beginning of the year.
However, some of these spilled over into European countries. As an example of this, both the US and the EU called out the cyberattack that took Viasat customers' satellite broadband modems offline an hour before Russia's ground invasion began. While the primary purpose of this attack was to disrupt Ukrainian communications during the invasion, by wiping the modems' firmware remotely, it also disabled thousands of small aperture terminals in Ukraine and across Europe, knocking out people's satellite connectivity and the remote monitoring of 5,800 wind turbines in Germany.
"This unacceptable cyberattack is yet another example of Russia's continued pattern of irresponsible behavior in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine," the Council of the EU said in a statement.
Continued cyberattacks against Ukraine, including those attempting to target critical infrastructure, could put European citizens at risk, it added.
"The European Union, working closely with its partners, is considering further steps to prevent, discourage, deter and respond to such malicious behavior in cyberspace," the council's statement said. "The European Union will continue to provide coordinated political, financial and material support to Ukraine to strengthen its cyber resilience."
When asked what further steps may be taken, an EU spokesperson said the government can use "all its diplomatic means" to mitigate threats, and this includes imposing sanctions on people or entities responsible for conducting cyberattacks against or threatening the EU and member states.
In a similarly worded statement, Blinken said America and its allies "are taking steps to defend against Russia's irresponsible actions." Several agencies, including the FBI, Department of Energy, CISA, and the US Agency for International Development (USAID) are providing technical and monetary support to help Ukraine identify threats and respond to attacks. Additionally, USAID has provided more than 6,750 emergency communications devices, including satellite phones and data terminals, to essential service providers, government officials, and critical infrastructure operators. ®
A Tor-hidden website dubbed the Eternity Project is offering a toolkit of malware, including ransomware, worms, and – coming soon – distributed denial-of-service programs, at low prices.
According to researchers at cyber-intelligence outfit Cyble, the Eternity site's operators also have a channel on Telegram, where they provide videos detailing features and functions of the Windows malware. Once bought, it's up to the buyer how victims' computers are infected; we'll leave that to your imagination.
The Telegram channel has about 500 subscribers, Team Cyble documented this week. Once someone decides to purchase of one or more of Eternity's malware components, they have the option to customize the final binary executable for whatever crimes they want to commit.
A Ukrainian man has been sentenced to four years in a US federal prison for selling on a dark-web marketplace stolen login credentials for more than 6,700 compromised servers.
Glib Oleksandr Ivanov-Tolpintsev, 28, was arrested by Polish authorities in Korczowa, Poland, on October 3, 2020, and extradited to America. He pleaded guilty on February 22, and was sentenced on Thursday in a Florida federal district court. The court also ordered Ivanov-Tolpintsev, of Chernivtsi, Ukraine, to forfeit his ill-gotten gains of $82,648 from the credential theft scheme.
The prosecution's documents [PDF] detail an unnamed, dark-web marketplace on which usernames and passwords along with personal data, including more than 330,000 dates of birth and social security numbers belonging to US residents, were bought and sold illegally.
David Harville, eBay's former director of global resiliency, pleaded guilty this week to five felony counts of participating in a plan to harass and intimidate journalists who were critical of the online auction business.
Harville is the last of seven former eBay employees/contractors charged by the US Justice Department to have admitted participating in a 2019 cyberstalking campaign to silence Ina and David Steiner, who publish the web newsletter and website EcommerceBytes.
Former eBay employees/contractors Philip Cooke, Brian Gilbert, Stephanie Popp, Veronica Zea, and Stephanie Stockwell previously pleaded guilty. Cooke last July was sentenced to 18 months behind bars. Gilbert, Popp, Zea and Stockwell are currently awaiting sentencing.
Just as costs for some components have started to come down, TSMC and Samsung, the two largest contract chip manufacturers in the world, are reportedly planning to increase prices of production, which may affect Nvidia, AMD, Apple, and others that rely on the foundries.
Reports emerged earlier this week stating that Taiwan-based TSMC is planning price hikes in the single-digit percentages for legacy and advanced chip manufacturing technologies next year. Citing industry sources, Nikkei reported that the price hike will be around five to eight percent.
On Friday Bloomberg reported that South Korea's Samsung is planning to raise prices for chip designers by 15-20 percent this year, citing industry sources. Legacy nodes will be hit hardest, and the new pricing will come into effect in the second half of the year.
