CyberWire Daily - Russia’s full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.

Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions. This coffee is so good. How do they make it so rich and tasty? Those paintings we saw today weren't prints. They were the actual paintings. I have never seen tomatoes like this. How are they so red? With flight deals starting at just $589, it's time for you to see what Europe has to offer.

Starting point is 00:00:31 Don't worry. You can handle it. Visit airtransat.com for details. Conditions apply. AirTransat. Travel moves us. Hey, everybody. Dave here.

Starting point is 00:00:44 Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Delete.me.

Starting point is 00:01:22 Now at a special discount for our listeners. private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout. That's joindeleteme.com slash n2k code N2K at checkout. That's joindelete.me.com slash N2K, code N2K. Russia opens a general war against Ukraine with rocket fires, heavy forces, and a not-so-veiled threat to NATO. Cyber operations are serving as combat support and strategic disruption. While the war in Ukraine dominates the news, elsewhere in the world, cybercrime and cyber espionage continue at their customary levels. Carol Terrio looks to the security of your mobile

Starting point is 00:02:21 devices. And our guest is Dr. Chenzi Wang of Rain Capital with insights on the new NIST software supply chain security standards. From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Thursday, February 24th, 2022. Russia declares war and begins a general offensive against Ukraine. Russian President Putin said he had authorized a special military operation. Its objectives, he said, are the demilitarization and denazification of Ukraine, but not its occupation. Denazification will be baffling for any who haven't followed the crisis closely.

Starting point is 00:03:22 One of the principal talking points in the long-running Russian disinformation campaign is that the Ukrainian government is composed of actual, unreconstructed neo-Nazis. This particular claim is intended for domestic consumption and isn't taken seriously abroad. Mr. Putin said that the breakaway provinces of Donetsk and Luhansk had asked for Russian aid and that Russia's intervention was designed to prevent what he's variously described as a humanitarian catastrophe and genocide.

Starting point is 00:03:55 The invasion kicked off at 5 a.m. Kiev time. Mr. Putin also warned the world to keep their hands off Ukraine. Mr. Putin also warned the world to keep their hands off Ukraine. He said, Now a few important, very important words for those who may be tempted to intervene in ongoing events from the outside. Whoever tries to interfere with us, and even more so to create threats to our country, to our people, should know that Russia's response will be immediate and will lead you to such consequences as you have never experienced in your history. We are ready for any development of events.

Starting point is 00:04:33 All necessary decisions in this regard have been made. I hope that I will be heard. End quote. Some have seen this as a veiled threat of nuclear war, and while that seems unlikely, war, and while that seems unlikely, the strategic force exercises Russia held over the weekend do seem to have been intended to suggest that possibility to NATO. President Putin had a message for Ukrainian troops as well, lay down your arms and if you do so, you'll be allowed to return home. Ukrainian President Zelenskyy late Wednesday broadcast an appeal for peace to the Russian people. Speaking in Russian, he said,

Starting point is 00:05:11 The people of Ukraine and the government of Ukraine want peace. But if we come under attack, if we face an attempt to take away our country, our freedom, our lives, and the lives of our children, we will defend ourselves. When you attack us, you will see our faces, not our backs. End quote. He had earlier sought to contact President Putin, but Mr. Putin didn't take his call. The U.S. had warned yesterday, continuing its recent policy of unusual transparency with respect to intelligence products, that a full-scale Russian invasion of Ukraine was expected within 48 hours.

Starting point is 00:05:47 In fact, the invasion arrived in less than 24 hours. H-hour for the general Russian attack was 5 a.m. Thursday in Kiev, which was 10 p.m. Wednesday in New York, and at that time the UN Security Council was in session discussing the crisis. The New York Times reports that Sergei Kislitsya, in an emotional speech at the United Nations Security Council, held up his phone and asked the Russian ambassador if he wanted to see a video of President Putin announcing a military attack on his country. Kizlitsya said, You declare war and it is the responsibility of this body to stop the war. I call on every one of you to do everything possible to stop the war, or should I play the video of your president declaring the war? The Russian ambassador

Starting point is 00:06:31 replied, this is not called a war. It is called a special military operation in Donbass. Russia was chairing the session. It was Russian's turn to do so. And the Ukrainian ambassador rose to demand that the Russian ambassador relinquish the rotating presidency. Directly addressing the Russian ambassador, he said, There is no purgatory for war criminals. They go straight to hell, ambassador. After a pause, the Russian ambassador answered, We aren't being aggressive against the Ukrainian people, but against the juncture of power in Kiev. And then he gaveled the meeting to a close.

Starting point is 00:07:09 Late last night at about 10.30 p.m., U.S. President Biden condemned the Russian attack. Quote, President Putin has chosen a premeditated war that will bring a catastrophic loss of life and human suffering. Russia alone is responsible for the death and destruction this attack will bring, and the United States and its allies and partners will respond in a united and decisive way. The world will hold Russia accountable. A few hours later, he posted an account of a call with President Zelensky. President Zelensky reached out to me tonight, and we just finished speaking. I condemned this unprovoked and unjustified attack by Russian military forces.

