The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Industry is under pressure to keep up its guard on Russian cyber threats

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! Run, don’t walk: For about 48 hours, The Washington Post is offering free access to every story on our site, no credit card required. We did the honors and pulled some of our best cybersecurity stories we think you’ll enjoy:

Below: WikiLeaks founder Julian Assange is one step closer to being extradited to the United States, and an Israeli private eye pleaded guilty to working with hackers to target hedge funds. 

Administration to industry: stay on high cyber alert

Vigilance tends to wane over time – and that's true for U.S. industries, as a potential widespread Russian cyberattack they've been warned of doesn't materialize.

So the Biden administration is pulling out all the stops to keep companies on high alert as the Ukraine invasion grinds into its second month and Russian cyber assaults play a genuine but limited role in Ukraine but fail to reach outside that country’s borders. 

The administration came out with a one-two punch yesterday.

  1. U.S. government cyber agencies released a joint advisory with allies warning cyberattacks could be coming imminently from Kremlin hackers or Russian-based cybercriminals targeting critical infrastructure such as airport and energy firms. The alert was co-signed by officials from the United Kingdom, Canada, Australia and New Zealand.
  2. The Cybersecurity and Infrastructure Security Agency (CISA) also announced it’s expanding its program for sharing cyberthreat information with industry to focus more intently on hacking threats to major industrial systems such as those that run energy plants. The move came shortly after the agency revealed a vicious new brand of malicious software targeting those systems that’s likely of Russian origin.

CISA has pushed relentlessly to ensure the Russian hacking threat remains a top priority for industry leaders — urging a breakneck pace of software updates and improvements, tightened standards and a ramped-up program to share any possible indicator of Russian hacking with the government.

CISA Director Jen Easterly described the grueling pace of the effort at the S4x22 cybersecurity conference in Miami yesterday and said she worried about “vigilance fatigue.” Here's more via the publication ReadMe:

The warnings aren’t new. Way back in early March, former CISA director Chris Krebs warned that cyber defenders may have trouble remaining vigilant as the conflict grinds on. “We have been talking with some alarm for weeks, if not months, about the potential Russian threat and fatigue is real and the desensitization to ongoing activities that are happening elsewhere is real,” he told me at the time. 

Cyberthreat researchers are also pressing industry to stay on high alert. 

Maggie MacAlpine, security strategist at Cybereason: 

Joe Slowik, senior manager for threat intelligence at Gigamon: 

Russian cyberattacks against Ukraine have ramped up dramatically during the conflict — even as the most significant hacks there have fallen flat.

  • Cyberattack targeting Ukraine tripled compared with last year, the country’s digital division said in a news release yesterday.
  • That increase is even bigger than it first appears because Russian cyberattacks against Ukraine have been running at a high tempo since the Kremlin’s 2014 invasion of Crimea.

As a result: The lengthy Advisory is full of technical details of Russian hacking tactics, security fact sheets and other information. The authors describe it as “the most comprehensive view of the cyberthreat posed by Russia to critical infrastructure released by government cyber experts since the invasion of Ukraine.” 

“Threats to critical infrastructure remain very real. The Russia situation means you must invest and take action,” NSA Cybersecurity Director Rob Joyce said in a statement accompanying the advisory. 

But Russian hacks have made comparatively little impact since the start of the invasion

  • “By and large, Ukraine is successfully repelling cyberattacks launched by Russia and those hacking groups that are affiliated with Russian military and law enforcement,” the Ukrainian government office said. 

An attempt to hack Ukraine’s energy grid, for example, was discovered and thwarted before any significant damage was done. 

While there’s no public evidence of an uptick of Russian hacks against the United States and its Western allies so far, U.S. officials did discover a hacking tool that’s of probable Russian design. If used effectively, the tool dubbed Pipedream could have manipulated digital systems to cause explosions at energy facilities. 

But, similar to the Ukraine grid bug, this one was discovered before it could do any damage. 

Here’s Robert M. Lee, co-founder of the cybersecurity firm Dragos, which researched Pipedream, via reporter Kim Zetter:

The keys

Assange inches closer to extradition to U.S.

