Cyber Security Headlines – April 28, 2022

Russia experiences hacks at scale

Up until Russia’s invasion of Ukraine, many cyber actors specifically didn’t target Russian speaking countries, as many malware operators were based in Russia or surrounding countries. Wired reports that the country is facing an unprecedented wave of hacking activity since the invasion. Most of this activity comes in the form of DDoS attacks against websites and services, performed by hacktivists, the Ukranian IT army, and other forces. Researchers have also found ransomware campaigns now specifically targeting Russian organizations, actively seen scanning for bugs indicating more advanced campaigns are planned. Researchers at Kaspersky found that DDoS attack numbers have roughly returned to prewar levels, the length of the attacks have significantly grown, with the longest lasting 177 hours this year. 

(Wired)

State Department puts a price on NetPetya’s head

The State Department announced its offering a $10 million reward for information leading to the six Russian intelligence actors responsible for the now infamous malware. This reward comes as part of the Rewards for Justice program. While it’s explicitly focused on the NotPetya actors, the reward can also apply to  “any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure.” Since launching in 1984, the Rewards for Justice program has paid out over $200 million in rewards, and currently also has bounties out for the REvil and DarkSide ransomware groups.

(CyberScoop)

Two-thirds of organizations hit with ransomware

According to Sophos’ State of Ransomware 2022 report, 66% of organizations surveyed were hit with a ransomware attack last year, up from just 37% in 2020. This comes as the ransom’s paid by organizations increased nearly five-fold on the year to an average of $812,360. 11% of organizations said they paid ransoms over $1 million, up from 4% in 2020. Organizations paying less than $10,000 dropped to 21%. Overall 46% of organizations that had data encrypted paid ransoms, including 26% of organizations that were able to restore data from backups. 83% of mid-size organizations had cyber insurance policies, with 98% of incidents paying out for costs incurred, including 40% covering ransoms themselves. 

(Info-Security Magazine)

Negotiations resume on US consumer-privacy legislation

The Wall Street Journal reports that bipartisan negotiations on a long-stalled privacy bill resumed in earnest. This comes both from increased consumer pressure, but also with tech companies themselves calling for regulation after years of resisting it. Part of the reason is that four US states have passed privacy legislation, and the federal law would presumably supersede those laws for a more consistent policy. Proposed regulation would let consumers access personal information with a right to change, delete, or migrate it, as well as letting consumers opt-out of sharing data with third-parties. There seems to be a limited window for this legislation to pass, as bipartisan differences could stiffen as the midterm elections get closer. 

(WSJ)

Thanks to our episode sponsor, Feroot

Feroot
Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.

DJI pulls out of Russia

The drone maker said it will temporarily suspend business in Russia and Ukraine to ensure its products are not used in combat, calling it “a statement about our principles.” This makes DJI the first major Chinese firm to cite the ongoing conflict for halting sales in Russia. Didi Global reversed its decisions to suspend service in Russia and Kazakhstan after public backlash in China. Last month, DJI said it was aware of online footage suggesting the Russian military was using its products, but at the time said it was not able to confirm it. 

(Reuters)

Microsoft details Ukraine’s hybrid war

According to a new report from Microsoft, starting just before Russia launched its invasion, six separate Russia-aligned nation-state actors launched over 237 operations against Ukraine. These attacks attempted to degrade the systems of Ukrainian institutions, as well as disrupt access to reliable information and critical services. The report also found that Russian cyberattacks were strongly correlated with military operations targeting civilian services and institutions. Of the destructive cyber attacks observed by Microsoft, over 40% targeted critical infrastructure sectors. The report also provides a timeline of all observed attacks, as well as common initial access vectors used by Russian attackers. The report is linked in our show notes.

(Microsoft)

EU to open office in Silicon Valley

Politico’s sources say European Union officials plan to open the office to let it engage with the large tech platforms that are increasingly operating under expanded digital regulation in the region, with the Digital Markets Act and Digital Services Act expected to be passed into law in the near future. The EU European External Action Service already has a delegation stationed in Washington, but this unit is mainly focused on foreign affairs. It’s not clear when this office will be staffed and operational. European Parliament officials plan to visit Silicon Valley the week of May 23rd, with visits planned to Meta, Google, and Stanford.

(Politico)

Elon still needs approval to tweet

$44 billion can buy Elon Musk a lot of things, as of late it bought him board approval to take Twitter private. Musk may soon own Twitter, but a federal judge denied his request to scrap a 2018 consent decree with the Securities and Exchange Commission, which requires Tesla’s counsel to vet his tweets about the company. This settlement dates back to a tweet where Musk claimed to have “funding secured” to take Tesla private. In the appeal on the ruling, Musk said he was coerced into the deal by the SEC, and that he “never lied to shareholders.”

(Axios)

Rich Stroffolino
Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. Since 2015, he's worked in technology news podcasting and media. He dreams of someday writing the oral history of Transmeta.