Russia-Ukraine Updates: Cybersecurity News Amid ConflictISMG's Editorial Team Monitors the Latest Cyber-Related Reports in Ukraine Crisis
Russian President Vladimir Putin invaded Ukraine, launching kinetic attacks and malicious cyberattack campaigns against the former Soviet state. During these chaotic times, it is unclear how the invasion may affect the West. National security experts at the White House, the nation's operational cyber agency, CISA, and Britain's National Cyber Security Center, among others, are calling for network defenders to be vigilant and prepare for possible retaliatory nation-state attacks.
In this thread, Information Security Media Group's editorial team recaps all the cyber headlines that have intersected with Putin's invasion in Europe.
March 25, 2022
ISMG editors discussed important cybersecurity issues, including the White House warning about escalated cyberthreats from Russia and the impact of the Russia-Ukraine war on the healthcare sector.
March 24, 2022
Ukrainian IT officials continued to call out alleged Russian cyberattacks. This comes as hacktivists took matters into their own hands in the digital underground, striking Russian media agencies, government ministries and more.
March 23, 2022
U.S. President Joe Biden warned that intelligence is pointing toward potential Russian cyberattacks against the U.S., the FBI reportedly issued an urgent bulletin contending that Russian IP addresses have conducted network scanning activity on at least five U.S. energy firms.
March 18, 2022
Russia said it experienced a greater number of cyberattacks leveraged against its government websites than ever before as Anonymous, the hacking collective, battled in the cyber war on behalf of Ukraine.
Federal authorities advised healthcare sector entities to take precautions, including enhancing their cybersecurity posture and being prepared to implement four- to six-week business continuity plans, as they continue to face potential cyber incidents related to the Russia-Ukraine war.
Four editors discussed important cybersecurity issues, including how Russia's invasion of Ukraine further complicates cybercrime ransomware payments, a former U.S. Treasury senior adviser's take on Biden's executive order on cryptocurrency, and important points regarding the upcoming identity theft executive order.
A security alert, issued by the FBI and the Cybersecurity and Infrastructure Security Agency, also said that "successful intrusions into SATCOM networks could create risk in SATCOM network providers' customer environments."
March 17, 2022
In this installment of the editor's panel weekly updates, ISMG's editors discuss how Russia's war further complicates the optics of paying money to ransomware-wielding criminals, based in Russia or that have ties to Russia-based crime operations.
One of the big surprises in Russia's war with Ukraine has been the apparent lack of sophisticated cyberattacks to prepare the battlefield or support the invasion, cybersecurity experts said.
March 16, 2022
War in Ukraine continued into its third week, and Russia closed in on major Ukrainian cities, upping its targeting of civilian infrastructure. In the U.S., cybersecurity officials urged a "Shields Up" approach - while the digital conflict has devolved deeply into the underground.
The U.S., Europe and other nations have imposed a comprehensive set of sanctions against Belarus and Russia in retaliation for the invasion of Ukraine. But sanctions aren't a perfect tool, and their effects can reach people who don’t have decision-making roles or influence and may very well oppose Russia's invasion. The situation is already proving frustrating for researchers, including one in Belarus who says he is opposed to the war and that bug bounties are his only source of income.
March 15, 2022
With the ground war worsening in Ukraine, the international community rallied behind the former Soviet state, and lawmakers in the U.S. sought guidance from the Department of Homeland Security on ways to continue fortifying U.S. cyber defense. The move comes as some cyber experts predict an ultimate escalation in Russia's malicious cyber activity targeting either Ukraine's infrastructure or NATO member networks.
International hacking collective Anonymous on Monday hacked the German subsidiary of Russian energy company Rosneft, die Welt newspaper said, citing the country's cybersecurity watchdog, the Federal Office for Information Security.
As the Russia-Ukraine war continues, healthcare sector entities in the U.S need to be prepared to deal with potential spillover cyber incidents, says Anahi Santiago, CISO of ChristianaCare, the largest healthcare delivery organization in the state of Delaware.
