Cyberwar is a form of conflict conducted in the digital realm, where nations, organizations, or individuals use cyberattacks and cyber espionage to achieve strategic goals or gain an advantage over their adversaries. Here's a detailed description of the topic:
1. **Definition**: Cyberwar refers to the use of computer-based techniques and tactics to disrupt, damage, or gain unauthorized access to computer systems, networks, and critical infrastructure, often with the intent to exert influence, espionage, or conduct acts of aggression against an adversary.
2. **Goals and Objectives**:
- **Espionage**: One primary objective of cyberwarfare is to gather intelligence by infiltrating the computer networks of other nations, organizations, or individuals.
- **Disruption**: Cyberwarfare can be used to disrupt critical infrastructure, such as power grids, transportation systems, or financial institutions, causing chaos and economic damage.
- **Destruction**: In some cases, cyberattacks may aim to destroy data, systems, or capabilities, causing long-term damage.
- **Psychological Operations**: Cyberwarfare can be used for psychological operations (PsyOps) to manipulate public opinion or create fear and uncertainty.
3. **Methods**:
- **Malware**: The use of malicious software like viruses, worms, Trojans, and ransomware to compromise systems.
- **Phishing**: Deceptive emails or websites that trick individuals into revealing sensitive information like passwords.
- **Denial of Service (DoS) and Distributed Denial of Service (DDoS)** attacks: Overwhelming a target's network or website to render it inaccessible.
- **Advanced Persistent Threats (APTs)**: Long-term, targeted attacks aimed at stealing information or controlling systems.
- **Zero-Day Exploits**: Exploiting vulnerabilities in software or hardware that are not yet known to the vendor.
4. **Attribution Challenges**: Determining the source of cyberattacks can be difficult due to the use of proxy servers, false flags, or the involvement of non-state actors.
5. **International Laws and Norms**: The legal framework for cyberwar is still evolving. Nations are working to establish rules and norms governing state behavior in cyberspace.
6. **Escalation and Deterrence**: The use of cyberweapons raises concerns about escalation and deterrence. The lack of clear boundaries in cyberspace can lead to unintended consequences.
7. **Notable Examples**:
- Stuxnet: A computer worm allegedly developed by the United States and Israel to sabotage Iran's nuclear program.
- NotPetya: A ransomware attack in 2017 that caused widespread damage, initially believed to be a cyberattack by Russia against Ukraine.
- SolarWinds: A supply chain attack discovered in 2020, attributed to Russian hackers, which compromised numerous U.S. government and private sector.
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
This week’s news is dominated by fall-out and reaction from last week’s WannaCrypt/WannaCry attacks, of course, but other open source and cybersecurity stories you won’t want to miss, including an important open source ruling that confirms the enforceability of dual licensing, what New York’s new cybersecurity regulations mean for Financial Services and
the PATCH Act and the creation of a vulnerabilities equities process
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
The Biggest Cyber and Physical Security Threats to Critical Infrastructure by Fas Mosleh, ex-HP, ex-IBM, ex-Broadcom. Discusses how critical infrastructure can be compromised by physical and security threats. Critical infrastructure refers to the systems, facilities, and networks that are essential to the functioning of a society and its economy. These are the assets that, if damaged or disrupted, could have a significant impact on public health and safety, economic security, and national security. Social engineering: This involves manipulating people into divulging sensitive information or taking actions that compromise security. Phishing is a primary example of such manipulation and is still one of the most prevalent types of attack. According to the 2021 Data Breach Investigations Report by Verizon, phishing was involved in 36% of all data breaches, making it the top threat action in the report. Phishing attacks are also becoming increasingly sophisticated and targeted, with attackers using social engineering tactics to trick victims into divulging sensitive information or downloading malware. This can include impersonating trusted individuals or organizations, creating convincing fake websites or emails, and using urgent or threatening language to pressure victims into taking action.
According to the 2021 State of the Phish Report by Proofpoint, 75% of organizations surveyed reported being targeted by phishing attacks in 2020, and 59% of those attacks were successful in compromising at least one user account or system. The report also found that COVID-19 related phishing attacks were particularly prevalent in 2020, taking advantage of the pandemic to trick victims into providing personal information or downloading malware.
