Deterrence, diplomacy, in hybrid war. UK Foreign Office hacked. Threats to Linux-based multi-cloud environments
Deterrence, diplomacy, in hybrid war. UK Foreign Office hacked. Threats to Linux-based multi-cloud environments. Patch Tuesday.
SPECIAL SECTION
By The CyberWire staff
Russia stages more general purpose forces near Ukraine (notably moving amphibious assault ships from the Mediterranean through the Dardanelles and toward Ukraine's Black Sea coast) while diplomatic efforts to reduce tension continue. Belarus continues to emerge as an important staging point for Russian conventional forces. No fresh, large-scale cyber activity, however, is being reported. The New York Times reviews the current state of multilateral negotiations and sees, if not stalemate, at least stasis. Its analysis foresees "a drawn-out and dangerous diplomatic slog toward a difficult settlement."
The AP reports that Poland has appointed Brigadier General Karol Molenda to lead the country's new Cyber Defense Force. Defense Minister Mariusz Blaszczak framed the new command as a defensive measure taken in recognition of, especially, cyber threats from Russia. “We are perfectly aware that in the 21st century cyberattacks have become one of the tools of aggressive politics, also used by our neighbour. For that reason these capabilities are of fundamental, key nature to Poland’s Armed Forces.”
Reuters cites unnamed sources who say that the European Central Bank (ECB) has raised its level of alert for cyberattack, and has shifted its focus from the common financially motivated cybercrime to the prospect of state-directed attacks originating from Russia. The ECB is said to have queried banks about their readiness to withstand such attacks, and that the individual banks are holding drills to increase their own state of readiness. The measures seem driven more by prudential considerations concerning the continuing Russian threat to Ukraine and by Russia's record of offensive action in cyberspace than they are by specific intelligence of any particular imminent threat.
Some observers think that simple deterrence is likely to restrain Russia from escalating its hybrid war in cyberspace. An op-ed in the Telegraph, for example, argues that Russia understands British (and US) offensive cyber capabilities, and that its calculus will tell them that an expanded cyber war is one Moscow is unlikely to win.
Task and Purpose reviews potential cyber threats from Russia and concludes that none of them amount to "shock and awe." It reviews five major cyber campaigns Russia has mounted against Ukraine (widely regarded as a testing ground as well as a theater of operations) since 2014—Election Interference (2014), Power Grid Sabotage (2015), Power Grid Sabotage (2016), NotPetya Economic Disruption (2017), and BadRabbit Economic Disruption (2017)—and rates the strategic effects of all but NotPetya as "negligible." (NotPetya's effect it rates as "unknown.") These are, of course, all actual attacks. There are other potential threats, especially large-scale and destructive attacks against power grids, whose consequences could be far more devastating than these. But the essay's account of the use of cyberattack as tactical adjuncts to military operations is interesting.
The CyberWire's continuing coverage of the crisis in Ukraine may be found here.
SUMMARY
By the CyberWire staff
The Times reports that Britain's Foreign Office sustained a cyberattack last month. Details are publicly unknown, because they're a matter of official secrecy, but it is known that the attack was serious enough to warrant giving BAE Systems Applied Intelligence a £470,000 contract to help with remediation. The contract did not go through the normal competitive process “due to the urgency and criticality of the work.” Official sources offer no attribution, but the Times indulges some a priori speculation by pointing to recent warnings about Russian cyber threats.
VMware reports on threats to Linux-based multi-cloud environments. It finds that ransomware is hitting Linux host images used for workloads in virtualized environments, that most cryptojacking uses XMRig-related libraries, and that most users of Cobalt Strike do so illicitly.
Yesterday was Patch Tuesday, and Microsoft fixed forty-eight problems, including issues with Windows Kernel, Hyper-V, Microsoft Outlook and Office, Azure Data Explorer, and Microsoft SharePoint. In some respects it was a relatively light Patch Tuesday: one zero-day was addressed (a kernel privilege-escalation vulnerability), but neither it nor the other forty-seven problems fixed were rated "critical." Threatpost calls the absence of any critical vulnerabilities in the list of patches "unheard of," giving an effusive "Oh, blessed day" review of Redmond's latest Patch Tuesday. (But, of course, even merely "important" vulnerabilities should be fixed.)
