11 March (Reuters) According to three persons with direct knowledge of the situation, Western intelligence agencies are looking into a cyberattack by unidentified hackers that crippled broadband satellite internet connection in Ukraine at the same time as Russia’s incursion.
Analysts for the French government cybersecurity agency ANSSI, the Ukrainian intelligence service, and the U.S. National Security Agency are evaluating whether the remote sabotage of a satellite internet provider’s service was carried out by Russian-state-backed hackers attempting to cut off communications to prepare the battlefield.
On February 24, between 5 and 9 a.m., the digital blitz on the satellite service commenced as Russian forces entered Ukraine and began shooting missiles, impacting major Ukrainian cities including the capital, Kyiv.
According to a representative of the American telecommunications company Viasat, which controls the impacted network, satellite modems belonging to tens of thousands of users in Europe were taken offline as a result of the incident.
Mayor: Kyiv’s overnight strikes result in power and heating interruptions.
Officials claim that Russian drones attack crucial infrastructure in and around Kyiv, targeting it as a target for attacks.
Ukraine shells Makiivka, striking military barracks, according to officials, and the Telegraph claims that UK’s Sunak suspends childcare reform indefinitely.
Some clients across Europe, including Ukraine, have internet connectivity from Viasat Inc.’s KA-SAT satellite, which was blocked by the hackers. Some are still offline more than two weeks later, resellers told Reuters.
Due to Viasat’s role as a defense contractor for the United States and its allies, what seems to be one of the most serious wartime cyberattacks officially documented thus far has caught the attention of Western intelligence.
According to government contracts examined by Reuters, KA-SAT has given Ukrainian military and police forces internet connectivity.
According to Pablo Breuer, a former SOCOM technician for the United States, cutting off satellite internet connectivity could make it more difficult for Ukraine to defend itself against Russian forces.
“The range of conventional land-based radios is limited. You must rely on these satellites if you’re deploying contemporary smart systems, smart weapons, and trying to perform combined arms movements “Breuer remarked.
When contacted for comment, the Russian Embassy in Washington did not respond right away. Moscow has consistently denied claims that it takes part in cyberattacks.
In what the Kremlin refers to as a “de-Nazification” campaign, the Russian military has surrounded Ukrainian cities. The West has condemned this as an unprovoked attack and has imposed harsh penalties against Moscow as a result. View More
Viasat claimed in a statement that a “deliberate, isolated and external cyber event” was to blame for the disruption for clients in Ukraine and elsewhere, but the company has not yet offered a thorough, open justification.
In an email, business representative Chris Phillips said, “The network has stabilized and we are restoring service and activating terminals as rapidly as possible.” He added that the company was giving priority to “essential infrastructure and humanitarian assistance.”
Managing director of the Czech telecoms firm INTV, Jaroslav Strategy, said that the impacted modems appeared to be fully inoperative. He claimed that normally, the SurfBeam 2 modems’ four status lights would show whether they were online or not. The lights on the Viasat-made equipment would not switch on at all following the attack.
The Viasat representative claimed that a bug in the satellite network’s “administration section” had given the hackers remote access to the modems, forcing them offline. He claimed that some of the impacted devices would need to be replaced and that the majority of them would need to be reprogrammed, either on-site or at a repair facility.
The Viasat representative declined to provide any information and was evasive when asked what the “management part” of the network meant. A Eutelsat subsidiary continues to run KA-SAT and its related ground stations, which Viasat acquired from the European firm Eutelsat last year.
Questions were forwarded to Viasat through Eutelsat.
According to two persons with knowledge of the situation, Viasat has hired the American cybersecurity company Mandiant to look into the infiltration. Mandiant specializes in finding state-sponsored hackers.
Mandiant, ANSSI, and the NSA’s spokespeople all declined to comment.
Government customers who directly purchased services from Viasat, according to the corporation, were unaffected by the outage. However, a third firm manages the KA-SAT network and contracts out service via a number of distributors.
According to contracts published on ProZorro, a Ukrainian transparency portal, the military and security services of Ukraine have purchased a number of various communications equipment that utilize the Viasat network during the previous few years.
The Ukrainian military did not immediately respond to a message requesting comment.
Some online vendors are still holding off on replacing their hardware.
The Czech telecom chief, Strategy, claimed Viasat was not at fault.
On the morning of the invasion, when he arrived at work, a monitor displayed regional satellite coverage in the Czech Republic, neighboring Slovakia, and Ukraine, all of which were highlighted in red.
“What happened was immediately evident,” he stated.
