Tech companies help defend Ukraine against cyberattacks

Written by admin

Tech companies help defend Ukraine against cyberattacks

WASHINGTON — Last Wednesday, hours before Russian tanks rolled into Ukraine, alarms sounded inside Microsoft’s Threat Intelligence Center, a never-before-seen “wiper” malware that appeared to be aimed at the country’s government ministries and financial institutions. Fragment alert.

Within three hours, Microsoft found itself in the middle of a ground war in Europe from 5,500 miles away. The threat center, north of Seattle, was on high alert, and it quickly isolated the malware, named it “FoxBlade” and notified Ukraine’s top cyber defense authority. Within three hours, Microsoft’s virus detection system was updated to block code that wipes data — “wipes” — on computers across a network.

Then Tom Burt, the senior Microsoft executive who oversees the company’s efforts to combat major cyber attacks, contacted Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technologies. Ms Neuberger asked whether Microsoft would consider sharing the details of the code with the Baltics, Poland and other European countries, fearing the malware would spread beyond Ukraine’s borders, cripple military alliances or kill Western European banks. Will give

Before midnight in Washington, Ms. Neuberger had introduced – and Microsoft – had begun to take on the role that Ford Motor Company had in World War II, when the company converted automobile production lines to make Sherman tanks. .

Washington is stress-testing the combat system in Ukraine, after years of discussion in tech circles about the need for public-private partnerships to combat devastating cyber attacks. The White House, armed with intelligence from the National Security Agency and the United States Cyber ​​Command, is overseeing classified briefings on Russia’s cyber offensive plans. Even if U.S. intelligence agencies picked up on the kind of crippling cyber attacks that someone – possibly Russian intelligence agencies or hackers – threw at Ukraine’s government, they would have had enough speed to stop them. There is no infrastructure to move forward.

“We are a company, not a government or a country,” Microsoft President Brad Smith said in a blog post released by the company on Monday. But the role it is playing, he clarified, is not neutral. He wrote of “constant and close coordination” with the Ukrainian government, as well as with federal authorities, the North Atlantic Treaty Organization and the European Union.

“I’ve never seen it act like this or nearly so fast,” said Mr. Burt. “We’re doing it in hours now, which would have been weeks or even months a few years ago.”

Wisdom is flowing in many directions.

Company officials, some armed with new security clearances, are joining the secure call to listen to a series of briefings organized by the National Security Agency and the United States Cyber ​​Command, along with British officials. But most of the actionable intelligence is coming from companies like Microsoft and Google, which can see what’s going on in their vast networks.

Mr Biden’s aides often note that it was a private firm – Mandiant – that unearthed the “Solarwinds” attack 15 months earlier, in which one of Russia’s most cyber-savvy intelligence agencies, SVR, was used by thousands of US government agencies. The network management software to be used was infiltrated. and private business. This gave the Russian government autocratic access.

See also  4 Lies Russians Are Told About War

Such attacks have given Russia a reputation as one of the most aggressive, and efficient, cyber powers. But surprising in recent days, Russia’s activity in that region has been more muted than expected, the researchers said.

The earliest tabletop exercises about a Russian invasion began with massive cyberattacks, taking out the internet and perhaps the power grid in Ukraine. So far, that hasn’t happened.

Shane Huntley, director of Google’s threat analysis group, said, “Many are quite surprised that Russia is not significantly integrating cyber attacks into the overall campaign in Ukraine.” “It’s mostly normal business at the same level of Russian targeting.”

Mr Huntley said Google regularly sees some Russian attempts to hack into the accounts of people in Ukraine. “The normal level is never really zero,” he said. But those efforts have not increased significantly over the past several days as Russia invades Ukraine.

“We have seen some Russian activities targeting Ukraine; “It just hasn’t been the big sets,” said Ben Reed, a director at security firm Mandient.

It is not clear to US or European officials why Russia remained closed.

It could be that they tried but the defenses were stronger than they expected, or that Russian citizens wanted to minimize the risk of attacking infrastructure, so that the puppet government they installed would not struggle to rule the country.

But US officials said a large-scale cyberattack by Russia on or beyond Ukraine, in retaliation for economic and technology sanctions imposed by the United States and Europe, is hardly off the table. Some speculate that as Moscow intensifies its indiscriminate bombing, it will try to cause as much economic disruption as it can muster.

The longer and more effective the Ukrainian resistance against Russia’s military, the more tempted Moscow may be to begin using an “armada of Russian cyber forces,” said Senator Mark Warner, a Virginia Democrat who leads the Senate Intelligence Committee. Said in an interview. Week.

Facebook’s parent company Meta revealed on Sunday that it had found hackers captured accounts belonging to Ukrainian military officials and public figures. The hackers tried to use their access to these accounts to spread propaganda, posting videos that were purported to show the surrender of the Ukrainian military. Meta responded by shutting down accounts and alerting users that were targeted.

Twitter said it had received indications that hackers attempted to compromise accounts on its platform, and YouTube said it had removed five channels that posted videos used in the propaganda campaign.

Meta officials said the Facebook hackers were affiliated with a group called Ghostwriters, which security researchers believe to be linked to Belarus.

Ghostwriter is known for its strategy of hacking into the email accounts of public figures, then using that access to compromise their social media accounts as well. The group has been “heavily active” in Ukraine during the past two months, said Mr Reid, who researches the group.

While US officials do not currently assess any direct threats to the United States from Russian cyber operations, this calculation may change.

US and European sanctions are tougher than expected. Mr Warner said Russia could “respond to cyberattacks against NATO countries either directly or, more likely, free all Russian cybercriminals on large-scale ransomware attacks that still give them some denial of responsibility.” allows.”

Russian ransomware criminal groups conducted a devastating series of attacks last year against hospitals in the US, a meat-processing company and, most notably, a company that operates gasoline pipelines along the East Coast. While Russia has taken steps in recent months to rein in those groups – after months of meetings between Ms Neuberger and her Russian counterpart, Moscow made some high-profile arrests in January – it could easily reverse its efforts. could.

But President Biden has intensified his warning to Russia against any type of cyberattack on the United States.

“If Russia conducts cyberattacks against our companies, our critical infrastructure, we are ready to respond,” Mr Biden said on Thursday.

It was the third time Mr Biden had issued such a warning after winning the election. While any Russian attack on the US seems like it would be a reckless escalation, Representative Adam B. Schiff, a California Democrat who leads the House Intelligence Committee, said Mr. Putin’s decision so far has proved to be poor.

“There is a risk that whatever cyber tools Russia uses in Ukraine does not remain in Ukraine,” he said in an interview last week. “We’ve seen this before, where malware directed to a certain target gets released into the wild and then takes on a life of its own. So we could fall prey to Russian malware that has overtaken its intended target.”

#Tech #companies #defend #Ukraine #cyberattacks

About the author


Leave a Comment

%d bloggers like this: