My Cart

Close

GO. FIGHT. WIN.

Russia Cyber & Hybrid WarFare.

Donate to Mad Dog

Posted on July 21 2018

 

Full disclosure cyber attacks and cyber security are not my wheelhouse. I am not an expert in this field but I am a genuinely curious individual. I also like to read and learn.  At all times I will link to original source data and embedded various industry and research reports. As you may recall I published a short write up just a few days go, you can read that entry here.

 

“the Red Lights are blinking”

 

With the recent Microsoft disclosures that at least three Congressional campaigns have already been targeted, I think it’s time to go ahead and dive into the vast Ocean of malicious criminal cyber attacks.

  

 

 

Ransomware cryptovirus, cryptotrojan or cryptoworm a type of malicious software designed to block access to a computer system until a sum of money is paid. Evolution of these types of malicious 

Crypto-wormis a type of randsomware, that’s nasty. This is a self-propagating ransomware, the semi-autonomous. That doesn’t need any assistance from humans to spread.

 

WannaCry, North Korea:

By far the most malicious cyber attack, or was it?

 

As always after action reports aka post-mortem reports almost always tend to be filled with an immense amount of data, best practices, vulnerabilities, failure and recommendations to fortify cyber-defense. I know I’ve said this before but it does  make sense to repeat it: Hybrid-war 

 

This April 2018 UK official report of WannaCry:

 

  • Cyber Attack started on May 12 and ended on May 19, 2017
  • Ransomware, holding data hostage until ransom is paid
  • Cyberattacks tend to metriculate through a network, it spreads.
  • Decentralization of a network can bifurcate “infectious” nature.
  • Push the kill-switch but it might be too late.

 

Friday 12 May 2017 a global ransomware attack, known as WannaCry, affected more than 200,000 computers in at least 100 countries. In the UK, the attack particularly affected the NHS, although it was not the specific target.

At 4 pm on 12 May, NHS England declared the cyber attack a major incident and implemented its emergency arrangements to maintain health and patient care. On the evening of 12 May a cyber-security researcher activated a kill-switch so that WannaCry stopped locking devices.

 

 

 

Petya/NotPetya 2017 Russia:

Initially leading cyber security experts thought Petya (circa March 2016) was your run of the mill Randsomware. Whereby an unsuspecting person clicks on an email that has a link and/or an attachment. Unlike other previously known randsomware, which typically encrypted files one by one, Petya essentially locked your entire system. 

For technical aspects of Petya/Not-Petya/GoldenEye, you can read more from Cisco’s TalosIntellegence blog, found here. The US CERT originally published in June 2017 can be found here. February 2018 the White House released a statement that was unambiguous, Petya/NotPetya/GoldenEye = Russia

 

 

CrashOverRide

The distinction of this Cyber attack is this malware was specifically used to target electrical grids, essentially Critical Infrastructure. CrashOverRide lacked one predictable component of previous cyber attacks, nothing in this program sought to  “steal” information aka cyber-Espionage. The sole purpose of CrashOverRide was to “de-energize” electrical sub-stations, matriculate to other power substations. Think of our electrical grid as a complex domino configuration, CrashOverRide only goal was to bring an Eletrical grid to a halt within HOURS. 

Dragos Security detailed The Who/why/what/when/how of CrashOverRide:

The modules in CRASHOVERRIDE are leveraged to open circuit breakers on RTUs and force them into an infinite loop keeping the circuit breakers open even if grid operators attempt to shut them. This is what causes the impact of de-energizing the substations. Grid operators could go back to manual operations to alleviate this issue.

The CRASHOVERRIDE malware appears to have not used all of its functionality and modules, and it appears the Kiev transmission substation targeted in 2016 may have been more of a proof of concept attack than a full demonstration of the capability in CRASHOVERRIDE.

