Cyber security news March 2022

This posting is here to collect cyber security news in March 2022.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

888 Comments

  1. Tomi Engdahl says:

    ”We’ve had an uptick in usage in Eastern Europe & rumors are circulating that Signal is hacked & compromised. This is false. Signal is not hacked. We believe these rumors are part of a coordinated misinformation campaign meant to encourage people to use less secure alternatives.”
    https://mobile.twitter.com/signalapp/status/1498437474611343367

    Reply
  2. Tomi Engdahl says:

    Kommentti: Lännen ja Venäjän taloussodassa aineksia paitsi energiakriisiin myös vakavaan elintarvike­pulaan https://www.is.fi/taloussanomat/art-2000008648072.html

    Reply
  3. Tomi Engdahl says:

    Google teki tärkeän muutoksen Mapsiin Ukrainassa https://www.is.fi/digitoday/art-2000008648766.html

    Reply
  4. Tomi Engdahl says:

    Tiedustelulähteet: Huonoon sotamenestykseen turhautunut Putin rähjää alaisilleen https://www.is.fi/ulkomaat/art-2000008650329.html

    Frustrated Putin may order escalation of violence in Ukraine, U.S. officials say
    The U.S. has solid intelligence that Putin is directing unusual bursts of anger at people in his inner circle over the state of the military campaign, officials said.
    https://www.nbcnews.com/investigations/frustrated-putin-may-order-escalation-violence-ukraine-us-officials-sa-rcna18026

    U.S. intelligence agencies have determined that Russian President Vladimir Putin is growing increasingly frustrated by his military struggles in Ukraine and may see his only option as doubling down on violence, current and former U.S. officials briefed on the matter told NBC News.

    As the Russian economy teeters under unprecedented global sanctions and his purportedly superior military force appears bogged down, Putin has lashed out in anger at underlings, even as he remains largely isolated from the Kremlin in part because of concerns about Covid, the sources said.

    Reply
  5. Tomi Engdahl says:

    Hakkeriryhmä estänyt Venäjän sotakuljetuksia – halvaannutti raideliikenteen
    Valkovenäläinen hakkeriryhmä kertoo hidastaneensa Venäjän liikkumista Ukrainaan.
    https://www.iltalehti.fi/digiuutiset/a/471ecb18-1256-42d7-8088-61434f1f6341

    Valkovenäläinen hakkeriryhmä Cyber Partisans eli Kyberpartisaanit on halvaannuttanut raideliikennettä Valko-Venäjällä, Bloomberg uutisoi. Ryhmän kerrotaan päässeen tunkeutumaan koneille, jotka kontrolloivat Valko-Venäjän raiteita. Jotkin raidelinjat ovat hakkereiden mukaan olleet kokonaan pois käytöstä, mikä on vaikeuttanut Venäjän etenemistä.

    https://www.bloomberg.com/news/articles/2022-02-27/belarus-hackers-allegedly-disrupted-trains-to-thwart-russia

    Reply
  6. Tomi Engdahl says:

    Fingridin Ruusunen: ”Ne ajat ovat takana, kun Suomi oli riippuvainen venäläisestä sähköstä”
    Venäjältä virtaa edelleen sähkö Suomeen normaaliin tapaan.
    https://www.iltalehti.fi/politiikka/a/232d18c6-f921-443c-be15-73ad5e0070c9

    Uhkaako Suomea sähkökriisi, jos sähkön tuonti Venäjältä Suomeen pysähtyisi Venäjän vastapakotteiden seurauksena.

    Tuskin.

    – Ne ajat ovat takana, kun Suomi oli riippuvainen venäläisestä sähköstä. Näin voin kyllä sanoa, kantaverkkoyhtiö Fingridin toimitusjohtaja Jukka Ruusunen kommentoi Iltalehdelle tiistaiaamuna.

    Suomeen on virrannut koko talven ja virtaa edelleen venäläistä sähköä normaaliin tapaan.

    Tänään tiistaina kello 8.31 tilanne oli se, että Suomen sähkön kulutus oli Fingridin mukaan 10696 megawattia ja sähkön tuotanto oli 9858 megawattia. Sähkön tuonnin ja viennin erotus (netto) oli 836 megawattia.

