Russia experiences hacks at scale
Up until Russia’s invasion of Ukraine, many cyber actors specifically didn’t target Russian speaking countries, as many malware operators were based in Russia or surrounding countries. Wired reports that the country is facing an unprecedented wave of hacking activity since the invasion. Most of this activity comes in the form of DDoS attacks against websites and services, performed by hacktivists, the Ukranian IT army, and other forces. Researchers have also found ransomware campaigns now specifically targeting Russian organizations, actively seen scanning for bugs indicating more advanced campaigns are planned. Researchers at Kaspersky found that DDoS attack numbers have roughly returned to prewar levels, the length of the attacks have significantly grown, with the longest lasting 177 hours this year.
(Wired)
State Department puts a price on NetPetya’s head
The State Department announced its offering a $10 million reward for information leading to the six Russian intelligence actors responsible for the now infamous malware. This reward comes as part of the Rewards for Justice program. While it’s explicitly focused on the NotPetya actors, the reward can also apply to “any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure.” Since launching in 1984, the Rewards for Justice program has paid out over $200 million in rewards, and currently also has bounties out for the REvil and DarkSide ransomware groups.
Two-thirds of organizations hit with ransomware
According to Sophos’ State of Ransomware 2022 report, 66% of organizations surveyed were hit with a ransomware attack last year, up from just 37% in 2020. This comes as the ransom’s paid by organizations increased nearly five-fold on the year to an average of $812,360. 11% of organizations said they paid ransoms over $1 million, up from 4% in 2020. Organizations paying less than $10,000 dropped to 21%. Overall 46% of organizations that had data encrypted paid ransoms, including 26% of organizations that were able to restore data from backups. 83% of mid-size organizations had cyber insurance policies, with 98% of incidents paying out for costs incurred, including 40% covering ransoms themselves.
Negotiations resume on US consumer-privacy legislation
The Wall Street Journal reports that bipartisan negotiations on a long-stalled privacy bill resumed in earnest. This comes both from increased consumer pressure, but also with tech companies themselves calling for regulation after years of resisting it. Part of the reason is that four US states have passed privacy legislation, and the federal law would presumably supersede those laws for a more consistent policy. Proposed regulation would let consumers access personal information with a right to change, delete, or migrate it, as well as letting consumers opt-out of sharing data with third-parties. There seems to be a limited window for this legislation to pass, as bipartisan differences could stiffen as the midterm elections get closer.
(WSJ)
Thanks to our episode sponsor, Feroot
DJI pulls out of Russia
The drone maker said it will temporarily suspend business in Russia and Ukraine to ensure its products are not used in combat, calling it “a statement about our principles.” This makes DJI the first major Chinese firm to cite the ongoing conflict for halting sales in Russia. Didi Global reversed its decisions to suspend service in Russia and Kazakhstan after public backlash in China. Last month, DJI said it was aware of online footage suggesting the Russian military was using its products, but at the time said it was not able to confirm it.
(Reuters)
Microsoft details Ukraine’s hybrid war
According to a new report from Microsoft, starting just before Russia launched its invasion, six separate Russia-aligned nation-state actors launched over 237 operations against Ukraine. These attacks attempted to degrade the systems of Ukrainian institutions, as well as disrupt access to reliable information and critical services. The report also found that Russian cyberattacks were strongly correlated with military operations targeting civilian services and institutions. Of the destructive cyber attacks observed by Microsoft, over 40% targeted critical infrastructure sectors. The report also provides a timeline of all observed attacks, as well as common initial access vectors used by Russian attackers. The report is linked in our show notes.
EU to open office in Silicon Valley
Politico’s sources say European Union officials plan to open the office to let it engage with the large tech platforms that are increasingly operating under expanded digital regulation in the region, with the Digital Markets Act and Digital Services Act expected to be passed into law in the near future. The EU European External Action Service already has a delegation stationed in Washington, but this unit is mainly focused on foreign affairs. It’s not clear when this office will be staffed and operational. European Parliament officials plan to visit Silicon Valley the week of May 23rd, with visits planned to Meta, Google, and Stanford.
(Politico)
Elon still needs approval to tweet
$44 billion can buy Elon Musk a lot of things, as of late it bought him board approval to take Twitter private. Musk may soon own Twitter, but a federal judge denied his request to scrap a 2018 consent decree with the Securities and Exchange Commission, which requires Tesla’s counsel to vet his tweets about the company. This settlement dates back to a tweet where Musk claimed to have “funding secured” to take Tesla private. In the appeal on the ruling, Musk said he was coerced into the deal by the SEC, and that he “never lied to shareholders.”
(Axios)