Security News

The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors.

Moscow-based meat producer and distributor Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems, according to a report from Rosselkhoznadzor - the Russian federal veterinary and phytosanitary supervision service. The announcement notes that the attackers leveraged the Windows BitLocker feature to encrypt files, essentially performing a ransomware attack.

ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. Intelligence agencies from the U.K. and the U.S. have characterized Cyclops Blink as a replacement framework for VPNFilter, another malware that has exploited network devices, primarily small office/home office routers, and network-attached storage devices.

The developer behind the hugely popular npm package "Node-ipc" has released sabotaged versions of the library to condemn Russia's invasion of Ukraine: a supply-chain tinkering that he'd prefer to call "Protestware" as opposed to "Malware." It started on March 8, when npm maintainer Brandon Nozaki Miller wrote source code and published an npm package called peacenotwar and oneday-test on both npm and GitHub.

The European Union Aviation Safety Agency, EU's air transport safety and environmental protection regulator, warned today of intermittent outages affecting Global Navigation Satellite Systems linked to the Russian invasion of Ukraine. These GNSS outages can lead to navigation and surveillance degradation due to jamming and/or possible spoofing issues that have intensified around Ukraine.

The Security Service of Ukraine said it has detained a "Hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of Russia.

The US Cybersecurity and Infrastructure Security Agency has just put out a bulletin numbered AA22-074A, with the dramatic title Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and "PrintNightmare" Vulnerability. Re-enrolled the account into the 2FA system, as though the original user were reactivating it.

"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default protocols at a non-governmental organization, allowing them to enroll a new device for MFA and access the victim network," the agencies said. The attack was pulled off by gaining initial access to the victim organization via compromised credentials - obtained by means of a brute-force password guessing attack - and enrolling a new device in the organization's Duo MFA. It's also noteworthy that the breached account was un-enrolled from Duo due to a long period of inactivity, but had not yet been disabled in the NGO's Active Directory, thereby allowing the attackers to escalate their privileges using the PrintNightmare flaw and disable the MFA service altogether.

The Russian government has established its own TLS certificate authority to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country's unprovoked military invasion of Ukraine. According to a message posted on the Gosuslugi public services portal, the Ministry of Digital Development is expected to provide a domestic replacement to handle the issuance and renewal of TLS certificates should they get revoked or expired.

"VPN demand was resurgent in Russia going into the weekend of March 12-13 as the Russian authorities banned Instagram in retaliation for parent company Meta permitting calls to violence against the Russian military to remain on its platforms," Top10VPN's Simon Migliano wrote. Russian VPN usage peaked on March 14, with a 2,692 percent increase over average daily demand.