Dr. T's security brief
dtau...@gmail.com
Microsoft Finds Linux Desktop Flaw That Gives Root to Untrusted Users
Ars Technica
Dan Goodin
April 26, 2022
Microsoft discovered an elevation of privileges flaw in Linux incorporating two vulnerabilities that can grant root system rights to untrusted users. The Nimbuspwn exploit, which Microsoft calls “the EoP threat,” resides in the networkd-dispatcher, a component in many Linux distributions that dispatches network status changes and can process various scripts to respond to a new status. Networkd-dispatcher runs as root when a desktop boots up, and the flaws blend threats including directory traversal, symlink race, and time-of-check time-of-use race condition, permitting hackers with minimal access to a desktop to link exploits for these vulnerabilities and gain full root access. The flaw has been patched, and users of vulnerable versions of Linux are advised to implement the patch as soon as possible.
Your iOS App May Still Be Covertly Tracking You, Despite What Apple Says
Ars Technica
Dan Goodin
April 18, 2022
Researchers at the U.K.’s University of Oxford found that iOS apps can still track users despite Apple's App Tracking Transparency (ATT) policy prohibiting app developers from tracking user activity across apps without explicit permission. The researchers found nine iOS apps using server-side code to generate mutual user identifiers that can be used for cross-app tracking by a subsidiary of China's Alibaba. They also compared 1,685 apps before and after the implementation of ATT and found that the number of tracking libraries used by the apps held steady. Although 25% of the apps said they collected no user data, 80% had at least one tracker library. The researchers also found that over half of the apps using SKAdNetwork, Google Firebase Analytics, and Google Crashlytics, and 47% of those using Facebook SDK, did not disclose having access to user data.
Lenovo Patches UEFI Firmware Vulnerabilities Impacting Millions of Users
ZDNet
Charlie Osborne
April 19, 2022
Chinese multinational technology company Lenovo has patched three Unified Extensible Firmware Interface (UEFI) vulnerabilities discovered by Martin Smolár at Slovak Internet security firm ESET. The bugs reportedly could be leveraged to "deploy and successfully execute UEFI malware either in the form of SPI [Serial Peripheral Interface] flash implants like LoJax, or ESP implants like ESPecter" in the Lenovo Notebook BIOS. ESET said the bugs, caused by drivers only intended for use during product development, affected "more than 100 different consumer laptop models with millions of users worldwide." ESET advised using Trusted Platform Module-aware full-disk encryption software to block access to information, if UEFI Secure Boot configurations are meddled with in out-of-support devices
China's Weibo Shows User Locations to Combat 'Bad Behavior'
Reuters
Eduardo Baptista
April 28, 2022
Chinese social media application Weibo informed its users it will publish their Internet Protocol (IP) addresses on their account pages and when they post comments, in order to rein in "bad behavior" online. Such behavior, said Weibo, which some sites describe as “China’s equivalent to Twitter,” includes "impersonating parties involved in hot topic issues, malicious disinformation, and traffic scraping." The new settings are intended “to ensure the authenticity and transparency of the content disseminated,” according to Weibo. The new settings, which came into effect on Thursday, will display IP addresses in a way that users cannot deactivate. Some users said they welcomed the measures in view of COVID-related misinformation, while others were unsettled by the apparent reduction in online anonymity.
The 2020 Census Suggests People Live Underwater. There's a Reason
The New York Times
Michael Wines
April 21, 2022
The U.S. Census Bureau's initiative to preserve the privacy of respondents purposefully relocated some Chicagoans to the Chicago River in the 2020 census, as its privacy protocols suggested the river may once have hosted at least one residence. Federal law stipulates census records must remain private for 72 years, and the Bureau says this means information from the smallest census blocks it quantifies must be considered untrustworthy, or even disregarded. The agency is using differential privacy, applying computer algorithms to the full body of census data rather than tweaking individual blocks, to mask census data. However, consumers say this practice not only yields nonsensical results, but also could limit public disclosure of integral information. Said the University of Minnesota's David Van Riper, "In my opinion, producing low-quality data to achieve privacy protection defeats the purpose of the decennial census."