5. Distributed denial of service (DDoS) attacks: These attacks flood a system with traffic, overwhelming it and causing it to crash or become unavailable.
6. Advanced persistent threats (APTs): APTs are sophisticated, long-term attacks that target specific organizations and can involve multiple stages of infiltration and exfiltration.
According to the 2023 CrowdStrike Global Threat Report, An uptick in social engineering tactics targeting human interactions – Tactics such as vishing direct victims to download malware and SIM swapping to circumvent multi-factor authentication (MFA).
Cyberwar is a form of conflict conducted in the digital realm, where nations, organizations, or individuals use cyberattacks and cyber espionage to achieve strategic goals or gain an advantage over their adversaries. Here's a detailed description of the topic:
1. **Definition**: Cyberwar refers to the use of computer-based techniques and tactics to disrupt, damage, or gain unauthorized access to computer systems, networks, and critical infrastructure, often with the intent to exert influence, espionage, or conduct acts of aggression against an adversary.
2. **Goals and Objectives**:
- **Espionage**: One primary objective of cyberwarfare is to gather intelligence by infiltrating the computer networks of other nations, organizations, or individuals.
- **Disruption**: Cyberwarfare can be used to disrupt critical infrastructure, such as power grids, transportation systems, or financial institutions, causing chaos and economic damage.
- **Destruction**: In some cases, cyberattacks may aim to destroy data, systems, or capabilities, causing long-term damage.
- **Psychological Operations**: Cyberwarfare can be used for psychological operations (PsyOps) to manipulate public opinion or create fear and uncertainty.
3. **Methods**:
- **Malware**: The use of malicious software like viruses, worms, Trojans, and ransomware to compromise systems.
- **Phishing**: Deceptive emails or websites that trick individuals into revealing sensitive information like passwords.
- **Denial of Service (DoS) and Distributed Denial of Service (DDoS)** attacks: Overwhelming a target's network or website to render it inaccessible.
- **Advanced Persistent Threats (APTs)**: Long-term, targeted attacks aimed at stealing information or controlling systems.
- **Zero-Day Exploits**: Exploiting vulnerabilities in software or hardware that are not yet known to the vendor.
4. **Attribution Challenges**: Determining the source of cyberattacks can be difficult due to the use of proxy servers, false flags, or the involvement of non-state actors.
5. **International Laws and Norms**: The legal framework for cyberwar is still evolving. Nations are working to establish rules and norms governing state behavior in cyberspace.
6. **Escalation and Deterrence**: The use of cyberweapons raises concerns about escalation and deterrence. The lack of clear boundaries in cyberspace can lead to unintended consequences.
7. **Notable Examples**:
- Stuxnet: A computer worm allegedly developed by the United States and Israel to sabotage Iran's nuclear program.
- NotPetya: A ransomware attack in 2017 that caused widespread damage, initially believed to be a cyberattack by Russia against Ukraine.
- SolarWinds: A supply chain attack discovered in 2020, attributed to Russian hackers, which compromised numerous U.S. government and private sector.
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
This week’s news is dominated by fall-out and reaction from last week’s WannaCrypt/WannaCry attacks, of course, but other open source and cybersecurity stories you won’t want to miss, including an important open source ruling that confirms the enforceability of dual licensing, what New York’s new cybersecurity regulations mean for Financial Services and
the PATCH Act and the creation of a vulnerabilities equities process
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
The Biggest Cyber and Physical Security Threats to Critical Infrastructure by Fas Mosleh, ex-HP, ex-IBM, ex-Broadcom. Discusses how critical infrastructure can be compromised by physical and security threats. Critical infrastructure refers to the systems, facilities, and networks that are essential to the functioning of a society and its economy. These are the assets that, if damaged or disrupted, could have a significant impact on public health and safety, economic security, and national security. Social engineering: This involves manipulating people into divulging sensitive information or taking actions that compromise security. Phishing is a primary example of such manipulation and is still one of the most prevalent types of attack. According to the 2021 Data Breach Investigations Report by Verizon, phishing was involved in 36% of all data breaches, making it the top threat action in the report. Phishing attacks are also becoming increasingly sophisticated and targeted, with attackers using social engineering tactics to trick victims into divulging sensitive information or downloading malware. This can include impersonating trusted individuals or organizations, creating convincing fake websites or emails, and using urgent or threatening language to pressure victims into taking action.