    Tuonti Venäjältä oli samaan aikaan 836 megawattia. Usein tuonti Venäjältä on ollut jopa kaksinkertainen.

    Suomi tuo runsaasti sähköä myös Ruotsista.

    https://www.fingrid.fi/sahkomarkkinat/sahkojarjestelman-tila/

    Reply
  7. Tomi Engdahl says:

    [1420] Worst Kept Secret in Security… It’s All Keyed Alike
    https://www.youtube.com/watch?v=YeFevEGoPF0

    LPL has made the entire world realize a duct-taped door is more secure than most of our locks!

    Reply
  8. Tomi Engdahl says:

    Näin ihmisiä huijataan: Somessa leviää ”sota­­videoita”, jotka ovat peräisin video­peleistä
    https://www.is.fi/digitoday/esports/art-2000008650500.html

    Kaikki ei ole aina sitä miltä näyttää. Somessa on jaettu viime päivinä runsaasti videoita Venäjän sodasta Ukrainaa vastaan, mutta osa niistä on otettu videopeleistä.

    Venäjän sota Ukrainaa vastaan on johtanut ilmiöön, jossa peleistä taltioituja videoita on jaettu sosiaalisessa mediassa aitoina sotavideoina.

    Asiasta ovat viime päivinä uutisoineet muun muassa BBC, Reuters, Bloomberg ja Kotaku. Jopa miljoonia näyttökertoja keränneitä videoita on havaittu esimerkiksi Twitterissä, Facebookissa ja TikTokissa.

    Ukraine invasion: Misleading claims continue to go viral
    https://www.bbc.com/news/60554910

    Five days into the Russian invasion of Ukraine, false or misleading videos and images about the invasion continue to go viral.

    Among the things spreading quickly are old videos being depicted as current – along with claims that pictures such as the one above are old, even when they verifiably come from the present conflict.

    We’ve been looking into some of the most viral claims.

    Reply
  9. Tomi Engdahl says:

    Mitä tehdä, kun lapsi näkee Tiktokissa sota­videoita ja ahdistuu? Asian­tuntija neuvoo
    https://www.is.fi/kotimaa/art-2000008644539.html

    Lapset näkevät omilta päätelaitteiltaan tällä hetkellä hurjaa materiaalia. Miten suojella lasta sotakuvien näkemisestä johtuvasta järkytyksestä?

    Sosiaalisessa mediassa kiertää tällä hetkellä lapsia järkyttävää sisältöä Ukrainan sodasta. Palveluissa nähtävä materiaali on huomattavasti rankempaa kuin perinteisen median käyttämä kuvasto.

    Venäjä julisti sodan Ukrainalle tämän viikon torstaina neljältä aamuyöllä.

    Tiktok on lasten ja nuorten suosima sosiaalisen median alusta, ja useat vanhemmat ovat huolestuneet sinne ilmestyneestä sotasisällöstä.

    Sosiaalisen median kanavissa on voinut nähdä ukrainalaisten silmin esimerkiksi ohjusiskun asuinkerrostalon ulkopuolelle, vauvan itkemässä Venäjän hävittäjän lentäessä yli ja tankkeja vyörymässä Kiovan esikaupunkialueelle.

    Selfie-videoissa Tiktok-käyttäjien kanssa samanikäiset ukrainalaiset nuoret kuvaavat tuhoutunutta kotiaan ja itkevät kotonaan yleishälytyksen ääni taustalla.

    Reply
  10. Tomi Engdahl says:

    Salaperäiseen ”Kiovan aaveeseen” viittaava video oli otettu videopelistä
    Tuntematon hävittäjälentäjä ehti kerätä kiitosta Ukrainassa.
    https://www.is.fi/ulkomaat/art-2000008645244.html

    Tuntematon hävittäjälentäjä nousi ilmiöksi sodan riepottelemassa Ukrainassa. Sosiaalisen median käyttäjien ”Kiovan aaveeksi” ristimän lentäjän väitettiin ampuneen alas useamman venäläisen hävittäjälentokoneen. Asiasta kertoo Newsweek.