Apple Patches iOS and macOS Against Newly Exploited WebKit Flaw
As 2022 comes to a close, Apple is delivering its customers a significant series of security upgrades that fix hundreds of flaws in numerous products, including a zero-day vulnerability that iOS users are reportedly being exploited by hackers.
As many Apple fans should already be aware, the Cupertino-based corporation released an update to iPhone 8 and subsequent models in November that appeared to be trivial and irrelevant. Apple did not reveal the exact reason for the patch, merely stating that “information will be forthcoming soon.”
The advisory now includes a real CVE and a brief summary indicating that iOS 16.1.2 plugs a significant security hole that threat actors may have used.
The problem, identified as CVE-2022-42856, is in WebKit, the rendering engine that apps utilize to show web content on both iOS and macOS.
By using “maliciously constructed online content” to inject into the target device, a type of confusion flaw might be used by threat actors to execute arbitrary code, possibly malware, or steal data.
According to the alert, “Apple is aware of a report that this problem may have been actively exploited against versions of iOS published before iOS 15.1.”
Google’s Threat Analysis Group researcher Clément Lecigne is credited for finding the problem.
On previous generation devices including the iPhone 6s, iPhone 7, iPhone SE, most current iPads, and even the seventh-generation iPod touch, iOS 15.7.2 and iPadOS 15.7.2 fix this horrible zero-day vulnerability.
Users of Apple TV are also impacted, and tvOS 16.2 by Apple fixes the problem. In addition, standalone upgrades to Safari for macOS Big Sur and macOS Monterey, as well as for macOS Ventura 13.1, fix the issue.
Numerous further security flaws in Apple’s devices are being fixed, and they are all detailed on this page.
iOS 16.2, a brand-new point update for iPhone and iPad owners, not only addresses security but also adds a number of new features and enhancements. Go to Settings -> General -> Software Upgrade and select Download and Install to update your iDevice.
At long last, foreign investors can now invest in China’s VPN Market
In Beijing, the Chinese government finally declared that foreign companies can now invest in the ownership of their virtual private network services throughout the nation.
However, foreign investors are only permitted to purchase up to 50% of VPN businesses established in China. This restriction gives China the ability to maintain control over domestic goods that have been approved while providing a significant incentive for future investments.
Changes to investment caps on information services for various application stores, internet providers, and other topics are also covered by the policy update.
Everyone is shocked by this news because China has been fighting international VPNs for a very long time, preventing their entry into the nation, and imposing fines and punishments on users who disobeyed the banning laws. The only issue China had with VPNs was that they allowed users to bypass the Great Firewall and access foreign websites that were supposed to be blocked due to government censorship.
China will not relax its stringent control and internet access restrictions, despite the new measures the Chinese government has taken to attract international investment.
The state will continue to put pressure on foreign businesses to follow its rules.
What regulations have China put into place for incoming international investors?
The Chinese government’s first priority is to impose internet censorship. They took care to keep local servers running so that user data could be stored and made accessible to local law enforcement. They also informed the investors that users who appear to be employing a censorship bypass method may be blocked and reported.
China seeks to develop its many service businesses under this new program.
Additionally, the Chinese government is considering allowing access to their digital behemoths Tencent and Alibaba by expanding the search engine market on the Chinese internet.
The Ministry of Industry and Information Technology of China is currently creating precise laws and regulations that would compel all Chinese businesses to allow the appearance of their competitors’ websites in search engine results.
It would be an unprecedented move for the Chinese internet, one that would make dominating it harder than it has ever been if the Ministry of Industry moves forward with these new laws and regulations.
Conti Ransomware Attack Throws Costa Rica into a National State of Emergency
Recently, Costa Rica has been in the news a lot, especially after President Rodrigo Chaves Robles proclaimed a state of emergency. Following a string of ransomware assaults that paralyzed Costa Rica’s economy, various government agencies, and the general public sector, the announcement was made.
Since many people in Latin America are accustomed to this, it should come as no surprise that Costa Rica has a weak cybersecurity infrastructure and has experienced cyberattacks before. The majority of Costa Rican firms, including manufacturing and other companies with weak infrastructure, saw over 1200 intrusions on a weekly average in 2021, according to Bleeping Computer. The gang responsible for the hack, Conti, claimed to have over 670GB of government data and this time targeted the Costa Rican government. Conti demanded rising ransoms from the Costa Rican government.
The Costa Rican government’s lack of preparation for such widespread cyberattacks left them without the resources to incite any kind of incident response to lessen and limit the damage, leaving Conti with the upper hand even with the time they had between Conti’s threats and their decision to expose some of the data they had retrieved.