A London court formally approved the extradition of Julian Assange, a procedural step that is the latest blow to the WikiLeaks founder, who faces criminal charges in the United States, Timothy Bella reports. U.S. prosecutors have accused Assange of breaking U.S. anti-hacking laws when he offered to help Chelsea Manning decipher a password among other crimes.

  • Assange’s lawyers have a month to file objections with U.K. Home Secretary Priti Patel, who will have the final say about whether the extradition should go forward, the Associated Press reported. 
  • One of Assange’s lawyers said they planned to file “serious submissions” to Patel, the Guardian reported. 
  • Even if Patel approves the extradition, Assange could try to launch a legal challenge.

Assange has for years fought extradition to the United States. He has been held in London’s Belmarsh Prison since April 2019, when Ecuador’s embassy revoked his political asylum.

Israeli private eye pleaded guilty to working with hackers

Aviram Azari pleaded guilty to charges of wire fraud, conspiracy to commit hacking and aggravated identity theft, Reuters’s Christopher Bing reports. The move came around two-and-a-half years after Azari was indicted by a federal grand jury in New York.

Azari’s lawyer, Barry Zone, said he was pleading guilty to being a middleman for hackers, but wasn’t cooperating with prosecutors.

Azari’s alleged crimes were related to his work for an Indian IT firm known as BellTroX InfoTech Services, which reportedly helped its clients hack thousands of email accounts, five people familiar with the case told Reuters. 

The specific charges in the case were related to Azari’s work for German payment firm Wirecard, Zone said. Researchers at Citizen Lab previously said hackers working for BellTroX targeted journalists, investigators and hedge funds that were looking into irregularities at the German payment-processing firm. 

Here’s more from Citizen Lab’s John Scott-Railton:

U.N. should look at North Korean cybercrimes, sanctions coordinator says

The U.N. should ramp up its investigation into North Korean cybercrimes, the coordinator of the U.N. Security Council's panel of experts on the hermit nation, Eric Penton-Voak, said, per Reuters. It's difficult to know the full extent of North Korean hacking because victims are hesitant to discuss breaches and “many, many member states are quite cautious about their own cyber capabilities,” Penton-Voak said. 

North Korean hackers have highly advanced skills, as shown by the recent hack of more than $600 million in cryptocurrency from video game Axie Infinity, Penton-Voak added.

The Pyongyang-aligned hacking gang Lazarus Group was responsible for that breach, U.S. authorities said last week. Prosecutors previously said Lazarus Group was behind the 2014 hacking of Sony Pictures Entertainment. The U.S. government wants the U.N. Security Council to blacklist the group, Reuters reported. The U.S. government sanctioned Lazarus Group in 2019.

Cyber insecurity

The FBI warns agricultural cooperatives to watch out for ransomware

Ransomware attacks may increase during planting and harvesting seasons, the FBI warned. Hackers have similarly targeted other industries during high tempo moments when they believe the victims will be more likely to pay up in order to get back to work, threat analysts have said. 

More details from the FBI via Twitter:

Here’s more from CyberScoop’s Suzanne Smalley.

Barack Obama Takes On a New Role: Fighting Disinformation (New York Times)

Government scan

In a first, Treasury Department sanctions major cryptocurrency mining firm (CyberScoop)

Securing the ballot

Trump walks out of interview after challenge on false voter-fraud claims (Donna Cassata)

Hill happenings

Want our metadata? Get a warrant, Rep. Ted Lieu says. (Cristiano Lima and Aaron Schaffer)

Brokers' sales of U.S. military personnel data overseas stir national security fears (CyberScoop)

Global cyberspace

A fake cyberwar held in Estonia could help nations prepare for real life threats (NPR)

Daybook

  • AFCEA Bethesda hosts a webinar on zero trust architecture today at 8 a.m. 
  • The Cyber Threat Alliance and Radware host an event on cyberthreats and trends today at 11 a.m.
  • The Atlantic Council hosts an event on recently discovered malware targeting industrial control systems on Friday at 9:30 a.m.

Secure log off

Thanks for reading. See you tomorrow.

Loading...