According to the 2021 State of the Phish Report by Proofpoint, 75% of organizations surveyed reported being targeted by phishing attacks in 2020, and 59% of those attacks were successful in compromising at least one user account or system. The report also found that COVID-19 related phishing attacks were particularly prevalent in 2020, taking advantage of the pandemic to trick victims into providing personal information or downloading malware.
5. Distributed denial of service (DDoS) attacks: These attacks flood a system with traffic, overwhelming it and causing it to crash or become unavailable.
6. Advanced persistent threats (APTs): APTs are sophisticated, long-term attacks that target specific organizations and can involve multiple stages of infiltration and exfiltration.
According to the 2023 CrowdStrike Global Threat Report, An uptick in social engineering tactics targeting human interactions – Tactics such as vishing direct victims to download malware and SIM swapping to circumvent multi-factor authentication (MFA).
Check Point Research outlines a new hacktivism model currently being observed across the world. Five traits define the current form of hacktivism according to researchers the following: ideology of politics and leadership structure formal recruitment, sophisticated tools, and public relations. CPR provides the hacktivist group Killnet to illustrate the current model, describing the attacks it has carried out by country as well as an the timeline of attacks. CPR is concerned that hacktivism which originates from conflict-related regions could spread across the globe.
• Prior to that, hacktivists were mostly focused on a handful of individuals who carried smaller-scale DDoS as well as defacement and DDoS attacks
• Today, hacktivism is more structured, well-organized and sophisticated.
• CPR believes that the new form of hacktivism started in conflict areas of Europe's Middle East and Eastern Europe and spread to other areas by 2022.
Check Point Research (CPR) provides a new definition of hacktivism, which is currently trending globally. Hacktivism under this new style is more organised, well-organized and advanced, in comparison to previous. Hacktivist groups do not consist of just a few individuals who perform small DDoS or defacement attacks on websites with low levels of security. They are organized groups with distinct features previously unknown.
UN session about modern ICT threat landscape.
The session was aimed to introduce recent threats targeting UN agencies and some potential recommendations to improve detection, investigation and understanding of these threats and their goals.
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
● US Critical Infrastructure Sectors as Targets, presented by Charles Brooks, Vice President, Government Relations & Marketing, Sutherland Government Solutions and Chairman of the CompTIA New and Emerging Technologies Committee
Viktor Zhora - Cyber and Geopolitics: Ukrainian factorOWASP Kyiv
Hidden details of some high profile hacks of the last 3 years from the guy, who happens to deal with geopolitical cyber-attacks for a living.
Follow Viktor on Twitter: https://twitter.com/VZhora
Ransomware: Prevention, privacy and your options post-breachGowling WLG
Ransomware (cyber attack software that holds its targets’ data for ransom) has become an increasing danger to businesses and institutions this year.
This presentation will explore the nature and extent of the problem, legal options for and regulatory obligations of victims of ransomware, and emergent insurance options for dealing with the fallout from ransomware attacks.
This presentation outlines the leaps and bounds of Cloud Computing and Risk Management in the age of enormous global data surveillance, whistle blowers, Wikileaks, data leakage and what to do to protect data.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
The June 2016 revelations of the DNC breach by two Russia-based advanced persistent threat groups was only the beginning of a series of strategic leaks and conflicting attribution claims. In a series of “1-2 punches”, we saw attacks designed to breach the target and exfiltrate data reinforced by a campaign to leak information using mouthpieces posing as hacktivists. In this presentation we'll demonstrate techniques used to identify additional malicious infrastructure, evaluate the validity of “faketivists” like the Guccifer 2.0 persona, strengths and gaps in the attribution analysis, and how the adversary might adjust their tactics going forward.