    Tarkemmassa tarkastelussa on myöhemmin selvinnyt, että Ukrainan puolustusministeriön lataama video, jossa viitataan ”Kiovan aaveeseen” on todellisuudessa otettu Digital Combat Simulator -pelistä.

    Who is the Ghost of Kyiv? Ukraine MiG-29 Fighter Pilot Becomes the Stuff of Legend
    https://www.newsweek.com/who-ghost-kyiv-ukraine-fighter-pilot-mig-29-russian-fighter-jets-combat-1682651?amp=1

    Reply
  11. Tomi Engdahl says:

    A wartime plea to Western satellite companies: “We need this data, please”
    “Within one hour there will be an attack on Kyiv again.”
    https://arstechnica.com/science/2022/02/a-wartime-plea-to-western-satellite-companies-we-need-this-data-please/

    Ukrainian entrepreneur Max Polyakov was emotional and, at times, angry, during a 20-minute call with reporters on Monday evening as he spoke about the attack by the Russian military on his homeland.

    “Within one hour there will be an attack on Kyiv again,” Polyakov said, pointing emphatically to his watch. “We need the data now.”

    The data he referred to were real-time observations made by commercial satellites flying over Ukraine. Polyakov pleaded with the operators of these satellites, primarily Western-based companies who sell data to governments and private customers, to freely share their data with one of his companies, EOS Data Analytics.

    Reply
  12. Tomi Engdahl says:

    Kommentti: EU sössi tehokkaimman Venäjä-pakotteensa
    Kreeta Karvala
    EU päätti pakotepaketista, mutta torppasi kaikkein tehokkaimpana pidetyn Venäjä-pakotteen, kirjoittaa Iltalehden Kreeta Karvala.
    https://www.iltalehti.fi/politiikka/a/2eecef68-a0b1-4290-bcb5-69dd3f31d90b

    Reply
  13. Tomi Engdahl says:

    Live Camera from #Ukraine #Kyiv
    https://www.youtube.com/watch?v=HIPNVm6lNfM

    LIVE VIEW of Kyiv, Ukraine, after Russian invasion.

    Reply
  14. Tomi Engdahl says:

    9 Cameras of Kyiv Ukraine LIVE Camera Kiev (Ukraine border live camera) Day 5
    https://www.youtube.com/watch?v=x3yMxxAkN4w

    9 Cameras of Kyiv Ukraine LIVE Camera Kiev (Ukraine border live camera) Day 5

    Russia Ukraine LIVE Camera News (Ukraine border live camera)

    Multiple camera feeds all on one screen LIVE all over Ukraine, Belarus & Russia along with Twitter & news feeds as the, what looks to be an imminent invasion of Russia into Ukraine unfolds.

    Reply
  15. Tomi Engdahl says:

    Schneider Relay Flaws Can Allow Hackers to Disable Electrical Network Protections
    https://www.securityweek.com/schneider-relay-flaws-can-allow-hackers-disable-electrical-network-protections

    Vulnerabilities discovered by researchers in some of Schneider Electric’s Easergy relays can allow hackers to disable protections for electrical networks. The vendor has released patches that should address the security flaws.

    Three high-severity vulnerabilities have been found in Easergy medium-voltage protection relays — two impact Easergy P5 devices and one affects Easergy P3 devices. Schneider Electric informed customers about these vulnerabilities in January and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory last week.

    Vulnerabilities found in Schneider Easergy protection relaysAccording to the advisories from Schneider and CISA, P3 relays are affected by a buffer overflow (CVE-2022-22725) that can lead to arbitrary code execution or a denial-of-service (DoS) condition if specially crafted packets are sent to the targeted device over the network.

    Easergy P5 relays are also affected by a buffer overflow (CVE-2022-22723) that can allow an attacker to cause program crashes and achieve code execution using specially crafted packets sent over the network. These devices also have hardcoded credentials (CVE-2022-22722) that can pose a security risk.

    “If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration,” Schneider explained.

    Reply
  16. Tomi Engdahl says:

    A Free-for-All But No Crippling Cyberattacks in Ukraine War
    https://www.securityweek.com/free-all-no-crippling-cyberattacks-ukraine-war

    Russia has some of the best hackers in the world, but in the early days of the war in Ukraine, its ability to create mayhem through malware hasn’t had much of a noticeable impact.