March 14, 2022
As war in Ukraine rages and the Putin regime continues to drive toward major population centers in the former Soviet state, U.S. cybersecurity officials remain on high alert - questioning whether the Russians will elevate their cyberwar against their Western neighbor or against NATO member-states.
What are the ethics of paying a ransom to a cybercrime syndicate that might be working as a proxy cyber force in support of the Russian government's war with Ukraine?
March 11, 2022
International hacking collective Anonymous announced that it hacked the Russian censorship agency known as Roskomnadzor. The group released 364,000 files it said show intensified censorship around the perception of the Ukraine invasion, which began in late February.
After months of political infighting, a landmark cybersecurity provision requiring critical infrastructure providers to report security incidents and ransom payments passed both chambers of Congress and now heads to President Joe Biden's desk.
In response to widespread, ongoing disruptions, the Russian government allegedly weighed a move to disconnect the country from the internet and switch to its own "runet." While government officials denied any such plans, they announced the launch of a domestic, trusted TLS certificate authority to allow Russia to issue its own digital certificates, in the event that existing certificates get revoked.
March 10, 2022
In an open letter addressing a request by the Ukrainian government to the web governance entity the Internet Corporation for Assigned Names and Numbers, dozens of researchers, internet activists, politicians and academics voiced their disapproval, and called for precise, measured sanctions that could more effectively weaken Russian military and propaganda efforts.
March 9, 2022
A former top U.S. cybersecurity official warned that the conflict in Ukraine will likely worsen before showing any signs of improvement, including potential cyber escalation with the U.S. and its NATO allies. Richard Clarke, former special adviser to the president of the U.S. on terrorism and cybersecurity, also urged security practitioners to ask hard questions if a system should fail.
March 7, 2022
As the ground war in Ukraine intensifies, U.S. and NATO officials looked to sharpen sanctions and rhetoric against Moscow, and cybersecurity proved a pivotal part of the discussion. The Biden administration requested $10 billion in emergency funds to address Russia's campaign, with sizeable pots for cybersecurity.
Ukrainian cybersecurity official Viktor Zhora said his country is fighting the first-ever "hybrid war" that bridges both the physical and online realms.
March 4, 2022
Four editors at Information Security Media Group discuss important cybersecurity issues, including the accelerating invasion of Ukraine by Russia and its potential short- and long-term impact on the cybersecurity industry; whether hacktivists are the new resistance fighters and the dangers that might trigger; and how a data leak may help researchers track and fight the Conti ransomware gang and its affiliates.
High-ranking U.S. officials said that while it would be nearly impossible for Russia to "flip the switch" and convert to cryptocurrency to stabilize its sanctioned economy, they caution that Russian elites and entities might try to skirt the measures by transferring and obfuscating funds across the blockchain.
Russia's National Coordination Center for Computer Incidents published a list of 17,576 IP addresses and 166 domains that it says are targeting the country's information resources via distributed denial-of-service attacks.
March 3, 2022
Key financial members of the U.S. Senate sent a letter to Treasury Secretary Janet Yellen regarding potential sanctions evasions and the department's ability to police crypto assets, as adversarial countries have previously leveraged them to fund weapons programs and infuse their economies with needed cash flows.
How can CISOs be prepared as nation-state and other activity remains a threat in light of Ukraine's invasion? Here are nine ways to consider bolstering network defenses.
A fresh phishing campaign, aimed at victimizing those donating aid to Ukraine, was carried out - most likely - by nation-state actors, according to cybersecurity researchers.
A Wisconsin-based consultancy that analyzes cybercrime activity, Hold Security, released an excerpt of a private chat between two Russian Conti members. In the chat, the two express misgivings about the war in Ukraine due to its violence. One participant bad-mouthed Russian President Vladimir Putin and said he had lost his mind.