1. Cyber Ethics and Cyber Crime
2. Security in Social Media & Risk of Child Internet
3. Social media in Schools and photo privacy
4. Risk of OSNs and Security, Privacy of Facebook
5. Risk and Security of Social Networking site Facebook and Twitter
6. Risk analysis of Government and Online Transaction
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Check Point Research outlines a new hacktivism model currently being observed across the world. Five traits define the current form of hacktivism according to researchers the following: ideology of politics and leadership structure formal recruitment, sophisticated tools, and public relations. CPR provides the hacktivist group Killnet to illustrate the current model, describing the attacks it has carried out by country as well as an the timeline of attacks. CPR is concerned that hacktivism which originates from conflict-related regions could spread across the globe.
• Prior to that, hacktivists were mostly focused on a handful of individuals who carried smaller-scale DDoS as well as defacement and DDoS attacks
• Today, hacktivism is more structured, well-organized and sophisticated.
• CPR believes that the new form of hacktivism started in conflict areas of Europe's Middle East and Eastern Europe and spread to other areas by 2022.
Check Point Research (CPR) provides a new definition of hacktivism, which is currently trending globally. Hacktivism under this new style is more organised, well-organized and advanced, in comparison to previous. Hacktivist groups do not consist of just a few individuals who perform small DDoS or defacement attacks on websites with low levels of security. They are organized groups with distinct features previously unknown.
UN session about modern ICT threat landscape.
The session was aimed to introduce recent threats targeting UN agencies and some potential recommendations to improve detection, investigation and understanding of these threats and their goals.
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
● US Critical Infrastructure Sectors as Targets, presented by Charles Brooks, Vice President, Government Relations & Marketing, Sutherland Government Solutions and Chairman of the CompTIA New and Emerging Technologies Committee
Viktor Zhora - Cyber and Geopolitics: Ukrainian factorOWASP Kyiv
Hidden details of some high profile hacks of the last 3 years from the guy, who happens to deal with geopolitical cyber-attacks for a living.
Follow Viktor on Twitter: https://twitter.com/VZhora
Ransomware: Prevention, privacy and your options post-breachGowling WLG
Ransomware (cyber attack software that holds its targets’ data for ransom) has become an increasing danger to businesses and institutions this year.
This presentation will explore the nature and extent of the problem, legal options for and regulatory obligations of victims of ransomware, and emergent insurance options for dealing with the fallout from ransomware attacks.
This presentation outlines the leaps and bounds of Cloud Computing and Risk Management in the age of enormous global data surveillance, whistle blowers, Wikileaks, data leakage and what to do to protect data.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
The June 2016 revelations of the DNC breach by two Russia-based advanced persistent threat groups was only the beginning of a series of strategic leaks and conflicting attribution claims. In a series of “1-2 punches”, we saw attacks designed to breach the target and exfiltrate data reinforced by a campaign to leak information using mouthpieces posing as hacktivists. In this presentation we'll demonstrate techniques used to identify additional malicious infrastructure, evaluate the validity of “faketivists” like the Guccifer 2.0 persona, strengths and gaps in the attribution analysis, and how the adversary might adjust their tactics going forward.
1. Cyber Ethics and Cyber Crime
2. Security in Social Media & Risk of Child Internet
3. Social media in Schools and photo privacy
4. Risk of OSNs and Security, Privacy of Facebook
5. Risk and Security of Social Networking site Facebook and Twitter
6. Risk analysis of Government and Online Transaction
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
1. An Analysis of the
Russia/Ukraine Conflict
03/17/2022
TLP: WHITE, ID# 202203171300
2. Agenda
2
• Russo-Ukrainian War: A Timeline
• Roots of the Conflict
• The World Responds…
• … As Does Hacktivist Group Anonymous…
• …And the Conti RaaS Group
• Russian Attacks on Healthcare in Recent
History: NotPetya
• Russian Attacks on Healthcare in Recent
History: FIN12
• Russian Attacks on Healthcare in Recent
History: Ryuk
• Russian Cyber Operations Against Ukraine
• HermeticWiper
• WhisperGate
• Potential Impact on the U.S. HPH
• Best Practices and Mitigations
• Russian Tactics, Techniques, Procedures
Non-Technical: Managerial, strategic and high-
level (general audience)
Technical: Tactical / IOCs; requiring in-depth
knowledge (sysadmins, IRT)
Slides Key:
3. 3
• 2014 Action in Crimea
o The Russian military crossed into Ukrainian territory after an uprising replaced the Russia-friendly
Ukrainian president with a pro-Western government.
