iMyFone LockWiper

iMyFone LockWiper

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

FULL VERSION + CRACK
Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK
Internet Download Manager (IDM)

Internet Download Manager (IDM)

Push your Internet connection to the limits and cleverly organize or synchronize download processes with this powerful application

FULL VERSION + CRACK

IT News

Dec 13
Cisco rolls out its Silicon One plan, 8000 Series carrier-class routers and aims at selling chips to whitebox or hyperscale developers
Dec 12
From SD-WAN and cloud interconnection to security, the edge will be one active place in 2020
Dec 12
IoT and blockchain may be a natural fit, but it will still take five to 10 years before kinks are worked out and the two technologies can reach their full potential, according to Gartner.
Dec 11
By manipulating the voltage of Intel CPUs that use SGX, researchers can extract sensitive data, including full RSA encryption keys, from memory using the Plundervolt vulnerability.
Dec 11
The end of support in January for Windows 7 does not mean the end of support for Office 365 ProPlus. Users of the latter will get security updates, but no new features.
Dec 11
This new dual-payload cryptojacking malware can disable Windows Antimalware Scan Interface and inject itself directly into memory of legitimate processes.
Dec 11
Quantum computing is still way out there, but Amazon Web Services is bringing other computing tasks much closer to home.

Categories

A new era of cyber warfare: Russia's Sandworm shows "we are all Ukraine" on the internet

Speakers at this year's CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history.

Wired journalist Andy Greenberg has just released a high-profile book about the group, which he said at the conference is an account of the first full-blown cyberwar led by these Russian attackers. He kicked off the event with a deep dive into Sandworm, providing an overview of the mostly human experiences of the group's malicious efforts.

Sandworm first emerged in early 2014 with an attack on the Ukrainian electric grid that "was a kind of actual cyberwar in progress," Greenberg said. The grid operators in Ukraine watched helplessly as "phantom mouse attacks" appeared on their screens while Sandworm locked them out of their systems, turned off the back up power to their control rooms, and then turned off electricity to a quarter-million Ukrainian civilians, the first ever blackout triggered by hackers.

In late 2016, Sandworm struck the Ukrainian grid again. "It was a quintessential example of a nation-state disruptive attack on an adversary in the midst of a kinetic war," Greenberg said. If it hadn't been for a configuration error in Sandworm's malware, the attack could have been far more devastating. It could have burned down lines or blown up transformers, as Joe Slowik at Dragos recently discovered in his research of the incident, Greenberg pointed out.

Assume what happened in Ukraine will happen elsewhere

This was "the kind of destructive act on the power grid we've never seen before, but we've always dreaded." Even more concerning, "what happens in Ukraine we'll assume will happen to the rest of us too because Russia is using it as a test lab for cyberwar. That cyberwar will sooner or later spill out to the West," Greenberg said. "When you make predictions like this, you don't really want them to come true."

Sandworm's adversarial attacks did spill out to the West in its next big attack, the NotPetya malware, which swept across continents in June 2017 causing untold damage in Europe and the United States, but mostly in Ukraine. NotPetya, took down "300 Ukrainian companies and 22 banks, four hospitals that I'm aware of, multiple airports, pretty much every government agency. It was a kind of a carpet bombing of the Ukrainian internet, but it did immediately spread to the rest of the world fulfilling [my] prediction far more quickly than I would have ever wanted it to," Greenberg said.

The enormous financial costs of NotPetya are still unknown, but for companies that have put a price tag on the attack, the figures are staggering. Shipping giant Maersk, which struggled for months to get back on its feet after watching all its computer screens turn "black, black, black, black, black," in the words of one Maersk employee, pegged the price of the attack at $300 million. Drug company Merck suffered even greater consequences, with an estimated cost of the attack at $870 million. These and other known financial losses, which to date are estimated at $10 billion, should be considered a floor, a minimum measure of the impact of the consequences of NotPetya, Greenberg said, citing former US Department of Homeland Security advisor Tom Bossert.

Sandworm targets political campaigns, global events

Google security researchers Neel Mehta and Billy Leonard offered new and additional insight into Sandworm's activities at the conference. They began digging into Sandworm around the time of the 2017 French elections, when the group started targeting Emmanuel Macron's presidential campaign.

Before Sandworm took over the Russian-state hacking efforts, which Mehta and Leonard pinpoint to April 14, another hacking arm of Russia's main intelligence arm, the GRU, was on the scene and also targeting Macron's campaign. "It's almost like the B team was called to take the ball and go home and they called up the A-team," Leonard said. "The infrastructure, the accounts, everything involved with it. Two very distinct operations."

Then, in the fall and early winter of 2017, Sandworm pivoted to targeting South Korea and a number of organizations related to the Winter Olympics hosted in PyeongChang.  At that point Sandworm began targeting Android phones in an effort to spread malware through a number of infected apps, Mehta and Leonard said.

Their tactic was to take over a number of legitimate apps that were popular in South Korea, such as a bus timetable app. They did so by downloading the legitimate app, backdooring it and then re-uploading it to the place where the legitimate version of the app should be.

Although the purpose of these Android infection attempts is unclear - Mehta and Leonard said no devices were infected by the malware - the last activity of Sandworm in South Korea was in mid-March 2017, an oddity given that the Olympics ended in February of that year.

Russian companies also a target

Sandworm took another turn, however, in the Spring of 2018 when the Google researchers saw the same malware used in domestic targeting of companies that are internal to Russia, including commercial real estate companies, financial institutions and the automotive industry. "You see this group going there, targeting the Olympics, trying to do disruptive attacks against the Olympics, [then] targeting domestic companies within Russia," Leonard said. "That's a fairly large shift."

Next, in the fall of 2018 Sandworm started targeting software developers and mobile application developers, and other developers, primarily based in Ukraine. They succeeded in compromising an application developer, Mehta and Leonard said.

All countries, not just Ukraine, are extremely vulnerable to Sandworm's attacks. Paraphrasing former NSA and CIA Director Michael Hayden, who once said "On the internet, we are all Polands," referring to Germany's easy invasion of the country in World War II, Greenberg said Hayden was off by a few hundred miles. "On the internet, we are all Ukraine."

This story, "A new era of cyber warfare: Russia's Sandworm shows "we are all Ukraine" on the internet" was originally published by CSO.