*May Require Paid Registration
NATO Cyber Game Tests Defenses Amid War in Ukraine
The Wall Street Journal
Catherine Stupp
April 18, 2022
The annual cyber wargames hosted by the North Atlantic Treaty Organization's (NATO) Cooperative Cyber Defense Center of Excellence began Tuesday in Tallinn, Estonia. As part of the Locked Shields competition, test teams will undertake timed, fictional cyberattack exercises. The competition comes even as the cyberdefense units of the participating countries have been preparing for potential cyberattacks since the outbreak of war in Ukraine, and follows an April 8 attack on Finland's government websites amid discussions about the nation joining NATO. The 2022 exercise will concentrate on the interdependencies between national IT systems. ETH Zurich's Stefan Soesanto said the exercise establishes a baseline for participants to measure their cyberdefense skills against each other and helps experts forge relationships with their peers in allied countries.
*May Require Paid Registration
Power Use Reveals Harmful Chips Hidden on Circuit Boards
New Scientist
Matthew Sparkes
April 18, 2022
A circuit board's power consumption can reveal malicious tampering designed to facilitate Trojan attacks to steal sensitive data or crash a device when triggered. Huifeng Zhu and colleagues at Washington University created the PDNPulse test to analyze a printed circuit board's power consumption in order to identify tampering by comparing it to a device known to be secure. PDNPulse looks for small variations in such a so-called "fingerprint" of power consumption, based on measurement at several points. Using the test, the researchers were able to detect Trojan modifications on various circuit boards with perfect accuracy. While no firm evidence has been found to prove a circuit board-based Trojan attack has actually happened, Theodore Markettos at the U.K.'s University of Cambridge said he believes in the concept's feasibility.
Concerned Your Smartphone Is Spying on You?
Columbia Engineering News
Holly Evarts
April 18, 2022
Columbia University computer scientists developed an algorithm that can block smart devices from spying on users by generating extremely quiet sounds. Columbia's Carl Vondrick said the algorithm can block a rogue microphone from listening in 80% of the time by camouflaging a person's voice. Columbia's Mia Chiquier explained that the program applies predictive attacks, signals that can disrupt any word automatic speech recognition models are taught to transcribe. The system performs this task in near-real time by predicting an attack on the future of the signal, or word, based on two seconds of input speech. The attack's volume closely resembles normal background noise, so people can converse naturally.
Cyber Chiefs Try New Tricks to Attract Talent
The Wall Street Journal
James Rundle; Kim S. Nash
April 20, 2022
With demand exceeding the available workforce, more cybersecurity and risk executives are seeking candidates without degrees or traditional technology backgrounds. Mitsubishi UFJ Financial Group's Steven Babb said he supports the drive to increase gender representation in the workplace, and is interested in seeing candidates who may not have typical cybersecurity backgrounds but may have relevant experience in other departments. McDonald's Shaun Marion said help desk technicians can be suitable for cybersecurity positions because they manage ambiguity and practice real-time problem-solving. Marion said online gamers also can be good candidates, given the need for those in cybersecurity to work odd hours, cooperate with others, and think on their feet. Said Marion, "I search for attitude and aptitude, and lay security training on top of that."
*May Require Paid Registration
Protecting Privacy in Surveillance Video While Mining for Data
IEEE Spectrum
Charles Q. Choi
April 19, 2022
A security system developed by the Massachusetts Institute of Technology's Frank Cangialosi and colleagues may allow analysis of surveillance video while protecting privacy. The Privid system permits analysts to review video for statistical data while shielding personally identifiable information. Privid accepts code from an analyst containing an inquiry that prompts an automatic count of, for example, masked people in a video feed and crowd density. The system segments that footage and runs the code on each chunk, then aggregates and adds noise to the data before sending it back to the analyst. Cangialosi said, "Privid might enable us to actually [make more productive use of] tons of footage from all of the cameras we already have around the world [and do so] in a safe way."
dtau...@gmail.com
Apple, Google, Microsoft Want to Kill the Password with 'Passkey' Standard
Ars Technica
Ron Amadeo
May 5, 2022
Members of the FIDO (Fast Identity Online) Alliance announced in a blog post on “World Password Day” (the first Thursday in May) that Apple, Google, and Microsoft are launching a "joint effort" to "expand support for a common password-less sign-in standard created by the FIDO Alliance and the World Wide Web Consortium." The multi-device FIDO credential or passkey would have applications or websites validate the user's login by pushing authentication requests to their phone; the user would unlock the phone, and authenticate with a personal identification number or biometric. The new scheme operates over Bluetooth, which the FIDO Alliance said is needed "to verify physical proximity." The Alliance said it expects these capabilities to be available across Apple, Google, and Microsoft platforms “over the course of the coming year."