    Instead, it’s Ukraine that’s marshalled sympathetic volunteer hackers in an unprecedented collective global effort to make the Kremlin pay for making war on its neighbor. It’s a kind of cyber free-for-all that experts say risks escalating a moment already fraught with extraordinary danger after Russian President Vladimir Putin put his nuclear forces on alert.

    So far, Ukraine’s internet mostly works, its president still able to rally global support via a smartphone, and its power plants and other critical infrastructure still able to function. The kind of devastating cyberattacks thought likely to accompany a large-scale Russian military invasion haven’t happened.

    “It has not played as large a component as some people thought it might and it definitely has not been seen outside of Ukraine to the extent that people feared,” said Michael Daniel, a former White House cybersecurity coordinator. “Of course, that could still change.”

    Reply
  17. Tomi Engdahl says:

    Microsoft: Cyberattacks in Ukraine Hitting Civilian Digital Targets
    https://www.securityweek.com/microsoft-cyberattacks-ukraine-hitting-civilian-digital-targets

    Microsoft is calling attention to a surge in cyberattacks on Ukrainian civilian digital targets, warning that the new “digital war” includes destructive malware attacks on emergency response services and humanitarian aid efforts.

    The Redmond, Wash. software giant said the attacks on civilian targets raise serious concerns under the Geneva Convention.

    “We remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises,” said Microsoft president Brad Smith.

    “These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them,” Smith said in a statement published Monday.

    Reply
  18. Tomi Engdahl says:

    Critical Vulnerabilities Impact Widely Used Printed Circuit Board File Viewer
    https://www.securityweek.com/critical-vulnerabilities-impact-widely-used-printed-circuit-board-file-viewer

    Security researchers with Cisco’s Talos division this week disclosed six critical-severity vulnerabilities affecting Gerbv, an open source file viewer for printed circuit board (PCB) designs.

    A native Linux application, Gerbv is found on many common UNIX platforms, with a Windows version available as well. Gerbv has been downloaded from SourceForge more than 1 million times.

    The software is designed for viewing file formats that display layers of circuit boards, including Excellon drill files, RS-274X Gerber files, and pick-n-place files, and can be used either as a standalone application, or as a library.

    “Some PCB manufacturers use software like Gerbv in their web interfaces as a tool to convert Gerber (or other supported) files into images. Users can upload gerber files to the manufacturer website, which are converted to an image to be displayed in the browser, so that users can verify that what has been uploaded matches their expectations,” Talos explained.

    This makes it possible for an attacker to reach the software over the network without user interaction or elevated privileges.

    Reply
  19. Tomi Engdahl says:

    Netflix Won’t Add Russian Broadcasters to Service, Defying New Regulation
    Russian rule requires services with more than 100,000 subscribers to carry some 20 Russian channels
    https://www.wsj.com/articles/netflix-wont-add-russian-channels-to-service-defying-new-regulation-11646076964?mod=e2fb

    Reply
  20. Tomi Engdahl says:

    U.S. Slaps Technology Export Ban on Russia
    Feb. 24, 2022
    The White House has instructed the U.S. Commerce Department, through its Bureau of Industry and Security (BIS), to impose restrictions on the export of technology, including telecommunications systems and lasers, to Russia.
    https://www.mwrf.com/technologies/systems/article/21234551/us-slaps-technology-export-ban-on-russia?utm_source=RF%20MWRF%20Today&utm_medium=email&utm_campaign=CPS220225014&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R

    In response to Russia’s invasion of Ukraine, the White House has instructed the U.S. Commerce Department, through its Bureau of Industry and Security (BIS), to impose restrictions on the export of technology, including telecommunications systems and lasers, to Russia. The restrictions are intended to shut off Russia’s defense, aerospace, and maritime sectors from critical technology developed in the U.S. or that use components made in the U.S. The European Union and five other countries are expected to impose similar sanctions.