CISA has issued two more industrial control system advisories, both for Mitsubishi Electric products: Mitsubishi Electric Factory Automation Engineering Products (Update F) and Mitsubishi Electric FA Engineering Software Products (Update D).
SPECIAL SECTION
By The CyberWire staff
Russia stages more general purpose forces near Ukraine (notably moving amphibious assault ships from the Mediterranean through the Dardanelles and toward Ukraine's Black Sea coast) while diplomatic efforts to reduce tension continue. Belarus continues to emerge as an important staging point for Russian conventional forces. No fresh, large-scale cyber activity, however, is being reported. The New York Times reviews the current state of multilateral negotiations and sees, if not stalemate, at least stasis. Its analysis foresees "a drawn-out and dangerous diplomatic slog toward a difficult settlement."
The AP reports that Poland has appointed Brigadier General Karol Molenda to lead the country's new Cyber Defense Force. Defense Minister Mariusz Blaszczak framed the new command as a defensive measure taken in recognition of, especially, cyber threats from Russia. “We are perfectly aware that in the 21st century cyberattacks have become one of the tools of aggressive politics, also used by our neighbour. For that reason these capabilities are of fundamental, key nature to Poland’s Armed Forces.”
Reuters cites unnamed sources who say that the European Central Bank (ECB) has raised its level of alert for cyberattack, and has shifted its focus from the common financially motivated cybercrime to the prospect of state-directed attacks originating from Russia. The ECB is said to have queried banks about their readiness to withstand such attacks, and that the individual banks are holding drills to increase their own state of readiness. The measures seem driven more by prudential considerations concerning the continuing Russian threat to Ukraine and by Russia's record of offensive action in cyberspace than they are by specific intelligence of any particular imminent threat.
Some observers think that simple deterrence is likely to restrain Russia from escalating its hybrid war in cyberspace. An op-ed in the Telegraph, for example, argues that Russia understands British (and US) offensive cyber capabilities, and that its calculus will tell them that an expanded cyber war is one Moscow is unlikely to win.
Task and Purpose reviews potential cyber threats from Russia and concludes that none of them amount to "shock and awe." It reviews five major cyber campaigns Russia has mounted against Ukraine (widely regarded as a testing ground as well as a theater of operations) since 2014—Election Interference (2014), Power Grid Sabotage (2015), Power Grid Sabotage (2016), NotPetya Economic Disruption (2017), and BadRabbit Economic Disruption (2017)—and rates the strategic effects of all but NotPetya as "negligible." (NotPetya's effect it rates as "unknown.") These are, of course, all actual attacks. There are other potential threats, especially large-scale and destructive attacks against power grids, whose consequences could be far more devastating than these. But the essay's account of the use of cyberattack as tactical adjuncts to military operations is interesting.
The CyberWire's continuing coverage of the crisis in Ukraine may be found here.
SUMMARY
By the CyberWire staff
The Times reports that Britain's Foreign Office sustained a cyberattack last month. Details are publicly unknown, because they're a matter of official secrecy, but it is known that the attack was serious enough to warrant giving BAE Systems Applied Intelligence a £470,000 contract to help with remediation. The contract did not go through the normal competitive process “due to the urgency and criticality of the work.” Official sources offer no attribution, but the Times indulges some a priori speculation by pointing to recent warnings about Russian cyber threats.
VMware reports on threats to Linux-based multi-cloud environments. It finds that ransomware is hitting Linux host images used for workloads in virtualized environments, that most cryptojacking uses XMRig-related libraries, and that most users of Cobalt Strike do so illicitly.
Yesterday was Patch Tuesday, and Microsoft fixed forty-eight problems, including issues with Windows Kernel, Hyper-V, Microsoft Outlook and Office, Azure Data Explorer, and Microsoft SharePoint. In some respects it was a relatively light Patch Tuesday: one zero-day was addressed (a kernel privilege-escalation vulnerability), but neither it nor the other forty-seven problems fixed were rated "critical." Threatpost calls the absence of any critical vulnerabilities in the list of patches "unheard of," giving an effusive "Oh, blessed day" review of Redmond's latest Patch Tuesday. (But, of course, even merely "important" vulnerabilities should be fixed.)
CISA has issued two more industrial control system advisories, both for Mitsubishi Electric products: Mitsubishi Electric Factory Automation Engineering Products (Update F) and Mitsubishi Electric FA Engineering Software Products (Update D).
