Robin’s Newsletter #202

1 May 2022. Volume 5, Issue 18
Conti ransomware gang targets Costa Rica following election. Timeline of Russian cyberatacks against Ukraine. Facebook doesn't know where your data flows.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

Another shorter edition this week because I’m still on vacation.

This week

Conti vs Costa Rica

The Conti Ransomware gang has been targeting systems of the Costa Rican government in a move that outgoing president, Carlos Alvarado Quesada, says is designed to “threaten the stability of the country in a transition situation.” The attack on Junta Administrativa del Servicio Eléctrico de Cartago (JASEC), a company that runs electricity for the city of Cartago with a population of 160,000, is the seventh state or municipal organisation to be hit. A ransom demand of $10 million has been made by the cybercriminal group

reuters.com, therecord.media

Microsoft report on Russian cyberattacks against Ukraine

Microsoft has published a special report detailing an ‘overview of Russia’s cyberattack activity in Ukraine’. It says that there have been 237 operations which have been conducted in parallel with the physical attacks against Ukraine. “Nearly 40” of these have been destructive ‘wiper’ attacks designed to permanently disable computer systems.

A timeline of military strikes and cyberattacks launched by Russian forces against Ukraine from late February to early April 2022 that shows the alignment between physical and digital attacks (Source: Microsoft)

arstechnica.com, microsoft.com (PDF)

Like ‘pouring ink in a lake,’ Facebook documents admits doesn’t know where your data flows

A leaked report admits that Facebook has no idea where your data goes within its systems. “We’ve built systems with open borders,” the report says, meaning that “[we] can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’”

The report highlights a “tsunami of inbound regulations that all carry massive uncertainty” and goes on to estimate that approximately 600 engineering years of effort are required to address the open architecture and working practices that underpin Facebook’s Ads business.

vice.com

Interesting stats

7x the total costs in responding and recovering to a ransomware attack, compared to the ransom, with a typical demand equating to 2.9% of revenue on average, ranging from 5% for smaller organisations and dropping to 0.7% of revenue as this rises, according to CheckPoint bleepingcomputer.com

In brief

  • Someone has sabotaged French fibre-optic cables by cutting both ends of links around the country and leaving some areas without Internet connectivity cyberscoop.com
  • NCSC are making WebCheck and MailCheck services available to schools in the UK ncsc.gov.uk
  • Google has launched its own ‘privacy nutrition labels’ on the Google Play Store. Obviously, given Google’s advertising-led business model, the labels focus less on the data shared and more on the trustworthiness of the recipient of the data techcrunch.com
  • Google will now also remove personal info, including bank details, government ID, contact information and credentials, from Google Search when requested (h/t Helen) blog.google
  • The United Nations is to enter into the next phase of discussions on Russia’s proposal to establish ‘cyber norms’ at the end of May. While Russia is facing isolation or indifference for actions in Ukraine, this proposal was co-sponsored by seven other states, including China, with higher restrictions on free speech. The proposal seeks to give ‘total control’ over the internet to crack down on “unlawful acts motivated by political, ideological, social, racial, ethnic, or religious hatred”. A US-led proposal is also working its way through the UN diplomatic machinery cyberscoop.com
  • The US State Department is offering a $10 million bounty on information relating to six individuals believed to be part of the Sandworm group of Russia’s GRU military intelligence agency cyberscoop.com
  • India is introducing a six-hour cyber incident reporting requirement for IT service providers and government agencies that experience one of twenty different types of incidents. The rules come into force in just 60 days theregister.com
  • The US state of Connecticut moves closer to passing data privacy legislation therecord.media
  • Privileged replication user of Azure Database for PostgreSQL could be abused to access other databases within the same region @dcuthbert
  • An interesting read here on how to calculate the efficacy of different layers of email protection and how they are performing over time csoonline.com
Robin

  Robin's Newsletter - Volume 5

  Privacy nutrition labels Conti Cost Rica Election Cyber-norms Sabotage Ransomware Russia Ukraine Facebook Data protection Privacy