Gear from Netgear, Linksys, 200 Others Has Unpatched DNS Poisoning Flaw
Ars Technica
Dan Goodin
May 3, 2022
Researchers at security firm Nozomi Networks identified an unpatched vulnerability in third-party code libraries used by 200 hardware and software vendors, including Netgear and Linksys. The flaw enables hackers with access to links between an impacted device and the Internet to poison Domain Name System requests used to translate domains to Internet Protocol (IP) addresses; they can funnel false IP addresses to target devices and force end-users to connect to malicious servers masquerading as trusted sites. The vulnerability, reported to vendors in January and publicly disclosed this week, is embedded in uClibc and uClibc fork uClibc-ng, which support alternatives to the standard C library for embedded Linux. The Nozomi researchers said the affected gear constitute "a range of well-known IoT [Internet of Things] devices running the latest firmware versions, with a high chance of them being deployed throughout all critical infrastructure."
Crypto's Audacious Algorithmic Stablecoin Experiment Crumbles
Bloomberg
Stacy-Marie Ishmael
May 10, 2022
The algorithmic stablecoin cryptocurrency does not provide greater stability than other cryptocurrencies. Conventional stablecoin issuers say their tokens are underpinned by "real" assets like cash or highly rated bonds, and can theoretically maintain stability because they can be readily swapped for cash or highly liquid cash equivalents. Algorithmic stablecoins try holding their value through a mix of instructions encoded in algorithms and active treasury management. The failure of such cryptoassets' price stability mechanisms could carry systemic ramifications for other coins and protocols, as CoinMarketCap counts roughly 18.5 billion TerraUSD stablecoins in circulation. Said Kyle Samani at the Multicoin Capital investment firm, "The biggest losers from all of this will be retail [investors] that didn't understand the risks they were taking."
NIST Publishes Review of Digital Forensic Methods
NIST News
May 10, 2022
The U.S. National Institute of Standards and Technology (NIST) has published a review of digital investigation techniques used to analyze evidence from computers and other electronic devices. The researchers probed peer-reviewed literature, documentation from software developers, test results on forensic tools, and standards and best-practice documents. "Digital evidence examination rests on a firm foundation based in computer science," they determined, adding that "the application of these computer science techniques to digital investigations is sound." The researchers recommend better information-sharing methods among experts, a more structured approach to forensic tool testing, and greater sharing of high-quality forensic reference data that can be used for education, training, and the development and evaluation of new tools.
Face-Scanner Clearview Agrees to Limits in Court Settlement
Associated Press
Kathleen Foody; Matt O'Brien
May 9, 2022
Facial recognition company Clearview AI has agreed to limit the use of its facial image database to settle an American Civil Liberties Union-led lawsuit claiming it collected people's photos without their permission. The company said it will no longer sell access to the database to U.S.-based private businesses or individuals, which the plaintiffs alleged was in violation of Illinois' Biometric Information Privacy Act. One plaintiff, Chicago-based Mujeres Latinas en Acción, cited concerns that stalkers and other bad actors could use photos posted on social media—and converted into a "faceprint" by Clearview—to track people's locations and social activities. Clearview also will bar Illinois state government and local police departments from its database for five years, but will continue to offer its services to federal and to other law enforcement agencies, and government contractors outside of Illinois.
Decade-Old Bugs Discovered in Avast, AVG Antivirus Software
ZDNet
Charlie Osborne
May 5, 2022
Researchers at cybersecurity software company SentinelOne reported two high-severity bugs in Avast and AVG antivirus products that have gone undetected for a decade. The researchers said the flaws have existed since 2012, and could have affected "dozens of millions of users worldwide." They found the bugs in the Avast Anti Rootkit driver, and the first vulnerability resided in a socket connection handler used by the kernel driver aswArPot.sys; hackers could hijack a variable during routine operations to escalate privileges, potentially disable security solutions, or meddle with target operating systems. The researchers described the second bug as "very similar" to the first, and rooted in the aswArPot+0xc4a3 function. Sentinel Labs on Dec. 20 informed Avast of the vulnerabilities, and the company had patched them by Feb. 11, with no active exploitation in the wild indicated.