    As was the case with ZTE and Huawei previously, certain organizations within the Russian defense ecosystem have been placed on the Entity List (see “U.S. Commerce Dept. finds ZTE violated export disciplinary agreement, bans U.S. component supply” and “Huawei faces U.S. technology access ban”). Placement on the list requires that special licenses be obtained for items developed in the U.S. as well as foreign items produced using U.S. equipment, software, and blueprints before they can be sent to these Russian entities. Instructions for filing for such licenses state that the parties involved should assume such license requests will be denied.

    The Commerce Department has imposed restrictions on Russian access to semiconductors, computers, telecommunications technology, information security equipment, lasers, and sensors.

    Concurrently, BIS added 49 Russian military end-user organizations to its Entity List.

    In addition to the EU, Japan, Australia, the United Kingdom, Canada, and New Zealand have agreed to adopt similar sanctions. The Commerce Department said via a release that it expects other countries to follow suit.

    U.S slaps technology export ban on Russia
    Feb. 24, 2022
    The White House has instructed the U.S. Commerce Department, through its Bureau of Industry and Security (BIS), to impose restrictions on the export of technology, including telecommunications systems and lasers, to Russia.
    https://www.lightwaveonline.com/optical-tech/components/article/14234536/us-slaps-technology-export-ban-on-russia

    Reply
  21. Tomi Engdahl says:

    Taisteludroonien vallankumous
    https://yle.fi/uutiset/3-12328365

    Halvat miehittämättömät taisteludroonit ovat olleet monissa viime vuosien konflikteissa hämmästyttävän tehokkaita. Myös Ukraina käyttää niitä nyt.

    Reply
  22. Tomi Engdahl says:

    Katso aikajanalta, miten Venäjän aloittama sota on edennyt
    Kokosimme yhteen Ukrainan kriisin tärkeimmät tapahtumat viime kuukausilta.
    https://yle.fi/uutiset/3-12331818

    Reply
  23. Tomi Engdahl says:

    Google maps used to spread info to Russia

    Netissä keksittiin ovela tapa ujuttaa tietoa sodasta Venäjälle https://www.is.fi/digitoday/art-2000008651435.html

    https://mobile.twitter.com/konrad03249040/status/1498350631232356357

    Reply
  24. Tomi Engdahl says:

    Nordean koko päivän jatkuneet ongelmat johtuivat palvelunestohyökkäyksestä – tilanne nyt ok, mutta hitautta voi esiintyä
    Häiriö alkoi jo maanantai-iltana. Asiakkaat eivät ole päässeet kirjautumaan Nordean verkko- tai mobiilipankkeihin tänään välttämättä ollenkaan.
    https://yle.fi/uutiset/3-12338542

    Reply
  25. Tomi Engdahl says:

    Nordean palveluihin kohdistui palvelunestohyökkäys – kirjautumisessa voi vielä olla hitautta
    https://www.mtvuutiset.fi/artikkeli/nordealla-tilapainen-hairio-tunnistautumisessa/8367136

    Nordea kertoo Twitterissä, että osaan pankin palveluista on kohdistunut ulkopuolista häirintää eli palvelunestohyökkäys.

    – Olemme saaneet varmistettua palvelut niin, että asiakkaat voivat kirjautua mobiili- ja verkkopankkiin. Palveluissamme on kuitenkin tällä hetkellä hitautta, Nordea tviittasi puoli kuuden maissa tänään.

    Reply
  26. Tomi Engdahl says:

    It turns out parts for the stations were made in Ukraine, and they still had access to the system.

    Hackers Make Russian Charging Stations Display “Putin Is A Dickhead” Message
    https://www.iflscience.com/technology/hackers-make-russian-charging-stations-display-putin-is-a-dickhead-message/

    Reply
  27. Tomi Engdahl says:

    War in Ukraine: We Need to Talk About Fossil Fuels The E.U.’s dependence on Russian oil and gas greatly complicates the current conflagration
    https://spectrum.ieee.org/russia-ukraine-fossil-fuels?utm_campaign=RebelMouse&socialux=facebook&share_id=6934265&utm_medium=social&utm_content=IEEE+Spectrum&utm_source=facebook

    Reply
  28. Tomi Engdahl says:

    ‘If you happen to find a free or abandoned armored personnel carrier, here’s a life-hack on how to start it.’