o Russia then annexed Crimea and inspired a separatist movement in the east.
o Although a cease-fire was negotiated in 2015, fighting continued.
• Tensions escalate again in October 2021
o Russia began moving troops and military equipment (including armor, missiles, and other heavy
weaponry) near its border with Ukraine with no explanation.
• 2022 Conflict
o On February 24, Russia invaded Ukraine. In response, Ukraine declared a 30-day state of emergency
as cyberattacks knocked out government institutions and Ukrainian President Volodymyr Zelenskyy
declared martial law. The foreign minister called the attacks “a full-scale invasion” and called on the
world to “stop Putin.”
Russo-Ukrainian War: A Timeline
4. 4
• Complicated topic impossible to fully cover or
explain here.
• Russia considers Ukraine within its sphere of
influence and has grown unnerved at Ukraine’s
closeness with the West, as well as the prospect
that the country might join NATO or the European
Union. Some Russian political figures view
Ukrainian sovereignty as illegitimate or as a
relatively recent invention.
• Putin said he was acting after receiving a plea for
assistance from leaders of Russian-backed
separatist territories, citing false accusations.
• Putin claimed that his goal was to protect people
subjected to bullying and genocide and aimed for
the "demilitarization and de-Nazification" of
Ukraine.
Roots of the Conflict
6. 6
• On February 24, members of Anonymous announced on Twitter that they would be launching attacks
against the Russian government.
• The hacktivists defaced some local government websites in Russia and temporarily took down others,
including the website of Russian news outlet RT.
• The group claimed on February 25 that it would leak login credentials for the Russian Ministry of Defense
website.
… As Does Hacktivist Group Anonymous
7. 7
• On February 25, the Conti RaaS group announced it was supporting Russia and the Russian people.
• Conti is well known to hit organizations where IT outages can have life-threatening consequences, including
HPH organizations. The group is connected to more than 400 cyberattacks worldwide, approximately 300 of
which were against U.S.-based organizations. Demands can be as high as $25 million.
• Conti later walked back the statement after receiving criticism from members and the cybercriminal
community.
• A Ukrainian nationalist member of the RaaS group leaked internal chats, source code, and stolen data in
retaliation.
• “Greetings,” one tweet began. “Here is a friendly heads-up that the Conti gang has lost its s****.” The
message included a link that would allow anyone to download almost two years of private chats. “We
promise it is very interesting,” the tweet added.
…And the Conti RaaS Group
8. 8
• NotPetya ransomware is an evolved strain of the
Petya ransomware.
• Ransomware is malware where the threat actors
make sure that essential files are encrypted so
they can ask for large ransom amounts.
• It is more noteworthy due to a few major tweaks,
one being the use of EternalBlue – a Windows
Server Message Block (SMB) exploit, in which the
attack method is the same exploit that allowed
WannaCry to spread so rapidly. It is also combined
with password-harvesting tools based on Mimikatz,
which allowed NotPetya to propagate between
devices in a wormable fashion, spreading across
businesses and corporate networks even without
human interaction.
• NotPetya made it so that it was technically
impossible to recover the victim’s files after the
payload had been executed.
• Initially launched against Ukraine in June 2017.
• Subsequently spread globally, disrupting
operations at a major U.S. pharmaceutical
company, a major U.S. health care
communications company and U.S. hospitals.
Russian Attacks on Healthcare in Recent History: NotPetya
9. 9
• FIN12 is a Russian-speaking cybercriminal
group known to target hospitals and health care
groups across North America using
ransomware.
• Annual revenue of more than $300 million.