Starting point is 00:07:53 I briefed him on the steps we are taking to rally international condemnation, including tonight at the United Nations Security Council. He asked me to call on the leaders of the world to speak out clearly against President Putin's flagrant aggression and to stand with the people of Ukraine. Tomorrow, I will be meeting with the leaders of the G7 and the United States and our allies and partners will be imposing severe sanctions on Russia. We will continue to provide support and assistance to Ukraine and the Ukrainian people, end quote. President Biden is expected to announce more sanctions against Russia, probably this afternoon. He is said to announce more sanctions against Russia probably this afternoon. He is said to have spent the morning in consultation with allies, specifically with G7 leaders,

Starting point is 00:08:32 which suggests a fundamentally economic set of sanctions, and his national security staff. Ukraine's Minister of Digital Transformation, Mykhailo Fyyodorov said yesterday that yesterday afternoon large distributed denial-of-service attacks began against Ukrainian banks and government websites. ESET says its researchers found a wiper deployed against Ukrainian targets about two hours after the DDoS attacks began. ESET is calling for convenience the destructive malware Hermetic Wiper as it was signed with a certificate from the Cypriot company Hermetica Digital. Reuters says it's been unable to find out very much about Hermetica Digital beyond its apparent founding a year or so ago. Sentinel-1 has also confirmed that Hermetic Wiper is in active use.

Starting point is 00:09:22 Reuters also reports that Symantec has said the attack has also had some effects in Latvia and Lithuania. Now that the Russian war against Ukraine is fully kinetic, cyber operations will probably assume a significant combat support role. The threat is not only a terrestrial one. Breaking Defense reports that Chris Scolese, director of the National Reconnaissance Office, said yesterday, quote, I think it's fair to assume that to the extent that Russia can and to the extent that they feel it won't extend the conflict out of their control, they will extend it into space. How are they going to do that? What are they going to do? I mean, you could imagine they're already doing GPS jamming, as an example, and doing things against Ukraine.

Starting point is 00:10:06 I would say for everybody that the important thing is to go off and make sure that your systems are secure and that you're watching them very closely, because we know that the Russians are effective cyber actors. He added that it's better to be prepared than be surprised. Palo Alto Network's Unit 42 released a report on an advanced persistent threat that's prospecting companies in the technology, energy, health care, education, finance, and defense sectors. The researchers call the campaign Twisted Temple, and it's noteworthy for a sophisticated method it's using

Starting point is 00:10:39 to maintain persistence in its targets. Quote, A custom backdoor, SOC Detour, is designed Quote, a custom backdoor sock detour is designed to serve as a backup backdoor in case the primary one is removed. It is difficult to detect since it operates filelessly and socketlessly on compromised Windows servers. End quote. More than a dozen organizations have been affected. Armor Blocks reports that a criminal phishing campaign impersonating DocuSign is in progress. The link in the malicious email takes the victim to a phishing page designed to collect Microsoft Outlook credentials. Armor Blocks points out that the campaign bears several

Starting point is 00:11:17 features that most likely-to-succeed phishing attempts have. It spoofs known workflows and impersonates a trusted product to do so. Its social engineering engenders both trust and a sense of urgency, and it uses valid domains. CSO sees a lesson in a recent court case. Beware of tempting but illicit business intelligence tools. The fact that spyware is available and that it seems readily adaptable to your business intelligence challenges doesn't mean that using it is even a good idea, still less that it's even legal. For example, suppose you really wanted to eavesdrop on your competitors' phone calls. Not that you would, but just suppose.

Starting point is 00:12:00 As much as you might counterfactually want to listen in, don't. It's bad law, bad morals, and bad business. And finally, as a community, consider sparing a thought for colleagues in beleaguered Ukraine. We received an email this morning from MacPaw, whose MacCleaner product you may know. They're based in Kiev, and for now at least, they say they're safe and riding out the invasion in place. Those of us who aren't under rocket fire are lucky ducks indeed. Take care of yourselves, Mac Paw, and our sincere wishes for the safety of all those in peril on the ground.

Starting point is 00:12:50 Do you know the status of your compliance controls right now? Like, right now. We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.

Starting point is 00:13:31 Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home. Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached.

Starting point is 00:14:23 Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io. NIST recently published updated software supply chain security guidelines as part of an executive order from the White House aiming to improve the nation's cybersecurity. Dr. Chenzi Wang is a technical advisory board member at Secure Code Warrior and a managing partner at Rain Capital Fund LP, a cybersecurity-focused venture fund. She thinks NIST's new guidelines are a step in the right direction. venture fund. She thinks NIST's new guidelines are a step in the right direction.