Shanghai Residents Turn to NFTs to Record COVID-19 Lockdown, Combat Censorship
Reuters
Josh Ye
May 4, 2022
Residents of Shanghai, China, are minting videos, photos, and artwork created during the city's COVID-19 lockdown as non-fungible tokens (NFTs) to avoid losing the data to Chinese censors. They have turned to NFT marketplaces because data recorded on the blockchain cannot be erased. As of May 2, OpenSea, the world's largest NFT marketplace, was offering 786 NFTs related to a video called "The Voice of April," which was targeted by censors, along with hundreds of other NFTs tied to the Shanghai lockdown. Much of the content minted as NFTs involve Weibo posts from residents venting their frustrations over the lockdown, images from inside quarantine centers, and art inspired by life under lockdown.
CyLab Researchers Investigate Apple's Privacy Labels
Carnegie Mellon University CyLab Security and Privacy Institute
Daniel Tkacik
April 28, 2022
A year after Apple's introduction of privacy labels in its U.S. app store, researchers at Carnegie Mellon University (CMU)'s CyLab Security and Privacy Institute have measured its compliance. The researchers crawled the app store weekly from April to November 2021, gathering data on more than 1.4 million apps. CMS' Yucheng Li said more than half of the apps found in the store still lack privacy labels, while "the speed of compliance on older apps is on a downward trend." CMS' Tianshi Li said inaccurate labels are likely more harmful than beneficial, and errors and misunderstandings remain pervasive, despite developers' positivity.
Method Detects Deepfake Videos with Up to 99% Accuracy
UC Riverside News
Holly Ober
May 3, 2022
University of California, Riverside (UC Riverside) scientists have developed a technique to detect doctored facial expressions in deepfake videos with up to 99% accuracy. The method splits the task along two branches within a deep neural network: the first branch determines facial expressions, and feeds data on facial regions containing the expression to the second branch, an encoder-decoder, which has an Expression Manipulation Detection architecture to detect and localize manipulated regions in the image. UC Riverside’s Ghazal Mazaheri said, “Multi-task learning can leverage prominent features learned by facial expression recognition systems to benefit the training of conventional manipulation detection systems. Such an approach achieves impressive performance in facial expression manipulation detection.”
Smart Office Buildings Are Vulnerable to Hacks
The Wall Street Journal
Konrad Putzier
May 3, 2022
Smart office buildings in the U.S. raise concerns about privacy and cybersecurity. Cybersecurity consultants warn that building managers devote little attention to digital security, and the interconnection of smart building systems means accessing a single Internet-connected door can potentially enable hijacking, extortion, or data theft. Lucian Niemeyer at smart-building safety nonprofit Building Cyber Security worries that more criminals will target smart buildings as protections for mobile phones and databases are strengthened. Said Dave Tyson of cybersecurity company Apollo Information Systems Corp., “The bad guys only need to find one way in, and whatever you’ve connected to is now on the table.”
Open-Source 'Package Analysis' Tool Finds Malicious npm, PyPI Packages
BleepingComputer
Ax Sharma
May 1, 2022
The Open Source Security Foundation (OpenSSF)'s prototype Package Analysis tool caught more than 200 malicious npm and Python Package Index (PyPI) packages in its initial run. Released this week on software development platform GitHub, the tool is designed to identify and counter malware in open source registries. OpenSSF's Caleb Brown and David A. Wheeler said the tool was developed to help users "understand the behavior and capabilities of packages available on open-source repositories: what files do they access, what addresses do they connect to, and what commands do they run? The project also tracks changes in how packages behave over time, to identify when previously safe software begins acting suspiciously." Most of the malicious elements the tool identified in its initial run were dependency confusion and typosquatting exploits.
