Satellite cyberattacks, Russian disinformation and ContiLeaks fallout

nick chapman/Flickr

Welcome to Changelog for 3/13/22, published by Synack! Congress last week sent a major piece of cybersecurity legislation to President Biden’s desk as part of a $1.5 trillion spending package. Meanwhile, experts continued to parse the gold mine of intelligence from the Conti ransomware leaks, and disinformation swirled around Russia’s ongoing war in Ukraine. Here’s what to know:

 

The payload

The ransomware show must go on, COVID be damned.

A middle manager in the Conti cybercriminal gang worked for three days straight while running a fever from a coronavirus infection, according to chat logs leaked late last month.

The data dump from the ContiLeaks Twitter account offers an unprecedented glimpse into the inner workings of a ransomware group feared for its willingness to strike everything from Irish hospitals to U.S. 911 dispatchers.

As Shaun Waterman reports for README, Conti’s members haggle over pay, call each other “bro” like a bunch of millennials and struggle to find work/life balance.

“Hello. I got sick. Covid,” said Van, the middle manager in Conti’s mafia-like structure, to his supervisor last September. Van said he soldiered on through a fever because “everyone needs crypts” but that he finally needed to take some sick leave.

Van’s request highlights the banality of the ransomware business, even as Conti has drawn backlash for declaring its allegiance with Russia after Vladimir Putin ordered troops to invade Ukraine. (The user behind the ContiLeaks account is avowedly pro-Ukrainian.)

Behind the geopolitics, there’s office politics. The leaked chat logs show how Conti affiliates on the lower end of the ransomware hierarchy face severe downsides. Grunts can expect low pay, little flexibility and an ethos that puts money above all moral or ethical misgivings.

Unfortunately, none of that has stopped Conti’s operators from carrying on their attacks through a 2020 Cyber Command takedown, multiple leaks, and now a war that threatens to upend the entire Russian-speaking cybercriminal underground.

If Van had never returned to “work” after getting COVID, the internet would be a bit safer.

The week, compiled

Russia is coopting the language of fighting disinformation to spread disinformation, using “debunking” videos and bogus fact checks to further muddy the waters in Moscow’s war with Ukraine.

The disturbing playbook goes something like this, as ProPublica reported last week:

  1. Create a fake video or dig up years-old footage of, say, explosions in Kyiv.
  2. Falsely claim that the video is being shared widely in Ukraine or foreign media as trumped-up evidence of Russian atrocities.
  3. “Debunk” the doctored video and amplify that misleading fact check across state TV channels and social media.

“The reason that it’s so effective is because you don’t actually have to convince someone that it’s true. It’s sufficient to make people uncertain as to what they should trust,” Clemson University associate professor Patrick Warren told ProPublica.

 tanks
A screenshot of a fake “debunking” video shared on Russian state television. Channel One Russia/via BBC

The trend arrives as Russian President Vladimir Putin has doubled down on his domestic war on truth, enacting a law that criminalizes things like accurately calling Russia’s attack on Ukraine an “invasion.” (Would-be truthtellers can face up to 15 years in prison.)

The clampdown has implications for U.S. tech giants that have been browbeaten into suppressing news or apps Putin doesn’t like — a dismantling of free expression that began long before the Ukraine invasion, as the Washington Post reported yesterday.

I expect Russia will apply its disinformation tactics to more U.S. targets as the war in Ukraine drags on. American companies should know how to prepare.

Here’s what else came down the pike last week:

CyberScoop: Critical infrastructure owners and operators will face a 72-hour deadline for reporting any major cybersecurity breaches or ransomware payments under long-awaited legislation sent to the White House for Biden’s signature on Thursday.

🚨There are less than two weeks left to secure tickets for our Washington, D.C., networking event steps away ShmooCon! I hope you’ll join me and several cybersecurity trailblazers pushing for diversity and inclusion in the industry.🚨

The New York Times: Biden signed an executive order on cryptocurrency that could set the stage for a major policy overhaul — or even a U.S. central bank digital currency that would take after “stablecoins.”

Ars Technica: The so-called “Dirty Pipe” vulnerability poses one of the biggest threats to Linux systems in years. One open-source security expert told Ars security editor Dan Goodin the bug is “about as severe as it gets for a local kernel vulnerability.”

 space
A broadband data satellite is pictured in orbit. A recent cyberattack reportedly interfered with broadband satellite internet service in Ukraine. Steve Jurvetson/Flickr

Reuters: U.S. telecommunications Viasat faced a significant cyberattack late last month that knocked thousands of customer modems offline in Europe. The NSA is joining several international partners to investigate the hack of satellite equipment that just so happened to disrupt internet access to swaths of Ukraine. (It’s not yet clear if Russia is responsible.

A message from Synack

Does your penetration testing meet compliance requirements? Synack recently announced it received Moderate “In Process” status from FedRAMP, meaning even more US departments, agencies and contractors can utilize its global network of elite ethical hackers for on-demand, around-the-clock pentesting. Find out more here.

Flash memory

On Feb. 2, 2010, then-Director of National Intelligence Dennis Blair testified before the Senate Select Committee on Intelligence about the “far-reaching impact of the cyber threat,” which topped the U.S. intelligence community’s annual threat assessment for the first time ever that year.

“Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication,” Blair warned at the time. “While both the threats and technologies associated with cyberspace are dynamic, the existing balance in network technology favors malicious actors, and is likely to continue to do so for the foreseeable future.”

His forecast wasn’t far off the mark: Cybersecurity would top eight of the next ten annual threat assessments, with two exceptions for terrorism and one bye year in 2020 when the Trump administration didn’t issue an unclassified report.

In this year’s assessment — which current DNI Avril Haines presented to lawmakers last week — China tops the list of strategic threats facing the U.S. But cyber is a major part of the risk Beijing poses: “We assess that China presents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private sector networks,” the report concludes. That includes “almost certainly” having the ability to disrupt U.S. critical infrastructure like pipelines or rail systems, the threat assessment says.

Local files

StateScoop: Suspected Chinese hackers successfully breached government networks in at least six U.S. states, according to research from cybersecurity firm Mandiant. The APT41 threat group even used the splashy Log4j vulnerability to carry out part of its latest hacking campaign, Mandiant said.

Decipher: A REvil ransomware gang member alleged to have launched a damaging 2021 attack on U.S. IT management company Kaseya arrived in a Dallas courtroom to face charges of damaging protected computers, conspiring to commit fraud and money laundering. Yaroslav Vasinskyi, 22, was extradited from Poland.

Off-script

Researchers have discovered the stunningly well-preserved wreck of the Endurance — explorer Ernest Shackleton’s 144-foot vessel that sank off the coast of Antarctica over a hundred years ago —deep below the icy waters of the Weddell Sea.

The incredible images and video gathered by the Endurance22 expedition sent me down a Wikipedia rabbit hole, where I learned about Shackleton’s heroic exploits saving his entire crew after the Endurance was trapped and eventually crushed by pack ice.

 duck
Ernest Shackleton encounters an albatross. Wikimedia Commons

That’s it for this week! Please send any tips, feedback or cyberunexpected happenings to bsobczak@synack.com.