Security News

The U.S. Department of Justice has charged six Russian intelligence operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the notorious NotPetya ransomware attack.

Believed to be part of the elite Russian hacking group known as “Sandworm”, the indictment states that all six individuals are part of the Russian Main Intelligence Directorate known as GRU.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C. Demers.

The US indicted Yuriy Sergeyevich Andrienko, 32; Sergey Vladimirovich Detistov, 35; Pavel Valeryevich Frolov, 28; Anatoliy Sergeyevich Kovalev, 29; Artem Valeryevich Ochichenko , 27; and Petr Nikolayevich Pliskin, 32.

They are all charged with conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.

Read more »

Why ISPs?

1. Protecting ISPs is today an high priority from a nation’s national security perspective.

2. Internal research activities have shown that all the ISP-related intrusions that are attributable to organized adversaries (or APT) are aimed at digital espionage operations towards third parties or at  accessing customer data / database.

3. In 2019 there has been an increase in activities against this sector by threat groups suspected by industry of operating on behalf of the China, Russia and the DPRK interests. Locally, activities in the Middle-East have been observed by groups suspected of operating on behalf of the Iranian government.

4. In 2019, I participated in the analysis of “DeadlyKiss”. According to what observed, it’s an uncommon piece of malware family active since at least 2016. Its victims appears to be exclusively entities operating in the telecommunications sector. The ability of this threat to remain so in the shadows for all these years (prior to publication its detection rate was extremely low with only one vendor able to
detect it via ML algorithms) makes us reflect on how some threat actors can use specific digital weapons exclusively for the compromise of specific sectors / targets.

Read more »

Microsoft is working on adding SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers’ email communication security and integrity.

Once MTA-STS is available in Office 365 Exchange Online, emails sent by users via Exchange Online will only one delivered using connections with both authentication and encryption, protecting against both email interception and attacks.

Protection against MITM and downgrade attacks

MTA-STS strengthens Exchange Online email security and solves multiple SMTP security problems including the lack of support for secure protocols, expired TLS certificates, and certs not issued by trusted third parties or matching server domain names.

Given that mail servers will still deliver emails even though a properly secured TLS connection can’t be created, SMTP connections are exposed to various attacks including downgrade and man-in-the-middle attacks. Read more »

Norway’s Minister of Foreign Affairs Ine Eriksen Søreide today said that Russia is behind the August 2020 cyber-attack on the Norwegian Parliament (Stortinget).

“On 24 August, the Storting announced a data breach in their e-mail systems,” Søreide said in a press release published earlier today after a briefing that also included Minister of Defense Frank Bakke-Jensen.

“Based on the information base the government possesses, it is our assessment that Russia is behind this activity.”

“This is a serious incident that affects our most important democratic institution,” Søreide added.

Read more »

In 2019, high level executives of national cybersecurity authorities, the European Commission and ENISA,  the EU Agency for Cybersecurity participated in the table-top Blueprint Operational Level Exercise (Blue OLEx) 2019, which underlined the need to implement an intermediate level between the technical and the political ones in the EU cyber crisis management framework.

Read more »