    Russian Influencer Posts TikTok Showing How to Drive ‘Abandoned’ APCs
    https://www.vice.com/en/article/93bgmp/russian-influencer-posts-tiktok-showing-how-to-drive-abandoned-apcs?utm_source=motherboardtv_facebook&utm_medium=social

    ‘If you happen to find a free or abandoned armored personnel carrier, here’s a life-hack on how to start it.’

    A Russian influencer has gone viral on TikTok for a video explaining how to drive a Russian armored personnel carrier (APC).

    Tuman’s video comes at a time when reports are flooding social media about Russian soldiers running out of fuel or outright abandoning tanks and APCs in Ukraine. On Feb. 28, Russia’s state telecommunications regulator demanded that TikTok take steps to censor military content on its platform. The video went viral on Twitter Monday with some describing it as footage of a Ukrainian explaining how to pilot abandoned Russian military vehicles. That’s not quite what’s going on.

    The video of Tuman in an APC is actually a year old.

    Reply
  29. Tomi Engdahl says:

    Elon Muskia piinaava teini löysi uuden kohteen: Koodari kiusaa nyt myös Putinin lähipiiriin kuuluvia oligarkkeja
    Amerikkalainen 19-vuotias Jack Sweeney koodasi botin, joka julkaisee Venäjän oligarkkien lentotietoja.
    https://www.hs.fi/talous/art-2000008651271.html

    Reply
  30. Tomi Engdahl says:

    Tutkijat: Ydinaseilla uhkailu kesken sodan on uutta – Putinin tavat eroavat monista kylmän sodan neuvostojohtajista
    Tutkija sanoo, että Venäjän Ukrainan ympäristöön tuomien aseiden tuhovoima voi olla jo lähellä heikkotehoisimpia taktisia ydinaseita.
    https://yle.fi/uutiset/3-12336763

    Reply
  31. Tomi Engdahl says:

    Apple has paused product sales and limited the use of Apple Pay and other services in Russia, joining a chorus of tech giants taking a stand against the invasion of Ukraine.

    Apple Stops Sales in Russia—and Takes a Rare Stand
    https://www.wired.com/story/apple-russia-iphone-ukraine-traffic-maps-rt-sputnik-app-store/?mbid=social_facebook&utm_brand=wired&utm_social-type=owned&utm_medium=social&utm_source=facebook

    The company joins the chorus of tech giants pushing back against Russian aggression.

    Reply
  32. Tomi Engdahl says:

    Hackers can win $100k for helping Ukraine bring down Russian websites
    A cybersecurity company wants to create a “decentralised cyber army” from around the world
    https://sifted.eu/articles/ukraine-war-russia-websites-hack/

    A global “hackathon” calling for volunteers to help expose Russian software vulnerabilities got underway at 4am this morning (2am GMT), as Ukraine’s frantic defence against Moscow took its latest unconventional turn.

    Kyiv-based cybersecurity company Cyber Unit Technologies is organising the giant hacker effort, promising a $100k bounty payable in cryptocurrency to the best online attacks against Russian websites (the firm is also calling for donations to grow the reward pot).

    The global competition — dubbed “Fuck Hack Russia” — is the latest in an unprecedented cyber effort to repel Moscow’s army, which continues to shell Ukrainian cities this week.

    Reply
  33. Tomi Engdahl says:

    “In the public eye Russian state institutions have been dealt a major blow and perceptions matter”

    Reply
  34. Tomi Engdahl says:

    Rabobank: If Putin Has Lost, So Have Markets
    https://www.zerohedge.com/markets/rabobank-if-putin-has-lost-so-have-markets

    The fight is here: I need ammo, not a ride
    This will be a longer than normal Daily: we live in extraordinary times and a few extra paragraphs are needed to cover it. However, let’s start with the key point: Vladimir Putin has lost this war – and so have markets. The greatest risks lie in how much damage he is prepared to inflict on to attempt to deny that fact.