Dragos, Inc. tracks the adversary group behind CRASHOVERRIDE as ELECTRUM and assesses with high conf i dence through conf i dential sources that ELECTRUM has direct ties to the Sandworm team. Our intelligence ICS WorldView customers have received a comprehensive report and this industry report will not get into sensitive technical details but instead focus on information needed for defense and impact awareness.

You can read more about CrashOverRide white paper, found here. The August 2017 paper discusses CrashOverRide and Electrum can be found here.

 If you haven’t figured out why I’m posting these various Cyber attacks...they ALL have one thing in common. The operating system.

MicroSoft 2018 Announcement

In January of 2018 Microsoft published a 21 page paper entitled:

THE TOP 10 TECH ISSUES FOR 2018

 

I now refer you to page 3, paragraph 4, which reads in part:

 

most significantly, 2017 was a year when we started to realize that the ability of state-sponsored hackers to unleash out-sized damage has created a new and perhaps asymmetric international vulnerability for democracy
itself.

Attacks like WannaCry and Not-Petya used digital code as weapons and were akin to military assaults. They call for a new generation of international arms control discussions to address them.

 

 In April of 2018 Microsoft went a step further and announced its NEW initiative:

Microsoft’s Defending Democracy Program

 In their blog entry, Microsoft explains its four goals:

  • Protect campaigns from hackingthrough increased cyber resilience measures, enhanced account monitoring and incident response capabilities;
  • Increase political advertising transparency onlineby supporting relevant legislative proposals such as the Honest Ads Act and adopting additional self-regulatory measures across our platforms;
  • Explore technological solutions to preserve and protect electoral processes and engage with federal, state and local officials to identify and remediate cyber threats; and
  • Defend against disinformationcampaigns in partnership with leading academic institutions and think tanks dedicated to countering state-sponsored computational propaganda and junk news.

 

So it should not have been a surprise that during the Aspen Security event that Microsoft announced that three current Congressional campaigns were targeted:

 

 

Nor should the Justice Department’s newly released Cyber Report should come as   a surprise:

 

 

And it’s not like we haven’t discussed the protracted and surgical precision of these cyber-attacks. Found here and here or the big issue with big data, found here.

 

 

My point is, the Trump Administration has very little to protect our Country from ongoing and persistent cyber-attacks. Lest we forget that nearly a year to the date Trump tweeted this nonsense about America and Russia having a joint cyber task force. No really Trump tweeted this:

 

 

 

Last year Time wrote an excellent article on Trump/Putin (aren’t they one in the same by now) “stable genius” idea to essentially give Putin the keys to America’s cyber infrastructure, you can read Time’s article here.

In conclusion many of my longtime followers know that I’ve quietly monitored and tracked the various cyber-attacks because that’s really where the war is. Specifically the information war has moved to the inter-tubes and yet Donald Trump nor his administration have all but ignored it. Trump beats the drum of manufacturing jobs when the reality is China, Russia, North Korea and Iran are constantly kicking America’s ass on the cyber-war front.

And yet the two questions remain:

What does Russia/Putin have on Trump?

Why does Trump appear to be an actual Russian Asset?

Again it’s not like I’m the only one asking these questions. The cyber-attacks are persistent, yet Trump has not held a single cabinet level meeting, replaced his Cyber Tzar, given ANY direction to our CyberCommand, FBI, NSA, DOD, DIA essentially the entire Federal Alphabet soup, who’s core function is to protect our country if we are being attacked. Again America has and is continuing to be attacked and Trump does nothing. Why?

See this twitter thread from earlier this week, where I drilled down even further

 

While you're here, throw us a bone.

Mad Dog is thrilled to have Spicy in our PAC(k). We are proud to provide a space for her tireless, hard hitting, in-depth investigations. But we can’t do it without you.

Our numbers are growing. Our voices are being heard. Our campaigns are making a difference. Help us, and Spicy, continue to fight the good fight. Consider a donation to help support the work of Mad Dog PAC today.

DONATE