The Problems with Elon Musk's Plan to Open-Source the Twitter Algorithm
MIT Technology Review
Chris Stokel-Walker
April 27, 2022
Elon Musk’s announced plans for the Twitter social network include open-sourcing its algorithms, which experts say would do little to boost transparency without access to their training data. Said Jennifer Cobbe of the U.K.'s University of Cambridge, "Most of the time when people talk about algorithmic accountability these days, we recognize that the algorithms themselves aren't necessarily what we want to see—what we really want is information about how they were developed." There also are concerns open-sourcing Twitter's algorithms would enable bad actors to identify vulnerabilities to exploit and could make it more difficult to defeat spam bots.
Fort Worth Is First U.S. City to Mine Bitcoin
CNBC
MacKenzie Sigalos
April 26, 2022
Fort Worth, TX, has become the first U.S. city to mine bitcoin, through a mining farm based at City Hall. The city’s three mining rigs will run 24-7 on a private network to minimize security risks. Mayor Mattie Parker says the operation will be small at first, given its equipment, technical, and electrical requirements; the city estimates each mining rig will consume the same amount of power as a household vacuum cleaner, while the program's electricity costs should be offset by the value of bitcoin mined. Fort Worth partnered on the project with mining pool Luxor Technologies. Luxor's Alex Brammer expects the project to strengthen the legitimacy of bitcoin as a strategic asset for city governments.
George Washington University Data Collection Sparks Privacy Concerns On Campus
Inside Higher Ed 
(2/22, Smalley) reports “revelations that George Washington University launched a data-analytics pilot project last fall that monitored locations of students, faculty and staff without their knowledge or consent have raised new questions about data privacy on college campuses and shined a light on a project that deeply concerned many GW faculty members.” GW president Mark S. Wrighton “apologized for the incident in a campuswide email sent Feb. 11.” He “emphasized that the university did not analyze individualized data and said all data collected as part of the project would be destroyed.” Wrighton “said the project was meant to test how data analytics could help GW officials assess building density and use.” Wrighton “said he learned about the data collection project shortly after he started as president on Jan. 1.” The project “was spearheaded by the university’s IT, student affairs and safety and facilities divisions and collected data from Wi-Fi networks across GW’s campuses, Wrighton said.”
Daniel Tauritz
New Approach for Faster Ransomware Detection
NC State University News
Matt Shipman
May 16, 2022
Engineering researchers at North Carolina State University (NC State) and Hewlett Packard Enterprise have come up with a new technique that can detect ransomware faster than previous systems. The Field-Programmable Gate Array-Accelerated XGBoost Inference for Data Centers using High-Level-Synthesis (FAXID) approach is a hardware-based implementation of the ransomware-detecting XGBoost algorithm. The researchers found FAXID was up to 65.8 times faster than software running XGBoost on a central processing unit, and 5.3 times faster than graphic processing unit-based deployment. NC State's Archit Gajjar said FAXID can allocate security hardware's computational muscle to separate problems. "For example, you could devote a certain percentage of the hardware to ransomware detection and another percentage of the hardware to another challenge—such as fraud detection," he explained.
Eavesdroppers Can Hack 6G Frequency with DIY Metasurface
Rice University News
Jade Boyd
May 16, 2022
Hackers can use common tools to construct a metasurface that allows them to listen in on 6G wireless transmissions. Researchers at Rice and Brown universities demonstrated that attackers could employ a sheet of office paper covered with two-dimensional foil symbols to reroute part of a 150-gigahertz "pencil beam" signal between two users, calling it a Metasurface-in-the-Middle exploit. In such a situation, the eavesdropper designs a metasurface to diffract part of a signal to their location; Rice's Zhambyl Shaikhanov said they then laser-print the metasurface by feeding metal foil through a laminator. Brown's Daniel Mittleman said the hot-stamping technique was developed to simplify metasurface manufacturing for quick, affordable testing. Warns Rice's Edward Knightly, "Next-generation wireless will use high frequencies and pencil beams to support wide-band applications like virtual reality and autonomous vehicles."
Some Top 100,000 Websites Collect Everything You Type—Before You Hit Submit
Ars Technica
Lily Hay Newman
May 14, 2022
Researchers at Belgium's Katholieke Universiteit Leuven, Radboud University in the Netherlands, and Switzerland's University of Lausanne analyzed the top 100,000 websites and found a significant number record some or all of visitors' typewritten data. The researchers estimated 1,844 sites gathered a European Union user's email address without consent, while 2,950 logged a U.S. user's email. Many sites incorporate third-party marketing and analytics services that perform data-logging. After crawling sites for password leaks last May, the researchers found 52 sites in which third parties, including Russian technology company Yandex, were incidentally collecting password data prior to submission.