    The ferocity of Ukrainian resistance is the polar opposite of the collapse of the Afghan government, which exited in jets filled with US cash. On Friday, as Bloomberg was reporting Kyiv would fall in hours, the US offered President Zelenskiy an airlift out. His response: “The fight is here: I need ammo, not a ride.” He is prepared to die for his cause, in contrast to leaders who won’t even risk a bad opinion poll.

    Overall, the Russian military is performing extremely poorly: they still don’t have air superiority due to Ukraine moving its air defences around, and Russian missile strikes having only hit old, static targets. Russia’s attempts to rapidly seize Kyiv while minimising losses to Ukrainian civilians and its infrastructure are resulting in massive losses on their side.

    There are now reports of Russian conscripts looting or begging for food or fuel, which suggests supply chain collapse; of them pouring fuel away to not be able to drive on to Kyiv; and of mutinies.

    If Putin wants to win militarily he will have to get even more destructive; yet the more he does, the more Ukrainians and the West will resist. War is a continuation of politics by other means. There is no political means by which Putin can reintegrate Ukraine with Russia: he has irretrievably broken the ‘Russkiy mir’ (Russian world) he wanted to recreate. Some now start to fear Putin may decide if he cannot hold Ukraine then he will cause massive damage in order to punish it for its defiance.

    Yet if Putin has lost, so have markets.

    First, Europe has woken up from a 30-year geopolitical slumber. Ukraine will be resupplied militarily by NATO members and the EU

    Second, Russia is being removed from the global community, economy, and financial markets.

    Reply
  35. Tomi Engdahl says:

    IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
    As the recent hostilities started between Russia and Ukraine, ESET researchers discovered several malware families targeting Ukrainian organizations. As stated in this ESETResearch tweet and WLS blogpost, we uncovered a destructive attack against computers in Ukraine that started around 14:52 on February 23rd, 2022 UTC. This followed distributed denial-of-service (DDoS) attacks against major Ukrainian websites and preceded the Russian military invasion by a few hours..
    Also:
    https://www.bleepingcomputer.com/news/security/new-worm-and-data-wiper-malware-seen-hitting-ukrainian-networks/.
    https://thehackernews.com/2022/03/second-new-isaacwiper-data-wiper.html.
    https://www.zdnet.com/article/security-researchers-spot-another-form-of-wiper-malware-that-was-used-against-ukraines-networks/

    Reply
  36. Tomi Engdahl says:

    Nordea: Verkkopankin ongelmat johtuvat ulkopuolisesta häirinnästä, palveluiden hitaus jatkuu https://www.hs.fi/talous/art-2000008650264.html
    Nordean verkkopankkipalvelut ovat kärsineet maanantaina ja tiistaina ongelmista palvelunestohyökkäyksen takia. Häiriöt olivat vakavia, sillä kaikki asiakkaat eivät päässeet kirjautumaan verkkopankkitunnuksilla lainkaan. Tilapäisen häiriön vuoksi Nordean pankkitunnuksilla tai tunnuslukusovelluksella ei voi tunnistautua
    verkko- tai mobiilipankkiin tai muiden palveluntarjoajien palveluihin, yhtiö kertoi aamulla verkkosivuillaan.. Myös:
    https://www.tivi.fi/uutiset/tv/a9494fc2-b799-40ee-81b7-f3bbd8fb0e22

    Reply
  37. Tomi Engdahl says:

    TCP Middlebox Reflection: Coming to a DDoS Near You https://www.akamai.com/blog/security/tcp-middlebox-reflection
    In recent weeks, Akamai researchers began observing multiple distributed denial of service (DDoS) attack campaigns against Akamai customers that had included SYN flooding and high volumes of traffic:
    up to 11 Gbps at 1.5 million packets per second (Mpps). Upon examining the TCP packets used in the attack, we realized that they are leveraging a new technique known as TCP Middlebox Reflection.

