Welcome to The Cybersecurity 202! I watched “Flee” this weekend and believe all the accolades are warranted.
An emergency $32.5 billion funding request the White House sent to Congress tells the story. It includes hundreds of millions of dollars for the Pentagon and State Department to aid Ukrainian cyber defenses, counter Russian disinformation and ramp up cyber protections among U.S. forces in Europe.
- One big target for the funding is shoring up the cyber defenses of Ukrainian electrical infrastructure and integrating its electrical grid with Europe.
- The request also includes: $28 million to bolster the FBI’s response to “cyber threats stemming from the Russia threat and war on Ukraine” and $1 million for Justice Department attorneys to handle Ukraine and Russia-related sanctions, export control and cyber cases.
But funding for those efforts is far from guaranteed. The larger package, which is split between $10 billion to respond to the Ukraine invasion and $23.5 billion for continued coronavirus efforts, is already running into trouble on Capitol Hill, mostly because of Republican objections to additional pandemic spending, Tony Romm reports.
The money is likely just the opening salvo as the government prepares for a future in which cyberspace will be even more precarious.
The big concerns:
- As the United States and its allies impose increasingly harsh sanctions on Russia, that might lower President Vladimir Putin’s inhibitions regarding launching damaging cyberattacks against the West. U.S. government agencies have been warning industry for months that the threat of major Russian hacks is extremely high.
- A cavalcade of nongovernment actors has also joined the fray, including Ukraine-supporting hacktivists and cybercriminal gangs supporting Russia. That not only hikes the chances for mistakes that could raise cyber tensions between nations, it also sets a precedent that could lead to more such actors jumping into future conflicts.
Recent developments aren’t heartening.
Russian hacks are ramping up against Ukraine — even though the seriousness of those attacks has been more muted than many experts predicted.
Ukraine’s information systems are under “nonstop” assault with denial-of-service attacks, the nation’s information protection service tweeted this weekend.
Those are relatively simplistic cyberattacks that aim to overwhelm websites with bogus traffic. They’ve hit websites of Ukrainian President Volodymyr Zelensky and the defense and internal affairs ministries, the agency said, adding: “We will endure! On the battlefields and in the cyberspace!”
- Microsoft said Friday that it countered Russian cyber efforts targeting more than 20 Ukrainian organizations including government offices, IT and financial services firms.
- The country’s nuclear power stations remain resilient against cyberattacks, officials say, but are far more vulnerable to physical attacks, Ellen Nakashima reported. Russia seized Europe’s largest nuclear power facility in southeastern Ukraine on Friday in a battle that produced a fire and fears of leaking radiation.
Nongovernment hacking groups are also launching attacks — raising the risk of confusion and escalation with the West.
Roughly 400,000 tech and cyber workers and students have joined Ukraine’s “IT army,” Victor Zhora, deputy chairman of the information protection service told reporters recently, Ellen reported.
This “IT Army” is a band of volunteers from Ukraine and abroad that has pledged to defend Ukraine against hacking but has also launched some digital operations of its own.
Those operations include sending pictures of dead Russian soldiers to Russian citizens to show the costs of the war and crack through Russian Internet censorship, Zhora said.
“Russia thinks that only super countries, super states can provide these attacks,” Zhora said. “But more than 400,000 people are united in this IT army. We call it cyber resistance. And [they’re doing] everything possible to protect our land, our cyberspace, our networks.”
A separate band of Ukrainian-sympathizing hacktivists based in Russian ally Belarus claimed that digital attacks against train services had helped prevent Russia from moving equipment and ammunition through the nation, though there was no independent verification of the claim.
Russia’s Internet is shifting inward
Russian censors have banned Facebook and throttled other U.S. social media services. Internet service provider Cogent Communications also severed ties with Russian clients, Craig Timberg, Cat Zakrzewski and Joseph Menn report. Microsoft, and Apple have also banned sales in Russia.
Taken together, the developments will make it harder for Russians to track the war in Ukraine and bring the country closer to a completely isolated Internet.
The move by Cogent was especially significant, analysts say. “A backbone carrier disconnecting its customers in a country the size of Russia is without precedent in the history of the Internet,” analyst Doug Madory wrote.
A chief concern was that the Russian government would use Cogent networks to launch cyberattacks or deliver propaganda targeting Ukraine, chief executive Dave Schaeffer said.
Ukraine is still pushing for more. “Ukraine’s minister of digital transformation, Mykhailo Fedorov, at first pressured popular consumer companies like Apple, Facebook and Google to withdraw services from Russia,” my colleagues write. “Now he has turned his attention to the companies that make the Internet itself function,” asking companies like Amazon and Cloudflare to stop providing services in Russia.”
Internet governance nonprofit ICANN recently rejected Ukraine's request to suspend the main Russian Internet domain, .ru. However, other forms of possible disconnection loom as the war and international sanctions intensify.
Hack hits a satellite Internet firm that services Ukraine
German officials say the cyberattack that targeted Viasat could be related to Russia’s invasion of Ukraine, whose military uses the technology, Der Spiegel reports. The hack caused Viasat customers to lose their Internet on Feb. 24, the same day as the Russian invasion.
The hack has also prevented thousands of German wind turbines from connecting to the Internet. That's blocked operators from controlling the turbines remotely.
Details of the cyberattack have slowly trickled out. Gen. Michel Friedling, who leads France’s Space Command, confirmed that the firm was hit with a cyberattack, Agence France-Presse reports. Viasat previously said it had experienced a “cyber event” but provided few details, saying it was “assisting” with investigations.
A hacking group is releasing sensitive information about major tech firms
The Lapus$ hacking group leaked proprietary information about Samsung and Nvidia in recent days, Bleeping Computer’s Ionut Ilascu reports. The group says it leaked highly sensitive data from both companies including internal source code.
- It’s not clear how or when the hacking group stole the information or if it demanded a ransom from Samsung in exchange for not releasing its data.
- The group publicly threatened to release data on Nvidia’s technology if it didn’t update its software to remove limitations on cryptocurrency mining, which requires intensive computer resources.
- It’s not clear why the hackers made such a demand, though they said they did so to “help” the mining and gaming communities and began releasing data after the firm refused to negotiate.
Hackers are already using the leaked Nvidia data as part of their attacks, Bleeping Computer’s Lawrence Abrams reports. They are essentially using the firm’s tools to make hacking tools look like legitimate software in a way that might outsmart virus detection tools.
Nvidia is investigating the incident and its business operations continue uninterrupted, the company told Bleeping Computer. Samsung didn’t respond to the outlet’s request for comment.
- Top intelligence and law enforcement officials testify before the House Intelligence Committee on worldwide threats on Tuesday at 10 a.m.
- CISA Executive Director Brandon Wales speaks at an Aspen Institute event on Tuesday at 2 p.m.
- The Senate Intelligence Committee holds its worldwide threats hearing on Thursday at 10 a.m.
- CISA Executive Assistant Director Eric Goldstein speaks at a Billington Cybersecurity event on Thursday at noon.
Secure log off
Thanks for reading. See you tomorrow.