• One in five of FIN12’s victims are healthcare
groups; FIN12 is responsible for multiple major
attacks on the U.S. healthcare system.
• The group remains focused purely on
ransomware, moving faster than its peers and
hitting big targets/high-revenue victims.
• For more information on FIN12, consult HC3’s
threat brief from December 2021:
o Threat Brief 12/02/2021: FIN12 as a
Threat to Healthcare
Russian Attacks on Healthcare in Recent History: FIN12
10. 10
• Ryuk is one of the first ransomware variants to include the ability to identify and encrypt network drives
and resources, as well as delete shadow copies on the endpoint.
o Attackers can disable Windows System Restore for users, making it impossible to recover from an
attack without external backups or rollback technology.
• Since 2018, the Ryuk ransomware attack has wreaked havoc on at least 235 hospitals and inpatient
psychiatric facilities, as well as dozens of other healthcare facilities.
o The result: suspended surgeries, delayed medical care, and the loss of millions of dollars (as of
June 2021).
• HC3’s previous coverage of Ryuk can be found at:
o Threat Brief 04/08/2021: Ryuk Variants
o Threat Brief 11/12/2020: Trickbot and Ryuk
o Threat Brief 01/30/2020: Ryuk Update
Russian Attacks on Healthcare in Recent History: Ryuk
12. 12
• HermeticWiper is a new form of disk-wiping
malware that was used to attack organizations in
Ukraine shortly before the launch of the Russian
invasion.
• Some quick facts about the HermeticWiper:
o It leverages a signed driver, which is used to
deploy a wiper that targets Windows devices,
manipulating the master boot record in such
a way that causes boot failure.
o It uses a digital certificate issued under the
Cyprus-based company called “Hermetica
Digital Ltd” – which is a company that likely
does not exist or is not operational if it does.
o The certificate is valid as of April 2021, but it
does not appear to be used to sign any files.
HermeticWiper
13. 13
• WhisperGate is a new form of disk-wiping malware that is believed to operate in three stages/parts:
o A bootloader that corrupts detected local disks
o A Discord-based downloader
o A file wiper
• WhisperGate has been observed attacking organizations in Ukraine shortly before the launch of the
Russian invasion on February 24, 2022.
• The WhisperGate bootloader complements its file-wiper counterpart. Both irrevocably corrupt the victim’s
data and attempt to disguise themselves as ransomware operations.
• More about HermeticWiper and WhisperGate can be found in the HC3 Sector Alert published on March 1,
2022, entitled The Russia-Ukraine Cyber Conflict and Potential Threats to the US Health Sector.
WhisperGate
14. 14
• Three concerns:
o That hospitals and health systems may be targeted directly by Russian-sponsored cyber actors.
o That hospitals and health systems may become incidental victims of Russian-deployed malware or
destructive ransomware.
o That a cyberattack could disrupt hospitals' services.
Potential Impact on US HPH
15. 15
• Be prepared.
o Confirm reporting processes and minimize personnel gaps in IT/OT security coverage.
• Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations
plan so that critical functions and operations can be kept running if technology systems are disrupted or
need to be taken offline. Hospitals and health systems should implement 4- to 6-week business continuity
plans and well-practiced downtime procedures.
• Enhance your organization’s cyber posture.
o Follow best practices for identity and access management, protective controls and architecture, and
vulnerability and configuration management.
o Increase staff awareness of the greater risk for receiving malware-laden phishing emails.
o Check network and data backups and make sure that multiple copies exist – off-line, network
segmented, on-premises, and in the cloud, with at least one immutable copy.
• Geo-fencing for all inbound and outbound traffic originating from, and related to, Ukraine and its
surrounding region, as well as identifying all internal and third-party mission-critical clinical and operational
services and technology. SANS is offering tips on how to do this: Geoblocking When You Can’t Geoblock.
• Increase organizational vigilance. Stay current on reporting on this threat.
• Check out CISA’s Shields-Up for more information on guidance, mitigations, and reporting on malicious
activity that may be associated with the conflict.