Costa Rica Declares Emergency in Ongoing Cyberattack |
Government Websites, Apps Use Same Tracking Software as Commercial Sites
Concordia University (Canada)
Patrick Lejtenyi
May 17, 2022
Researchers at Canada's Concordia University discovered that both governments and businesses worldwide are using the same data-harvesting software to track users of their websites. The researchers analyzed more than 150,000 government websites from 206 countries and more than 1,150 Android applications from 71 countries. They estimated 17% of government sites and 37% of government Android apps host Google trackers; 27% of Android apps also leak sensitive information to third parties or potential hackers. Concordia's Mohammad Mannan said some government tracker usage may be unintentional, as developers likely use existing software suites to build sites and apps containing tracking scripts or including links to tracker-filled social media sites. Said Mannan, "Governments are becoming more aware of online threats to privacy, but at the same time, they are enabling these potential violations through their own services."
Quantum Communication System Could Detect Earthquakes
New Scientist
Alex Wilkins
May 17, 2022
University of Science and Technology of China (USTC) scientists demonstrated twin-field quantum key distribution (QKD), a process that can measure tiny vibrations in the ground in order to potentially detect landslides and earthquakes. Twin-field QKD can encrypt data by leveraging how single photons interfere with each other; the researchers used the method to transmit encrypted data over a 658-km. (408-mile) cable, with minimal data loss. The rate of data transfer needs to be improved before the technology can be built into a large-scale quantum communication network, said Timothy Spiller at the U.K.’s University of York, adding that if such improvement can be achieved, vibration sensing could be a useful by-product.
Technique Protects Privacy When Making Online Recommendations
MIT News
Adam Zewe
May 12, 2022
Massachusetts Institute of Technology (MIT) scientists have developed a method that shields personal data while ensuring the accuracy of online recommendations. The protocol relies on two separate servers accessing the same database, enhancing efficiency while facilitating private information retrieval; MIT's Sacha Servan-Schreiber said this allows clients to query a database without exposing the object of the search. The researchers also applied a tuning technique to eliminate many possible nearest neighbors for the client, along with an approach called oblivious masking to conceal any additional data points, apart from the actual nearest neighbor. The technique can also minimize data leakage, even if a bad actor attempts to fool a database into disclosing secret information.
Europe Has a Plan to Fight Online Child Abuse; Critics Fear it may Erode Privacy
CNBC
Ryan Browne
May 11, 2022
The European Union (EU) has proposed legislation that would allow member states to ask courts to order companies like Meta and Apple to more aggressively police their online platforms for child abuse. A new EU Center on Child Sexual Abuse will enforce the legislation, and maintain a database of digital "indicators" of child sexual abuse content to match against material from relevant online services. The Electronic Frontier Foundation's Joe Mullin called the measure "incompatible with end-to-end encryption and with basic privacy rights," and warned it "would be a disaster for user privacy not just in the EU but throughout the world." Linus Neumann with German hacker collective Chaos Computer Club said criminals already employ distribution channels that avoid such scans, and will easily evade them in the future.
ACM Recognizes Technical Achievements with Special Awards
ACM
May 11, 2022
ACM announced the recipients of four technical awards for their contributions to pioneering research and practical applications that affect everyday use of technology. The University of California, Berkeley's Raluca Ada Popa will receive the 2021 ACM Grace Murray Hopper Award for designing secure distributed systems that shield confidentiality against intruders with full access to servers without losing functionality. A team of international researchers will receive the ACM Software System Award for developing CompCert, the first practical optimizing compiler for multiple commercial architectures, whose proof of correctness can be mechanically checked. ACM awarded several teams of multi-institutional collaborators the ACM Paris Kanellakis Theory and Practice Award for making fundamental contributions to differential privacy development. Artificial intelligence (AI) pioneer Carla Gomes will receive the ACM-AAAI Allen Newell Award for conceiving of and cultivating the field of computational sustainability, and for her fundamental contributions to AI.