Mikhail Sytnik, security expert for threat analysis firm Kaspersky, tells ISMG that cryptocurrency-related phishing scams continue to grow in 2022. More than 460,000 phishing attempts were made in 2021 and with an increased interest in digital assets, Sytnik says there will not be a shortage of cryptocurrency-related scams.
March 2, 2022
The U.S. Senate passed a landmark cybersecurity package that bundles three substantial measures - mandatory 72-hour incident reporting for critical infrastructure, an update to federal IT security strategy, and authorization for the governmentwide program standardizing security assessment, authorization and monitoring for cloud services.
Ukrainian online newspaper Pravda published details on 120,000 Russian soldiers, citing Ukraine's Center for Defense Strategies as the source. But chatter seen by Information Security Media Group on Telegram suggests that the source of the dataset is the hacker group ENIGMA.
March 1, 2022
Federal authorities cautioned that while they are unware of specific cyberthreats to the U.S. healthcare and public health sector related to Russia's attack on Ukraine, entities in those sectors should stay proactive and vigilant to at least three main potential threat groups and two wiper malware variants.
Amid the Russia-Ukraine crisis, cybersecurity officials in the U.S. and European Union expressed surprise over Russia's lack of pervasive cyber strikes and warned that cyberattacks could follow as Russia's economy reels from sanctions.
Feb. 28, 2022
International hacktivist collective Anonymous reported by way of social media that it successfully hacked websites connected to the Russian government, state media and banks as Russia experienced partially sanctions from SWIFT, the international messaging system used by banks around the world.
Belarus has renounced its nonnuclear status and began moving the Kremlin's nuclear weapons into the country for the first time since it gave up nuclear weapons at the fall of the Soviet Union. This action sparked a heavy backlash from several cyber hacktivist groups, who started disrupting Belarus' railway services and banking systems.
Researchers released more than a year's worth of data on Conti, a Russian ransomware gang known for its attack on the Health Service Executive of Ireland. The leak is being called a "must read" for security experts.
The Ukrainian Ministry of Defense, with the support of Ukraine's vice prime minister and minister of digital transformation Mykhailo Fedorov, reportedly issued a call for Ukrainian hackers to safeguard its networks and potentially tap into Russian infrastructure. Elon Musk also provided internet services to Ukraine by way of Starlink satellites.
Feb. 27, 2022
The U.S. Cybersecurity and Infrastructure Security Agency and the FBI issued a joint advisory pointing to Russian state-sponsored activity using WhisperGate and HermeticWiper malware to target Ukrainian organizations. The agency has also updated the Shields Up webpage to include recommendations for corporate leaders and actions to protect critical assets.
Feb. 26, 2022
A nation-backed group called UNC1151 aka Ghostwriter launched a malicious spear-phishing campaign aimed at members of the Ukrainian military. Meanwhile, the Ukrainian Ministry of Defense reportedly issued a call for Ukrainian hackers to safeguard its networks and potentially tap into Russian infrastructure.
Feb. 25, 2022
Sam Curry, CSO for Cybereason, discussed the potential fallout as Russia-Ukraine tensions heighten and how security leaders can prepare in this video interview.
The Ukraine's Ministry of Defense allegedly issued a notice to recruit hackers to launch cyberattacks on Russia's critical infrastructure. Hacktivist group, Anonymous, is also reportedly leveraging attacks against Russia.
Focusing on doomsday scenarios related to the Russia-Ukraine crisis will not help security teams, but running through emergency incident response preparation plans can. Wiper malware attacks, in terms of the Russia-Ukraine conflict, stayed contained in the Ukraine.
In the new video series "Sound Off," which explored a single question in depth, David Pollino, former CISO of PNC Bank, discusses how financial institutions should - and must - strengthen their incident response plans. Pollino, in this short video, provides specific examples of how security teams protecting bank networks can mitigate the risks of potential cyberattacks leveraged by nation-states.