What precisely happened, then? Conti: Who or what is he? Could all of this have been avoided, or even merely contained? Is it already over? Below, we examine these responses as well as others.
Why is Costa Rica under a state of emergency following the cyberattack using the Conti ransomware?
The national state of emergency was proclaimed by President Rodrigo Chaves Robles on May 8, the same day he assumed office as Costa Rica’s newly elected leader. Following the nation’s month-long battle with ransomware assaults that have badly damaged the economy, Chaves made the announcement. At the time, it was calculated that the country was losing at least $38 million every day due to the economy’s stagnation.
What is the Costa Rican Conti ransomware attack?
Large-scale ransomware assaults launched by Conti, a well-known ransomware gang, hit Costa Rica on April 17th, 2022. The nation’s Ministry of Finance was the primary target of the hackers, and it was it that announced the attack on Twitter on April 18th. When Carlos Alvarado Quesada was still in office, the government refused to pay Conti’s $10 million ransom demand. The first government agency Conti affected was the Ministry of Finance. A number of digital financial services, including payments, filing taxes, billing for services, and more, came to a standstill when the tax administration and customs systems were made inoperable.
On May 8, after President Chaves’ outspoken refusal to pay the ransom, Conti published 97% of the material they had been using as collateral online.
According to President Chaves, it was established that by May 16th, there were twenty-seven institutions in Costa Rica that had been affected. Around this time, Conti increased their ransom to $20 million, probably believing that the harm they had already done would be sufficient to force the government to relent. The hacker organization threatened to erase the recovery keys and leave the government and its people stranded if the ransom was not paid by May 23. The group urged Costa Rican citizens to exert pressure on their government to pay the demanded sum.
At this time, Costa Rica contacted Joe Biden, the president of the United States, whose law enforcement offered a $15 million reward to anyone who could help identify and hunt down Conti by providing information about his activities.
Although the primary motivation behind ransomware is monetary gain, in the instance of Conti and Costa Rica as a target, the circumstances go beyond Costa Rica simply being a victim who was arbitrarily chosen owing to their network and infrastructure vulnerabilities. Even though Conti may not have intended to make a political statement, the geopolitical situation and their connection to Russia were key factors in Costa Rica’s ransomware attack.
Conti lost a lot of public favor after publicly endorsing Russia’s invasion of Ukraine. “Their political attitude was exposed by their anti-US and anti-West sentiments, which also caused groups that had previously supported them to withdraw their support.
In order to maintain a low profile, targeting major corporations and countries like the United States was no longer a good idea, so they started targeting smaller countries in Latin America because they have less security and a weaker capacity for cyber response, according to Guy Rosefelt, Chief Product Officer at Sangfor Technologies, in a webinar. “So the amount of ransom they collected in the last few months significantly declines,” he continues.
This didn’t fully result in their redemption, so Conti decided it was best to use Costa Rica as a getaway plan. They made the attack in Costa Rica their swan song. They devised a plan to successfully infiltrate and attack Costa Rica after scouring Latin America because they anticipated having to leave shortly. So, this served as Conti’s last performance before purportedly breaking up. If the Costa Rica ransom had been paid, it would have been their final victory and only hope.
Of course, whether or not they succeeded in achieving that objective does not imply that their business is now completely shut down. It is common knowledge that when ransomware groups disband, it simply indicates that its members have joined subgroups or other organizations. This would explain the “coincidental” cyberattack that occurred in late May 2022 against Costa Rica’s public health system and social security fund, CSS.
This attack’s scope was equally harmful because it had an impact on public health systems like COVID-19 testing and tracking and compelled hospitals across the nation to fall back on pen and paper as a backup. Since HIVE is notorious for attacking international healthcare institutions, this attack is consistent with their strategy.
Even though they explicitly denied any connection to Conti on their website, the alignment with Conti’s activities has continued to draw attention.
These attacks’ aftereffects are still being felt in Costa Rica, and it doesn’t appear that it will soon make a full recovery.
What is Ransomware as a Service, or RaaS?
The phrase “ransomware as a service” (RaaS) describes the practice of using ransomware as a tactic or business model. Ransomware services are sold to customers by organizations like Conti through servers.
In order to infect the systems of target organizations at the affiliate or buyer’s request, ransomware developers construct distinctive ransomware codes, which are subsequently used by ransomware operators. Like any other business, this service may be paid for by a one-time fee or by the proceeds generated by the ransomware code. However, many of the business models employed by cybercrime organizations are subscription-based, with perks like forum inclusion, round-the-clock help, and bundling. To learn more about securing your organization’s infrastructure, see Expert Tips on Improving Organizational Cyber Defense.