Finnish open-source-as-a-service provider Aiven received $210 million in funding this week, adding $1 billion to its nominal valuation in just nine months.
The Series D cash injection – led by Eurazeo, and joined by funds and accounts managed by BlackRock as well as existing investors IVP, Atomico, Earlybird, World Innovation Lab, and Salesforce Ventures – follows $60 million Series C funding which valued the firm at $2 billion.
The latest investment round values the company at $3 billion. It's remarkable considering it only supports open-source software and was worth $800 million when it got its first $100 million tranche of Series C funding in March last year.
Black Hat Asia Software made unsafe by dependencies should be fixed without users needing to interact with the source of the problem, according to US National Cyber Director Chris Inglis, who serves in the Executive Office of the President.
Speaking to The Register at the Black Hat Asia conference in Singapore on Friday, Inglis said that when a faulty component in a car needs to be replaced, the manufacturer who chose that component takes responsibility for securing safe parts and arranging their installation. He contrasted that arrangement with the fix for the Log4j bug, which required users to seek assistance from both vendors that used the open-source logging code and source software from the Log4j project itself.
Inglis wants vendors to take responsibility for their choices so that addressing security issues is easier and users' systems – and the US – can achieve better resilience with less effort.
Memory and storage maker Micron Technology has revealed a new business model intended to address the volatility in the memory market that has resulted in sharp swings in pricing over the past several years.
Revealed at Micron's Investor Day 2022 event, the new forward pricing agreements enable a Micron customer to sign a multi-year deal that guarantees them a supply of memory at a predictable price that follows the cost reduction that the chipmaker sees during the lifecycle of a particular product.
Micron's chief business officer Sumit Sadana told Investor Day attendees that the chipmaker has already signed up an unnamed volume customer to one of the new agreements, which the company is currently trying out to see whether it delivers on the expected benefits.
Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.
The findings come from a report titled "How business executives perceive ransomware threat" by security company Kaspersky, which states that ransomware has become an ever-present threat, with 64 percent of companies surveyed already having suffered an attack, but more worryingly, that executives seem to believe that paying the ransom is a reliable way of addressing the issue.
The report, available here, is based on research involving 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific. The respondents were in senior non-IT management roles at companies between 50 and 1,000 employees.
Black Hat Asia Cyber war has become an emerged aspect of broader armed conflicts, commencing before the first shot is fired, cybersecurity expert Kenneth Geers told the audience at the Black Hat Asia conference on Friday.
"Peacetime in cyberspace is a chaotic environment," said Geers, who has served as a visiting professor at Kiev National Taras Shevchenko University, represented the US government at NATO, and held senior roles at the National Security Agency. "A lot of hacking has to be done in peacetime."
Geers said the Russia-Ukraine war demonstrates how electronic and kinetic conflicts interact. Ahead of the Ukraine invasion, Russia severed network cables, commandeered satellites, whitewashed Wikipedia, and targeted military ops via mobile phone geolocations.
Canonical has begun slinging daily builds of Ubuntu at Windows Subsystem for Linux. We took a look at the not-for-production code.
Ubuntu has long been friends with the Windows Subsystem for Linux. If you pop wsl --install onto a virgin Windows 11 PC, the odds are it will be Canonical's Linux distribution that is installed by default.
There are plenty of other options available – OpenSUSE and Debian spring effortlessly to mind, and we recently noted the arrival of AlmaLinux for RHEL refuseniks, but all require specifying manually.
The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes, according to Secureworks' threat intelligence team.
The cybercriminal gang has been around since June 2020, and its most recent activities have been put into two categories. One, using ransomware to extort money, as illustrated by a strike in January against a US philanthropic organization, according to Secureworks' Counter Threat Unit (CTU); and two, gathering intelligence, with a local government network in the United States targeted in March, CTU researchers detailed Thursday.
"The January and March incidents typify the different styles of attacks conducted by Cobalt Mirage," they wrote. "While the threat actors appear to have had a reasonable level of success gaining initial access to a wide range of targets, their ability to capitalize on that access for financial gain or intelligence collection appears limited. At a minimum, Cobalt Mirage's ability to use publicly available encryption tools for ransomware operations and mass scan-and-exploit activity to compromise organizations creates an ongoing threat."
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022