Ukraine Conflict May Redefine Cyberwarfare
CyberScoop (3/2) reports legal scholars and cybersecurity experts “are closely watching events in Ukraine with an eye on how the Russian invasion may redefine the laws of war for the cyber era.” Select Committee on Intelligence Chairman Sen. Mark Warner (D-VA) on Monday “said at a Washington Post event that he is very concerned Russian cyberattacks could cripple Ukraine’s power grid, in an echo of what happened in 2015.” New America Senior Fellow and Strategist Peter Singer said, “The first couple of days of the invasion were based on a really bad Russian assumption that this would be a quick and easy win for them. As the war shifts … to them trying to grind down and collapse the Ukrainian state and society, the concern is just as the gloves have started to come off in their missile and airstrikes, that we’ll also see the same on the cyber side.”
Cyberattack On Toyota Supply Chain Halts Japan Factories
Reuters (3/1) reports Toyota Motor will restart “domestic production from Wednesday after a cyberattack on a supplier ground the automaking giant’s factories to a one-day halt, sparking concerns about vulnerability in Japan Inc’s supply chain.” No information was available “about who was behind the attack, nor the motive,” but it came “just after Japan joined Western allies in clamping down on Russia in response to the invasion of Ukraine.” Kojima Industries, “which provides plastic parts and electronic components to the automaker, said it had discovered an error at one of its file servers on Saturday night. After rebooting the server, it confirmed it had been infected with a virus, and found a threatening message, it said in a separate statement.” Government ministers “said they were following the incident closely.” While big companies have “cybersecurity measures in place, the government is worried about small or mid-level subcontractors, the industry minister, Koichi Hagiuda, told reporters on Tuesday.”
Microsoft Plays Key Role Against Russian Cyberattacks
The New York Times (2/28, Sanger, Barnes, Conger) says “hours before Russian tanks began rolling into Ukraine” last Wednesday, “alarms went off inside Microsoft’s Threat Intelligence Center, warning of a never-before-seen piece of ‘wiper’ malware that appeared aimed at the country’s government ministries and financial institutions,” and “within three hours, Microsoft’s virus detection systems had been updated to block the code.” The Times adds “then Tom Burt, the senior Microsoft executive who oversees the company’s effort to counter major cyberattacks, contacted Anne Neuberger, the White House’s deputy national security adviser for cyber- and emerging technologies.” The Times says Microsoft is now “playing the role that Ford Motor Company did in World War II, when the company converted automobile production lines to make Sherman tanks,” but “after years of discussions in Washington and in tech circles about the need for public-private partnerships to combat destructive cyberattacks, the war in Ukraine is stress-testing the system.”
Predicted Russian “Cyber Onslaught” Has Not Transpired
The Washington Post (2/28, Menn, Timberg) reports that while the invasion “has spawned all manner of cyberattacks and defenses, few are playing out the way the experts thought they would.” As of Monday, “the Internet and other key Ukrainian infrastructure were still functioning, the outgunned Ukrainian military was still coordinating effectively and Russia’s vaunted disinformation capabilities were failing to persuade Ukrainians that resistance is futile.” Ukraine’s core cyberdefense has performed “better than expected because it focused on the issue after Russian hackers briefly knocked out power to swaths of the country in 2015 and 2016, said David Cowan, a veteran cybersecurity venture capitalist and corporate director, and because it has had help from American and European experts.” However, Ukraine has not “escaped unscathed, and some experts warn that cyberattacks or Internet outages could grow as Russia’s invasion intensifies in the face of unexpectedly stout resistance.”
The AP (2/28, Suderman, Bajak) reports Ukraine has coordinated “sympathetic volunteer hackers in an unprecedented collective global effort to make the Kremlin pay” in a “kind of cyber free-for-all that experts say risks escalating a moment already fraught with extraordinary danger after Russian President Vladimir Putin put his nuclear forces on alert.” The AP writes that Russia may have “determined that the impact wouldn’t be serious enough” against Ukraine’s industrial base or that Russia “might have determined that it couldn’t do serious harm to Ukraine without risking collateral impact outside its borders.” Many cybersecurity experts “believe the Kremlin, at least for now, prefers to keep Ukraine’s communications open for the intelligence value.”