    Reply
  38. Tomi Engdahl says:

    Digital technology and the war in Ukraine https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
    All of us who work at Microsoft are following closely the tragic, unlawful and unjustified invasion of Ukraine. This has become both a kinetic and digital war, with horrifying images from across Ukraine as well as less visible cyberattacks on computer networks and internet-based disinformation campaigns. We are fielding a growing number of inquiries about these aspects and our work, and therefore we are putting in one place a short summary about them in this blog. This includes four areas: protecting Ukraine from cyberattacks; protection from state-sponsored disinformation campaigns; support for humanitarian assistance; and the protection of our employees.. Also:
    https://threatpost.com/microsoft-ukraine-foxblade-trojan-hours-before-russian-invasion/178702/

    Reply
  39. Tomi Engdahl says:

    TeaBot is now spreading across the globe https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
    TeaBot is an Android banking trojan emerged at the beginning of 2021 designed for stealing victims credentials and SMS messages. TeaBot RAT capabilities are achieved via the device screens live streaming (requested on-demand) plus the abuse of Accessibility Services for remote interaction and key-logging. This enables Threat Actors (TAs) to perform ATO (Account Takeover) directly from the compromised phone, also known as On-device fraud. In the last months, we detected a major increase of targets which now count more than 400 applications, including banks, crypto exchanges/wallets and digital insurance, and new countries such as Russia, Hong Kong, and the US.

    Reply
  40. Tomi Engdahl says:

    Namecheap is banning Russians, asks them to switch registrars https://www.bleepingcomputer.com/news/technology/namecheap-is-banning-russians-asks-them-to-switch-registrars/
    Domain registrar Namecheap is emailing customers registered in Russia saying it will no longer provide them with services because of Russia’s invasion of Ukraine. “Unfortunately, due to the Russian regime’s war crimes and human rights violations in Ukraine, we will no longer be providing services to users registered in Russia,” the company says in the emails sent earlier today. “While we sympathize that this war may not affect your own views or opinion on the matter, the fact is, your authoritarian government is committing human rights abuses and engaging in war crimes so this is a policy decision we have made and will stand by.”

    Reply
  41. Tomi Engdahl says:

    Conti Ransomware Gang’s Internal Chats Leaked Online After Siding With Russia https://thehackernews.com/2022/03/conti-ransomware-gangs-internal-chats.html
    Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin’s ongoing invasion of Ukraine, a disgruntled member of the cartel has leaked the syndicate’s internal chats. The file dump, published by malware research group VX-Underground, is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated ransomware group from January 2021 to February 2022, in a move that’s expected to offer unprecedented insight into the gang’s workings..
    Also:
    https://blog.malwarebytes.com/threat-intelligence/2022/03/the-conti-ransomware-leaks/.
    https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/.
    https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/

    Reply
  42. Tomi Engdahl says:

    The invasion of Ukraine started online long before troops marched on Kyiv https://therecord.media/the-war-for-ukraine-started-online-long-before-troops-marched-on-kyiv/
    Riga, LatviaI left Ukraine on Feb. 18 for a journalism training in Riga feeling uneasy. Just days before, I covered yet another cyberattack this one targeting Ukrainian government websites and national banks, striking after months of rising tensions in the region. Yet even while constantly checking my phone for news updates as my plane left Kyiv, I didnt realize I was about to become a refugee reporting on the invasion of my own country from the outside. On Feb.
    24, I woke up in the middle of the night to watch YouTube videos of Russian troops entering Ukraine Ive hardly slept since.

    Reply
  43. Tomi Engdahl says:

    NVIDIA says employee credentials, proprietary information stolen during cyberattack https://www.zdnet.com/article/nvidia-says-employee-credentials-proprietary-information-stolen-during-cyberattack/
    NVIDIA said employee credentials and proprietary information were stolen during a cyberattack they announced on Friday. The microchip company said it first became aware of the incident on February 23 and added that it impacted its IT resources. “Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement. We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict.. Also:
    https://www.bleepingcomputer.com/news/security/nvidia-confirms-data-was-stolen-in-recent-cyberattack/

    Reply
  44. Tomi Engdahl says:

    Cyber threat activity in Ukraine: analysis and resources https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/
    Microsoft has been monitoring escalating cyber activity in Ukraine and has published analysis on observed activity in order to give organizations the latest intelligence to guide investigations into potential attacks and information to implement proactive protections against future attempts. Weve brought together all our analysis and guidance for customers who may be impacted by events in Ukraine into this single location for ease of consumption, all of which is linked below.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*