Security News

As the invasion of Ukraine heads into its third week with NATO allies ratcheting up sanctions against Russia, infosec vendors have urged Western governments and businesses to prepare for retaliatory cyberattacks. According to Mandiant, Ukraine remains the top target for destructive or disruptive cyberattacks.

"Logs for network equipment in security critical functions shall be fully recorded and made available for audit for 13 months," explained the code. The wider consultation looks at security overall, ranging from the supply chain to network security of the type familiar to Register readers.

Infosec researcher Rob Dyke, best known to Reg readers for fending off legal threats from not-for-profit open-source foundation Apperta after finding a data breach, has visited Parliament to demand Computer Misuse Act reform. The security researcher's highly eventful attempt at vulnerability disclosure to Apperta last year resulted in him having to spend £25,000 to see off the open-source org's legal threats, though a crowdfunding campaign helped with the bulk of his legal fees.

US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide. MuddyWater is "Targeting a range of government and private-sector organizations across sectors-including telecommunications, defense, local government, and oil and natural gas-in Asia, Africa, Europe, and North America," the two governments said.

New malware dubbed Cyclops Blink has been linked to the Russian-backed Sandworm hacking group in a joint security advisory published today by US and UK cybersecurity and law enforcement agencies. "The malware dubbed Cyclops Blink appears to be a replacement for the VPNFilter malware exposed in 2018, and its deployment could allow Sandworm to remotely access networks," the UK National Cyber Security Centre said today.

The UK government is claiming a record year for revenue in the cybersecurity sector saying the industry generated £10.1bn. The figure represents a 14 per cent increase on last year, when total revenue generated by the sector was £8.9bn, according to figures from the Department for Digital, Culture, Media and Sport. It said 1,800 cybersecurity firms contributed around £5.3bn to the UK economy in 2021, rising by a third on the previous year from £4bn - the largest increase since the report began in 2018.

Ransomware attacks are proliferating as criminals turn to gangs providing turnkey post-compromise services, Britain's National Cyber Security Centre has warned. The warning comes hot on the heels of several high-profile attacks against oil distribution companies and also businesses that operate ports in the West - though today's note insists there was a move by criminals away from "Big game hunting" against US targets.

Adults will have to hand over credit card or passport details before they can access social media sites, the British government threatened this morning. Internet use age verification - first floated and then abandoned via the country's 2017 Digital Economy Act - will return in the UK's Online Safety Bill, digital minister Chris Philp MP has vowed, linking the technology, widely criticised by privacy activists, to protecting children from pornography websites.

Optionis, the group that includes umbrella and accountancy companies providing services to tech contractors, has confirmed that following last month's digital break-in customer data is being leaked online. Parent Optionis Group later said that divisions SJD Accountancy and Nixon Williams were also hit.

The shadow foreign secretary for UK's opposition Labour party, David Lammy MP, has asked why the reform of the Computer Misuse Act appears to have stalled in an open letter to government. The letter, published on the Labour Party website, takes the ruling Conservative Party's ministers to task over a range of what Labour sees as a failure to act on various Russia-linked topics.