NotPetya – Page 2 – WindowsTechs.com

Ukraine conflict spurs questions of how to define cyberwar

Posted on March 2, 2022 by ssmalley

Legal scholars and cybersecurity experts are closely watching events in Ukraine with an eye on how the Russian invasion may redefine the laws of war for the cyber era. Many agree that Ukraine’s conflict with Russia — an established cyber superpower that isn’t hesitant about flexing its muscle aggressively — could test the rules of war in new and unexpected ways. Some say it already has. Exactly how these rules might be redefined is the subject of significant debate. In recent days, authorities as disparate as the president of Microsoft and the chairman of the Senate Intelligence Committee have weighed in on how NATO’s Article 5 provision for “collective defense,” the Geneva Convention’s protections for civilian targets and other legal frameworks for armed conflict may be challenged in the coming weeks. On Monday, Sen. Mark Warner, D-Va. and the chairman of the Select Committee on Intelligence, said at a Washington […]

The post Ukraine conflict spurs questions of how to define cyberwar appeared first on CyberScoop.

Continue reading Ukraine conflict spurs questions of how to define cyberwar→

Researchers find similarities between NotPetya, attacks on Ukrainian government websites

Posted on January 21, 2022 by AJ Vicens

The malware that wiped dozens of government computer systems in Ukraine starting on Jan. 13 shares some strategic similarities to to the NotPetya wiper that was used to attack Ukraine in 2017 and ended up causing nearly $10 billion in damages worldwide, researchers said Friday. The analysis, from Cisco’s Talos threat intelligence division, says that the NotPetya episode should serve as warning that any organization with connections to Ukraine should “carefully consider how to isolate and monitor those connections to protect themselves from potential collateral damage.” The warning comes as the military buildup along the Ukraine border with Russia continues and worries that Russia is planning to invade its neighbor, a claim the Russian government denies. On Jan. 14 roughly 80 Ukrainian government agencies’ websites were defaced, garnering headlines around the world. Although that attack was relatively simple and the sites were restored in short order, malware known as WhisperGate […]

The post Researchers find similarities between NotPetya, attacks on Ukrainian government websites appeared first on CyberScoop.

Continue reading Researchers find similarities between NotPetya, attacks on Ukrainian government websites→

Cyber experts question Biden’s tit-for-tat approach with Russia

Posted on January 21, 2022 by AJ Vicens

President Joe Biden said this week that the U.S. government could respond to Russian cyberattacks on Ukraine “the same way, with cyber.” The answer may have been a standard U.S. government response about responding in-kind, especially in the context of a deteriorating security situation on the border between Ukraine and Russia, with Biden predicting a Russian invasion. National security experts, foreign leaders and Biden’s domestic political opponents criticized his overall remarks on the potential Western response to any Russian incursion, but the cyber-specific comments got their own round of questions from cybersecurity experts as well. To some, Biden’s words reflected dated and misguided thinking that sounds good and tough but makes no sense in the real world. “Tit-for-tat cyber has always been a fantasy for policymakers,” tweeted Jacquelyn Schneider, a Hoover Fellow at Stanford University and expert in cyber policy and national security. She pointed to the difficulty that the […]

The post Cyber experts question Biden’s tit-for-tat approach with Russia appeared first on CyberScoop.

Continue reading Cyber experts question Biden’s tit-for-tat approach with Russia→

Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem.

Posted on January 18, 2022 by Tim Starks

Ransomware is fundamentally about reaping massive profits from victims — payments were on pace to cross the billion-dollar threshold in 2021, according to the U.S. government — but there are signs foreign government-connected groups are increasingly moving into a territory dominated by criminal gangs, and for an entirely different motive: namely, causing chaos. Research that Microsoft and cybersecurity company CrowdStrike recently publicized separately concluded that Iranian hackers tied to Tehran had been conducting ransomware attacks that weren’t about making money, but instead disrupting their enemies. It echoed research from last spring and summer by FlashPoint and SentinelOne, respectively. When disruptive ransomware pays off, those who have studied the phenomenon say, it can embarrass victims. It can be used to steal data and leak sensitive information the public. It can lock up systems, disabling targets. And given the prominence of ransomware, it’s another method that foreign intelligence and military agencies can use […]

The post Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem. appeared first on CyberScoop.

Continue reading Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem.→

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Posted on January 14, 2022 by BrianKrebs

The Russian government said today it arrested 14 people accused of working for “REvil,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin’s decision to station 100,000 troops along the nation’s border with Ukraine. Continue reading At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates→

Deja Vu: What Do NotPetya and SolarWinds Have in Common?

Posted on June 15, 2021 by Lior Div

As I was waking up in Boston on the morning of June 27, 2017, reports were being shared on social media that an electric power supplier in Ukraine was hit by a cyber attack. Within about an hour, a Danish power supplier was also knocked offline an… Continue reading Deja Vu: What Do NotPetya and SolarWinds Have in Common?→

Suspected Iranian hackers pose as ransomware operators to target Israeli organizations

Posted on May 25, 2021 by Sean Lyngaas

Ever since a 2012 hack that disabled tens of thousands of computers at oil giant Saudi Aramco, suspected Iranian operatives have been known to regularly use data-wiping hacks against organizations throughout the Middle East. Now, one such possible group has been posing as ransomware operators in an effort to conceal the origin of a series of data-wiping hacks against Israeli organizations, according to private-sector investigators. The hackers are demanding extortion fees even when the code they deploy deletes data rather than unlocks it. The findings, published Tuesday by security firm SentinelOne, suggest a growing willingness by certain Iran-linked hacking groups to use tactics associated with financially motivated criminals in order to advance their interests. “Deploying ransomware is a disruptive act that provides deniability, allowing the attackers to conduct destructive activity without taking the full responsibility of those acts,” said Amitai Ben Shushan Ehrlich, a threat intelligence researcher at SentinelOne. SentinelOne […]

The post Suspected Iranian hackers pose as ransomware operators to target Israeli organizations appeared first on CyberScoop.

Continue reading Suspected Iranian hackers pose as ransomware operators to target Israeli organizations→

Navigating the waters of maritime cybersecurity

Posted on May 12, 2021 by Help Net Security

In January 2021, new International Maritime Organization (IMO) guidelines on maritime cyber risk management went into effect. Around the same time, the U.S. government released a first of its kind National Maritime Cyber Security Plan (NMCP), accompany… Continue reading Navigating the waters of maritime cybersecurity→

Review: The Perfect Weapon

Posted on November 30, 2020 by Help Net Security

John Maggio, an award-winning producer, director, and writer, known for The Newspaperman: The Life and Times of Ben Bradlee (2017), Panic (2018), The Italian Americans (2015) and others, based this documentary on the homonymous best-selling book by Dav… Continue reading Review: The Perfect Weapon→

Smashing Security podcast #204: Green buttons, Olympic attacks, and… an apology

Posted on November 12, 2020 by Graham Cluley

There’s been a cybersecurity goof in the wake of the US presidential elections, the US fingers the hackers responsible for disrupting the Winter Olympics in South Korea, and we take a long hard look at long hard legal mumbojumbo…

All this and much… Continue reading Smashing Security podcast #204: Green buttons, Olympic attacks, and… an apology→