Welcome to The Cybersecurity 202! We won’t have a newsletter Monday, so we’ll be back with you Tuesday.
One of them was the American media, Deputy Prime Minister Mykhailo Fedorov said in a visit to The Washington Post. (Surely he wasn’t playing to the crowd.)
“We ended up getting a lot of information about cyberattack vectors and other related information from the media,” Fedorov said through an interpreter. “And that is how we were able to prevent attacks on our energy infrastructure back in December.”
Partially in response to the articles they read, Ukrainian officials established so-called “red teams,” which simulates enemy attackers to probe for weaknesses, he said.
Another source of help? Moving important data into the cloud two weeks before the war, he said. As Fedorov commented after an appearance at an Amazon Web Services (AWS) conference Thursday, “The cloud can’t be destroyed by missiles.” (Amazon founder Jeff Bezos owns The Washington Post.)
Cloud services became a life-saver for our state registries and operation of the economy. I mean — you can’t destroy cloud with a missile. @awscloud committed to help 🇺🇦 with $75 mln in services & humanitarian efforts. Additionally we renewed the MoU for 2023. Thanks @liammax. pic.twitter.com/j315xEmuhd— Mykhailo Fedorov (@FedorovMykhailo) December 1, 2022
More than nine months into what Fedorov called “the most technologically advanced war in the history of the world,” help from the United States continues.
- AWS is dedicating $75 million to continue the ministry’s migration to the cloud, the ministry announced Thursday.
- Google on Thursday also committed to providing additional cybersecurity services to Ukraine, on top of past assistance like taking down Russian influence operations and providing cyber incident response and tracking threats.
State of defense
While the Russia-Ukraine war hasn’t featured cyberattacks as heavily as many expected, Fedorov said daily cyberattacks number in the hundreds and thousands. There’s constant scanning for vulnerabilities. Phishing attacks are the most common kind.
Ukraine’s defenses have held up, though, he said.
“From what we know, there hasn’t been a single leak of any of the basic registries since the beginning of the war,” Fedorov said. “Not a single registry has stopped operating.”
The most prominent suspected Russian cyberattacks against Ukraine came in the buildup to the invasion.
- Distributed denial-of-service attacks knocked down the websites of the Ministry of Defense, as well as of some banks, in early February. Such attacks overload a website with fake traffic.
- U.S. and European officials blamed Russia for an attack on American satellite company Viasat, one that hampered communications in Ukraine.
Of late, security researchers have pointed to disruptive ransomware attacks coming out of Russia that targeted transportation companies in Ukraine and Poland. It’s rare for Ukraine to be hit with ransomware attacks, but Ukraine also warned last month that another ransomware gang — one that researchers have yet to publicly attribute to a particular headquarters nation — appeared to be targeting Ukraine’s military websites.
State of offense
“Clearly, they do have certain targets inside the Russian Federation,” he said. “There are certain targets and goals which are not made public.”
Russia also has proven an easy target for those hackers, he said.
“Inside Russia, the cyberdefense situation is at a terrible level,” according to Fedorov. Economic sanctions have helped produce those conditions.
Many companies have left Russia because they can’t move in new equipment. Many IT specialists have left the country as well, given fewer available opportunities to reach their potential, Federov said.
State of social media
But as Ukraine has worked to get its message out across social media, Facebook owner Meta has proven an obstacle, he said.
The company has blocked accounts of media that write about the war, Federov said. Ukraine has pleaded its case to Meta, which Federov said is trying to improve his algorithm.
“The situation is better now than it used to be, but it is still difficult,” he said.
A Meta spokesperson did not answer a request for comment on Fedorov’s remarks.
Chinese regulator gives Tencent and ByteDance direction on censorship amid protests
The Cyberspace Administration of China told tech giants Tencent and ByteDance to be on guard for posts about protests in the country, also telling the companies to staff up their censorship teams, the Wall Street Journal’s Liza Lin reports. The protests have spread across China over the past month, with protesters using the government’s covid lockdowns as a proxy for various grievances.
“The directives were issued following an internal meeting at the internet regulator, where officials were also told to ask Chinese search engines, e-commerce companies and internet content platforms to conduct a fresh sweep to remove sales postings and information about how to use virtual private networks, also known as VPNs,” Lin writes, citing people familiar with the matter. “The regulator also asked officials to get companies to prevent searches related to VPNs, which were used by protesters and their supporters to circulate videos of the recent demonstrations, the people said,” Lin writes.
Tencent declined to comment to the Wall Street Journal. The Cyberspace Administration of China and ByteDance didn’t respond to the outlet’s requests for comment.
Federal judge sentences Sim-swapper to 18 months in prison
Nicholas Truglia has already served 12 months of the prison term, Bloomberg News’s Ava Benny-Morrison reports. Truglia had pleaded guilty to a count of conspiring to commit wire fraud. He had been accused of being part of a group of hackers who stole $20 million from cryptocurrency consultant Michael Terpin through a type of hack known as “Sim-swapping” in 2018.
Truglia “has been described in court filings as part of a posse of ‘evil computer geniuses’ who tricked telecom employees into transferring customers’ cell numbers to SIM cards controlled by the hackers,” Benny-Morrison writes. “But he is the only one to face criminal charges. He has already been hit with civil judgments totaling almost $80 million for the audacious attacks, which targeted wealthy crypto figures on opposite ends of the U.S.”
Cuba blasts U.S. committee recommendation to reject approval of undersea cable
Cuban Vice Foreign Minister Carlos Fernandez de Cossio said the recommendation is “the way in which the government of the United States pretends to comply with its declared commitment to promote internet use in Cuba, and its concerns for the well-being of the Cuban people,” Reuters’s Dave Sherwood and David Shepardson report. The reaction came in the wake of a recommendation by Team Telecom, a U.S. interagency committee, that urged the Federal Communications Commission to not allow an undersea cable license connecting Cuba and the United States, citing counterintelligence and national security concerns.
“Cuba has long accused the U.S. of doublespeak, saying a Cold War-era embargo imposed by the United States on Cuba has failed to upend Cuba’s government, and instead, has only caused suffering among the Cuban people,” they write. “The U.S. government in recent years has been scrutinizing undersea cable connections especially involving China. Around 300 subsea cables form the backbone of the internet, carrying 99 percent of the world’s data traffic.”
- Mykhailo Fedorov, Ukraine’s minister of digital transformation, speaks at an Atlantic Council event on Ukraine’s digital resilience today at 1 p.m.
Secure log off
Thanks for reading. See you next week.