Feb. 24, 2022
A new form of malware named Cyclops Blink and developed by Russian threat actor Sandworm aka Voodoo Bear was detected. U.K National Cyber Security Center and CISA issued joint advisory statements warning of Cyclops Blink, which has been active since June 2019 and attacks small home office routers and network devices.
U.S. officials, in an effort to disrupt Russia's web services, electric grid and other critical infrastructure, reportedly presented President Joe Biden with several offensive cyber options. But White House press secretary Jen Psaki has denied these reports. Threat analysts also discussed how cyberattacks could extend beyond Ukraine into other areas of Eastern Europe.
In light of recent events in Ukraine, healthcare security experts warned of potential cyber threats the U.S. could face, including malware, disinformation and phishing campaigns to launch retaliatory attacks. CISOs, researchers and other security experts weighed in on the risks.
Feb. 23, 2022
Ukraine's government and banking websites suffered a distributed denial-of-service outage that lasted for several hours - less than a week after the Ministry of Defense site fell in a similar attack. Global cybersecurity agencies warned organizations to enable multifactor authentication and be on high alert for other malicious activity.
As the Russia-Ukraine conflict escalated, the Ukrainian government looked to the possibility of wiping servers to protect sensitive data. Cybersecurity experts also weighed in on the possibility of a spike in ransomware and other cyberattacks as Russia's cyber warfare tactics heated up.
In ISMG's new series "Proof of Concept," guests discussed the probability of a cyber incident resulting in a kinetic response. This came as tensions between Ukraine and Russia rose sharply.
As Russia began its invasion of Ukraine, security experts reminded network defenders to stay prepared for any contingency. Britain's NCSC called for Western security agencies to bolster online defenses.
Feb. 22, 2022
The U.S. confirmed that the distributed denial-of-service attack on Ukraine's Ministry of Defense had been launched by Russia's Main Intelligence Directorate, aka GRU. In the wake of the escalating conflict, the European Union activated its group of cyber military experts to safeguard Ukrainian networks.
World leaders moved to sanction Russia for its aggression, and Ukraine remained on high alert in the face of potential cyberattacks. Ukraine's Computer Emergency Response Team issued an alert urging security teams to report suspicious activity to the government.
Feb. 21, 2022
Russian President Vladimir Putin delivered alarming remarks from the Kremlin, further legitimizing U.S. President Joe Biden's fears that invasion of Ukraine was imminent. Financial institutions, the state of New York and others advised on cybersecurity readiness in case Russia retaliated against the West.
Feb. 15, 2022
Ukraine's defense ministry, as well as two banks, Privatbank and Oschadbank, were reportedly hit by a cyberattack. The defense ministry's website, which supports the Armed Forces of Ukraine, went dark.
Feb. 14, 2022
After Russia amassed some 100,000 troops along the borders of Ukraine, the U.S. Cybersecurity and Infrastructure Security Agency released its "Shields Up" warning, designed to advise network defenders on how to protect against nation-state attacks.
Feb. 9, 2022
The European Central Bank warned against Russian cyberattacks on European banks, conducting numerous cyber war games in order to test the resiliency against a Russian cyber offensive. At one time, the banking system had focused predominantly on pandemic-related scams, but it then turned its attention to the possibility of Russia initiating direct cyberattacks on financial institutions.
Jan. 24, 2022
The DHS cautioned that Russian cyberattacks in retaliation of U.S. support of Ukraine could be on the horizon.
Jan. 21, 2022
ISMG's Anna Delaney and Mathew Schwartz analyzed cyberattacks aimed at Ukraine's government agencies. Seventy government agencies were targeted in an attempt to deface them.
Dec. 24, 2021
Russia moved 175,000 soldiers to the Ukrainian border after President Vladimir Putin criticized Ukraine's intention to join NATO. Cybersecurity experts, who noticed an increase in Russian intelligence operations, warned this could be a precursor to invasion.