Best Practices and Mitigations
16. 16
• Russian state-sponsored advanced persistent threat (APT) actors have used common but effective
tactics—including spear phishing, brute force, and exploiting known vulnerabilities against accounts and
networks with weak security—to gain initial access to target networks.
• Vulnerabilities known to be exploited by Russian state-sponsored APT actors for initial access include:
o CVE-2018-13379 FortiGate VPNs
o CVE-2019-1653 Cisco router
o CVE-2019-2725 Oracle WebLogic Server
o CVE-2019-7609 Kibana
o CVE-2019-9670 Zimbra software
o CVE-2019-10149 Exim Simple Mail Transfer Protocol
o CVE-2019-11510 Pulse Secure
o CVE-2019-19781 Citrix
o CVE-2020-0688 Microsoft Exchange
o CVE-2020-4006 VMWare (note: this was a zero-day at time.)
o CVE-2020-5902 F5 Big-IP
o CVE-2020-14882 Oracle WebLogic
o CVE-2021-26855 Microsoft Exchange (Note: this vulnerability is frequently observed used in
conjunction with CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065)
Russian Tactics, Techniques, Procedures
18. 18
• Barr, Luke and Mallin, Alexander. “DOJ official warns companies 'foolish' not to shore up cybersecurity amid
Russia tensions,” 17 February 2022. ABC News. https://abcnews.go.com/Politics/doj-official-warns-
companies-foolish-shore-cybersecurity-amid/story?id=82959520.
• Constantin, Lucian. “Conti gang says it's ready to hit critical infrastructure in support of Russian
government,”CSOOnline 25 February 2022. https://www.csoonline.com/article/3651498/conti-gang-says-its-
ready-to-hit-critical-infrastructure-in-support-of-russian-government.html.
• Duell, Mark. “Russia sanctioned by the world: How world leaders putting the financial thumbscrews on Putin
have done nothing to halt his forces rampaging across Ukraine... as India and China refuse to stop trading,”
DailyMail. 25 February 2022. https://www.dailymail.co.uk/news/article-10550811/How-Russia-sanctioned-
world-Ukraine-invasion.html.
• “Conflict in Ukraine,” Council on Foreign Relations. 8 March 2022. https://www.cfr.org/global-conflict-
tracker/conflict/conflict-ukraine.
• Greig, Jonathan. “Anonymous hacktivists, ransomware groups get involved in Ukraine-Russia Conflict,”
ZDNet. 25 February 2022. https://www.zdnet.com/article/anonymous-hacktivists-ransomware-groups-get-
involved-in-ukraine-russia-conflict/.
• Gwengoat. “Ukraine vs Russia stock photo,” iStock. 25 June 2019.
https://www.istockphoto.com/photo/ukraine-vs-russia-gm1158059333-316205199.
• Henderson, Jennifer. “Watch Out for Cyberattacks Following Russia's Invasion of Ukraine,” MedPage
Today. 25 February 2022.https://www.medpagetoday.com/special-
reports/exclusives/97385#:~:text=Since%202018%2C%20the%20Ryuk%20ransomware,Street%20Journal
%20reported%20last%20June.
References
19. 19
• Hickman, Richard. “Conti Ransomware Gang: An Overview,” Unit42. 18 June 2021.
https://unit42.paloaltonetworks.com/conti-ransomware-gang/.
• Ilascu, Ionut. “FIN12 hits healthcare with quick and focused ransomware attacks,” Bleeping Computer. 7
October 2021. https://www.bleepingcomputer.com/news/security/fin12-hits-healthcare-with-quick-and-
focused-ransomware-attacks/.
• Kirby, Paul. “Why has Russia invaded Ukraine and what does Putin want?,” BBC News. 7 March 2022.
https://www.bbc.com/news/world-europe-56720589.
• Ma, Alexandra. “Switzerland breaks neutral status to sanction Russia over Ukraine invasion,” Business
Insider. 28 February 2022. https://www.businessinsider.com/switzerland-sanctions-russia-breaks-neutral-
status-ukraine-invasion-2022-2.
