Weekly News Roundup December 18–22, 2022


Posted on by Kacy Zurkus

Experts from Carnegie Endowment for International Peace pontificated about Russia’s invasion of Ukraine and the evolution of military conflict in the age of cyberwarfare. Of all the cyberattacks Russia has launched on Ukrainian networks, Jon Bateman, Senior Fellow in the Technology and International Affairs Program, said, “Most notably, Russia disrupted the Viasat satellite communications network just before tanks rolled across the border, plausibly hindering Ukraine’s initial defense of Kyiv.”

While many look to the Russia-Ukraine war with fear, uncertainty, and doubt, given the potential threat of elevated cyber war, Bateman said that intelligence collection has been Russia’s main cyber activity. “Overall, the scale of war appears inversely correlated with the strategic impact of cyber operations,” Bateman said. “If this correlation holds, cyberspace should probably not be seen as a ‘fifth domain’ of warfare equivalent in stature to land, sea, air, and space.”

That conclusion may offer a sign of relief for some, but it is certainly not an invitation for security teams to relax their efforts, particularly when it comes to protecting critical infrastructure. TechTarget noted that OT security awareness continues to grow as IoT and ICS continue to be targets of cyberattacks. Yet, as the year comes to a close, we can take comfort in knowing that defenders remain hard at work. According to Infosecurity Magazine, researchers are developing an AI-powered malware detection tool to identify threats to 5G-enabled IIoT.

As Chris Inglis closes out his role as Senior White House Cybersecurity Adviser, I want to share this quote from a piece by Andrea Mijuskovic, Head of Partnerships at CrowdSec, published in The Hacker News: “In today’s interconnected world, a threat to one organization can quickly become a threat to many others, making it essential for businesses and other organizations to share information and work together to stay safe online.”

Mijuskovic’s words are a reminder that we are all stronger together. As I write this final roundup of 2022, the winter solstice is behind us, which means the days, weeks, and months ahead will quite literally be longer and brighter. So, dear readers, I hope that your days are merry and bright. The RSA Conference team wishes you much peace, joy, and happiness in 2023, and we look forward to seeing you all in San Francisco.

Now let’s look at what else made headlines this week.

Dec. 22: A new report from Rezilion identified the top vulnerabilities of 2022, with Pwnkit, Dirty Pipe, and Spring4Shell at the top of the naughty list.

Dec. 21: NBC News reported, “Two of Sam Bankman-Fried’s top business partners — a co-founder of the cryptocurrency exchange FTX and the former CEO of the hedge fund Alameda Research — have pleaded guilty to fraud.”

Dec. 21: The spending bill expected to pass in Congress “includes $43 million for the Multi-State Information Sharing and Analysis Center, which provides threat intelligence, network protection and risk assessment services to thousands of public-sector entities nationwide.”

Dec. 21: BleepingComputer reported, “Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were hacked this month.”

Dec. 20: Two men in Queens, New York, were arrested on charges of conspiracy to commit computer intrusion after working with Russian nationals to hack into the dispatch system of a taxi service.

Dec. 20: SecurityWeek reported, “Ukraine’s Computer Emergency Response Team (CERT-UA) revealed recently that users of the country’s Delta military intelligence program have been targeted with data-stealing malware.”

Dec. 19: A new report published by Orange Cyberdefense found that emerging wealth in the Asia-Pacific and emerging markets are increasingly the target of cybercriminals as “cyber extortion continues to dominate the cybercrime landscape.”

Dec. 19: The Department of Defense officially welcomed its newest subordinate unified command, the Cyber National Mission Force (CNMF).

Dec. 19: ByteDance, the owner of TikTok, has established a subsidiary in Taiwan, though Chinese platforms are not permitted to operate on the island.

Dec. 19: The Head of US Cyber Command and Director of NSA, General Paul Nakasone, said that ahead of the mid-term elections, “We did conduct operations persistently to make sure that our foreign adversaries couldn’t utilize infrastructure to impact us,” Reuters reported.

Dec. 18: Fire and rescue services in Victoria, Australia, suffered a cyberattack resulting in network outages, leaving the department that operates 85 fire and rescue stations across Victoria operating manually.


Contributors
Kacy Zurkus

Senior Content Manager, RSA Conference

RSAC Insights

critical infrastructure cyber warfare & cyber weapons industrial control security infrastructure security privacy cyberattacks patch vulnerability & configuration management identity management & governance authentication access control

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community