Starting point is 00:15:12 I know they stressed the importance of SBOM, software supply chain security, which is one that I think really needs the industry to focus on. This has been in the works for many, many years, meaning that many of us have been out preaching the importance of this. But for NIST to really issue a guide and say, hey, thou shalt do this, and for the executive office to follow up with more fuel on the fire in the executive order, I think that would really drive the industry towards the adoption and the standards behind it. So that's one. And I also, the theme is, you know, engineering trustworthy, secure systems, right? Really outlines the proactive approach of it.

Starting point is 00:15:59 So security, if you think about it, in the past, historically has been a reactive sector of our operations, right? So something's wrong and security team holds logs and does forensics, does investigation. But we have done, I would say, maybe somewhat a poor job of being proactive, preparing our organizations for potential threats and for the risks that's more modern day risks. mitigating vulnerabilities within systems and software and using something like software supply chain risk as a lens to eliminate risk from entering our system to being with. So I think it requires, it sort of asks us to adopt a new mindset, more proactive, more holistic mindset towards cybersecurity. more proactive, more holistic mindset towards cybersecurity.

Starting point is 00:17:11 Are you optimistic that the release of these sorts of guidelines could really make a meaningful difference that we could really see it move the needle? So when you ask this question to security industry people, you'll get two very distinct answers. You will see a lot of, oh, this is not going to help. This is like barely scratching the surface. And I think security industry folks are trained to be a little bit pessimistic in their view of the world. I'm the opposite. I'm always the cheerleader for guidelines such as this, because I see pushing the industry forward in a positive direction, even though when we get there, it may be only 70% what we need to do.

Starting point is 00:17:55 It's still a positive step in the right direction. Now, there will be a lot of nuances, right? Some companies will spend a lot of money, a lot of resources, not quite getting there, or others will be confused or what exactly they want to do. There's always room for improvement for how prescriptive the guideline should be or how clear the guideline should be. But overall, if you take a 50,000 foot view, it's a good thing for the industry. It's a good thing for organizations, good thing for consumers. That's Dr. Chenzi Wang from Rain Capital. Cyber threats are evolving every second and staying ahead is more than just a challenge. It's a necessity.

Starting point is 00:18:47 That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. Our UK correspondent Carol Terrio has been considering the security of mobile devices as of late. And today she joins us with the first of a two-part report. According to Statista, in 2021, the number of mobile devices operating worldwide stood at almost 15 billion, up a billion from the previous year. Now, if you think that the population is 7.9 billion, that's almost two devices per human on the planet. Apparently, half the smartphone users in the US will spend five to six hours on their phones every single day. Before you say that this includes work, and of course,

Starting point is 00:20:12 you need to use your phone for work, this number excludes work-related smartphone use. Just five percent, five out of a hundred people said they spend less than an hour a day on their smartphones. So it's clear, we are smartphone addicts. As it's now a brand new year, shouldn't we take a few minutes to make sure the device is a little bit more secure than it was last year. In cybersecurity, of course, every smidge of security counts. So I'm going to quickly list a few things you can check on your phone to make it a bit more secure. And if these are all in place for you, then woohoo for you. Your job is now to get out there and get someone in your life, your teen, your mom, your uncle Fred, Susan at work, to implement these as well on their device. Or of course, you could just, I guess, share this podcast episode and save

Starting point is 00:21:13 yourself a bit of time. First up, New Year clear out. You know it's really handy when you get a new device and you can import all your old data and apps across from your old device with the click of a few buttons. But there is a cost to this frictionless approach. All these legacy apps could be sitting there on your phone, not only just taking up space, but maybe also hoovering up data from your phone without you even realizing it. And my advice is to get rid of the apps from your phone that you do not use regularly. Just delete them from your device. For example, I had LinkedIn and Pinterest on my phone for a while. I used them and then I used them less and less because I found them annoying.

Starting point is 00:21:57 And when I noticed this, I removed them. The thing is they're not gone forever as I've not deleted my user account. I have just deleted the app from my phone. So as long as I remember the password, I can reinstall them on my phone and log in and everything is back to normal. My point is, is think of apps like clothes. There are those you don't need regularly. And what you do is you put them in storage and you dust them off when you need them. You know, I have a few other things for you guys to check, but I've run out of time. So I am going to make a part two. Watch this space. This was Carol Theriault for The Cyber Wire. CyberWire. And that's the CyberWire.

Starting point is 00:22:59 For links to all of today's stories, check out our daily briefing at thecyberwire.com. The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTri Tribe, where they're co-building the next generation of cybersecurity teams and technologies. Our amazing Cyber Wire team is Elliot Peltzman, Trey Hester, Brandon Karp, Eliana White, Puru Prakash, Justin Sabey, Tim Nodar, Joe Kerrigan, Carol Terrio, Ben Yellen, Nick Bilecki, Gina Johnson, Bennett Moe, Chris Russell, John Petrick, Jennifer Iben, Rick Howard, Peter Kilpie, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Thank you. Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.

CyberWire Daily - Russia’s full-scale invasion of Ukraine began this morning at 5:00 AM, Kyiv local time. Cyberattacks are serving as combat support and strategic disruption.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.