• Matt. “Scared Hamster,” Know Your Meme. 29 January 2019. https://knowyourmeme.com/memes/scared-
hamster.
• McKeon, Jill. “AHA: Russia’s Invasion of Ukraine Could Lead to Healthcare Cyberattacks,” Health IT
Security. 22 February 2022. https://healthitsecurity.com/news/aha-russias-invasion-of-ukraine-could-lead-to-
healthcare-cyberattacks.
• Miller, Maggie. “Russian-speaking hacking group scaling up ransomware attacks on hospitals,” The Hill. 7
October 2021. https://thehill.com/policy/cybersecurity/575787-russian-speaking-hacking-group-scaling-up-
ransomware-attacks-on?rl=1.
• Pitrelli, Monica Buchanan. “Global hacking group Anonymous launches ‘cyber war’ against Russia,” CNBC.
1 March 2022. https://www.cnbc.com/2022/03/01/how-is-anonymous-attacking-russia-disabling-and-
hacking-websites-.html.
References
20. 20
• “Russia-Ukraine War,” The New York Times. 8 March 2022. https://www.nytimes.com/news-event/ukraine-
russia.
• Riley, Charles. “What is SWIFT and how is it being used against Russia?,” CNN. 28 February 2022.
https://www.cnn.com/2022/02/28/business/swift-sanctions-explainer/index.html.
• “Ryuk ransomware,” Malwarebytes. n.d. https://www.malwarebytes.com/ryuk-ransomware.
• Shepherd, Adam. “What is NotPetya?,” ITPro. 8 October 2021. https://www.itpro.com/malware/34381/what-
is-notpetya.
• Temple-Raston, Dina. “Inside Conti leaks: The Panama Papers of ransomware,” The Record. 8 March
2022. https://therecord.media/conti-leaks-the-panama-papers-of-ransomware/.
• “The Russia-Ukraine Cyber Conflict and Potential Threats to the US Health Sector,” HC3: Analyst Note,
202203011700 (1 March 2022): 1-10. https://www.hhs.gov/sites/default/files/russia-ukraine-cyber-conflict-
analyst-note-tlpwhite.pdf
• Toh, Ardan. “Ryuk Ransomware,” Proficio. n.d. https://www.proficio.com/ryuk-ransomware/.
• “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure,”
CISA. 11 January 2022. https://www.cisa.gov/uscert/ncas/alerts/aa22-011a.
References
22. 22
Questions
Upcoming Briefs
• 4/7 – BazarBackdoor as a Threat to the U.S. Health
Sector
• 4/21 – Insider Threats and the Healthcare Industry
Requests for Information
Need information on a specific cybersecurity
topic? Send your request for information
(RFI) to HC3@HHS.GOV.
Product Evaluations
Recipients of this and other Healthcare Sector
Cybersecurity Coordination Center (HC3) Threat
Intelligence products are highly encouraged to provide
feedback. If you wish to provide feedback, please
complete the HC3 Customer Feedback Survey.
Disclaimer
These recommendations are advisory and are
not to be considered as Federal directives or
standards. Representatives should review and
apply the guidance based on their own
requirements and discretion. HHS does not
endorse any specific person, entity, product,
service, or enterprise.
23. 23
About Us
HC3 works with private and public sector partners to improve cybersecurity
throughout the Healthcare and Public Health (HPH) Sector
Sector & Victim Notifications White Papers
Direct communications to victims or
potential victims of compromises,
vulnerable equipment or PII/PHI theft,
as well as general notifications to the
HPH about current impacting threats
via the HHS OIG.
Document that provides in-depth
information on a cybersecurity topic to
increase comprehensive situational
awareness and provide risk
recommendations to a wide audience.
Threat Briefings & Webinar
Briefing presentations that provide
actionable information on health sector
cybersecurity threats and mitigations.
Analysts present current cybersecurity
topics, engage in discussions with
participants on current threats, and
highlight best practices and mitigation
tactics.
Need information on a specific cybersecurity topic, or want to join our Listserv? Send your request for information (RFI) to
HC3@HHS.GOV,or visit us at www.HHS.Gov/HC3.
Products