Of course, Conti is not the only cybercrime gang to carry out this operation; DarkSide and REvil are two other well-known Ransomware as a Service organization. DarkSide claims to no longer exist, but in reality, they did so after a 2021 attack that shut down the Colonial Pipeline for six days, causing indignation among the people and DarkSide to declare their dissolution. The organization is alleged to have received more than $90 million in just nine months and to have stolen and leaked more than 2TB of data.
Another Russian-based vendor of RaaS was REvil. Since they started operating in April 2019, when another RaaS organization known as GrandCrab stopped its activities, it is anticipated that they have received more than $200 million. Ransomware was the most common sort of cyberattack in 2021, and according to IBM, 37% of the attacks were carried out by Ravil. According to the New York Times, the Russian security agency MOSCOW asserted that REvil had been shut down following a scan of five Russian districts.
Although ransomware assaults can have a similar character, gangs are usually picky about the targets they choose. For instance, HIVE has a history of targeting healthcare facilities, whereas DarkSide has refrained from assaulting hospitals, non-profits, and educational institutions. This just serves to demonstrate that everyone has the potential to become a target.
Use Sangfor products to protect yourself from hacks like the Costa Rican Conti ransomware attack.
Ransomware like Conti is pushed by unethical hackers who have the knowledge to get past firewalls and other common protection measures while using extremely skilled phishing techniques to infiltrate networks. This means that defending against more complicated attacks calls for cybersecurity methods and anti-ransomware solutions that are equally capable, even if they are not complex, and Sangfor offers both.
The surroundings of your company will be regularly monitored by ransomware defense technology. For constant protection against threats, automated and ongoing threat detection is required.
Sangfor’s solutions combine network monitoring and endpoint security tools to create a continuous platform for convergent threat detection and response.
In order to ensure that there have been no breaches at any point in the attack chain, Sangfor’s XDDR (Extended Detection, Defense and Response) framework uses a firewall that communicates directly with endpoint security. Should any breaches be discovered, the response is immediate to eliminate all threats while also tracing the origins and repairing any points of weakness. The results of vulnerability scans are relayed back to our NGAF (Next Generation Application Firewall), ensuring that all points of data circulation are covered for complete network visibility. Additionally, XDDR reveals hidden hazards both on-site and remote, especially in light of the increase in remote work.
Before and after integration, Sangfor conducts ongoing assessments to get a deeper understanding of any network flaws that present opportunities for improvement.
Finally, while relying just on backups is insufficient, integrating security solutions with Sangfor HCI enables regular cloud storage of backups for on-demand access. Your cloud, whether private, public, or hybrid, should be safe in today’s cloud-dominated world since it is essential to the inflow and outflow of organizational data.
Our extensive suite of cybersecurity products has been combined to provide a comprehensive cybersecurity strategy, risk management, and disaster recovery plan. As a result, we combine a variety of complex security and cloud computing solutions to produce a simple, secure, and manageable system that satisfies business needs boosts performance and safeguards your company. At Sangfor, we do not believe that there is a single platform that is a solution to every cybersecurity issue.
Can Costa Rica be said to have escaped the attack? Maybe not, but they could have surely decreased the effect. Guy adds in his presentation that Costa Rica “could have investigated more effective cyber screening measures earlier on.” The recording is accessible here.
It’s crucial to remember that some cyberattacks are unavoidable, but having a solid recovery strategy will help you minimize your damages. Business continuation depends on early discovery and quick action. Costa Rica serves as an illustration of what occurs when businesses and organizations of all stripes, including the government, fail to recognize the value of being prepared for digital disasters. An organization’s ability to manage its assets and recover from disasters that disrupt its processes and systems is enhanced by investing in cybersecurity solutions. Although Conti may have taken down their website and disappeared, Costa Rica is still feeling the effects of Conti.
Fashion1 month ago
Safety First – Features to Look for in Newborn Pajamas
Business1 month ago
The World Inventors Competition of South Korea (SIIF) is one of the most important and largest events in which innovations, ideas and inventions of the participants are displayed every year.
Business1 month ago
How to Save $3,000 in 3 months?
Tech News1 month ago
The Flutterwave Scandal: A Closer Look at Fintech’s Dark Hour
Health1 month ago
Unlocking Wellness: Well Health Ayurvedic Health Tips
Fashion1 month ago
5 Strategies For Parents on A Budget When Buying Kids’ Pajamas
Entertainment1 month ago
Unlocking the Power of pi123net: A Gateway to High-Speed Internet
Sports1 month ago
Methstreams NFL: Unveiling a New Era in Sports Entertainment