12.04.2022

The 12th of April, Cyber News

IN UKRAINE

Kyivstar expands the list of cybersecurity services for businesses and government agenciesKyivstar Business’s anti-cyber threat services ecosystem includes the Cammvault data protection software solution. It allows you to organize the protection of important corporate information of the company, its backup and recovery. The developments of Commvault are focused on anticipating threats and supporting significant modern workloads in local, cloud, and virtual environments. Such solutions are especially relevant in the context of increased cyber attacks on businesses and government agencies in wartime, namely used for data security, data backup and disaster recovery, cloud storage and recovery (HyperScale X), X hybrid scenario deployment of solutions on one platform – web consoles. In general, mixture of cyber security solutions of Kyivstar also allows you to secure corporate mail, protect web applications from malicious traffic, corporate network from unauthorized users and attackers, company resources and systems from multilevel attacks, filter corporate traffic, analyze user behavior, and provide IT protection for the endpoints of the infrastructure of a company from known and unknown attacks. And the AntiDDoS solution tracks the structure of traffic coming from the Internet in the client’s subnet (resources), and automatically cleans it in case of anomalies. See the link

 

IN RUSSIA

Anonymous hackers had gained access to data from the russian government

#DDoSecrets and published more than 700 GB of russian government data, including more than 500,000 emails. The largest set of data is the Ministry of Culture with a capacity of 446 GB, which determines the state policy on art, cinema, archives, copyright, cultural heritage and censorship. See the link

Roscosmos reported hacking attacks on the site from abroad

“On the eve of the Cosmonautics Day, Roscosmos technical specialists recorded increased activity of foreign hackers trying to hack the state corporation’s website,” – said Dmytro Struhovets, the head of the state corporation’s press service. See the link

Leaks of Conti encrypt source are used for attacks on russian companies

In March 2022, the source code of the malicious software Conti became public and now, apparently, they are being used by other hackers, turning the encryptor against russian companies. According to Bleeping Computer, a hack band NB65 has already adapted Conti sources for its arsenal and is attacking russian organizations. According to the publication, NB65 has been hacking russian organizations for the past month, stealing data and merging it into the network. For example, in March, a hack group claimed to have compromised Tenzor, Roscosmos and VDTRK. For example, hackers wrote that they had stolen 786.2 GB of data from VDTRK, including 900,000 emails and 4,000 other files that had been published on the DDoS Secrets website. Now NB65 has switched to encryption, creating its own malware based on Conti source code, a sample of which was found on VirusTotal. It turned out that almost all security solutions identify this threat as Conti, but Intezer Analyze estimates that only 66% of the same code uses malware. Representatives of NB65 also stated that they support Ukraine and will attack russian companies, including individuals, until all hostilities cease. “We will not attack targets outside of russia. Groups such as Conti and Sandworm, along with other russian APTs, have been attacking the West for years with ransomware and supply chain attacks (SolarWinds, defense contractors). We decided it was time for them to try it for themselves, ”NB65 said. See the link

 

IN THE WORLD

Thoma Bravo agrees $6.9bn deal for cyber security group SailPoint

US private equity group Thoma Bravo is buying cyber security company SailPoint Technologies for $6.9bn, the latest in a flurry of deals that signals the leveraged buyout market is roaring back to life after a pause amid rising volatility and the war in Ukraine. Texas-based SailPoint is used by businesses to give employees secure access to remote working software and to protect cloud computing infrastructure from hackers. In March, Thoma Bravo agreed to the $10.7bn takeover of enterprise software company Anaplan, the first large takeover after Russia invaded Ukraine in late February. See the link

A new cyber bureau has been launched in the United States

The long-awaited bureau is seeking to involve diplomacy in global efforts to combat extortion programs and fraudulent activities of nation states. The new government body will work with three political divisions: International Cyber ​​Security, International Information and Communication Policy and Digital Freedom. The FBI and the Agency for Cyber ​​Security and Infrastructure Security have worked closely with law enforcement and national cybersecurity agencies abroad to coordinate global efforts. However, technology and diplomacy experts say official diplomatic weapons are needed to streamline those efforts. “We can really take the lead here to try to develop rules on what to do and what not to do,” said Brandon Pew, a political adviser on cybersecurity and new threats at R Street. The State Department is also working to establish the Office of the Special Envoy for Critical and Emerging Technology. See the link