The ongoing situation in Ukraine means organisations around the world should be prepared to defend their networks against cyberattacks originating from Russia – although the potential impact of aggressive cyber activity shouldn’t be overestimated. “Concerns are reasonable and valid; Russia has a well-established history of aggressively using their considerable cyber capabilities in Ukraine and abroad,” said Sandra Joyce, executive vice president of global intelligence at cybersecurity company Mandiant, which regularly tracks hostile Russian cyber activity.

Russia is suspected of being behind offensive cyber campaigns against other countries, including cyberattacks against Georgia, as well as attacks that took down Ukrainian power grids in December 2015.SEE: A winning strategy for cybersecurity (ZDNet special report)International consensus has also accused the Russian military of being behind the widespread and disruptive NotPetya malware attack of June 2017.NotPetya was designed to target organisations in the Ukrainian financial, energy and government sectors, but powered by EternalBlue – a leaked NSA hacking tool – the self-replicating virus quickly spread to organisations around the world. It wiped networks and caused what was estimated as billions of dollars in damages as victims across Europe, Asia and the Americas were impacted by a cyberattack that wasn’t directly aimed at them. Mandiant warned that this type of incident could potentially happen again.

“We are concerned that, as the situation escalates, serious cyber events will not merely affect Ukraine,” said Joyce.”But while we are warning our customers to prepare themselves and their operations, we are confident that we can weather these cyberattacks. We should prepare, but not panic because our perceptions are also the target,” she added.Organisations that fell victim to NotPetya did so because they hadn’t yet applied critical security updates, which were released months before and were designed to protect networks against EternalBlue.Meanwhile, cyber criminals and nation state-backed hackers continue to take advantage of security issues like the vulnerabilities in Microsoft Exchange, which received critical security updates last year but, in many cases, still haven’t been applied by businesses or consumers.Applying security patches in a timely manner can go a long way to protecting networks and infrastructure against intrusions.”We are imploring our customers and community to prepare for disruptive and destructive attacks, similar to those that have recently transpired in Ukraine,” said Joyce. “Many of the same steps defenders might take to harden their networks against ransomware crime will serve to prepare them from a determined state actor – if they take them now”.SEE: Cloud security: A business guide to essential tools and best practices Mandiant also warned that part of the strategy behind offensive cyber activity is designed to create worry and uncertainty. By ensuring that networks are as well-defended against attacks as possible, the damage done by attacks can be minimised, avoiding the panic that adversaries hope to generate.”Cyberattacks can be costly for individual organisations and may even seem frightening to some, but their real target is our perceptions. The purpose of these cyberattacks is not simply to wipe hard drives or turn out the lights, but to frighten those who cannot help but notice,” said Joyce.”The audience of these attacks is broad, but it is also empowered to determine how effective they are. While these incidents can be quite serious for many, we must remain mindful of their limitations. We only do the adversary a service by overestimating their reach.”Mandiant’s warning follows a similar warning from the UK’s National Cyber Security Centre in January, which urged organisations to take action to bolster their cyber resilience as a result of the ongoing tensions around Russia and Ukraine.In recent weeks, Ukraine has faced DDoS attacks affecting government services as well as banks, while government websites have been defaced. Nobody has yet explicitly claimed responsibility for the attacks.MORE ON CYBERSECURITY More

Open Source

CISA urged developers to update Discourse versions 2.7.8 and earlier in a notice sent out on Sunday, warning that a remote code execution vulnerability was tagged as “critical.” The issue was patched on Friday, and developers explained that CVE-2021-41163 involved “a validation bug in the upstream aws-sdk-sns gem” that could “lead to RCE in Discourse via a maliciously crafted request.”Developers noted that to work around the issue without updating, “requests with a path starting /webhooks/aws could be blocked at an upstream proxy.”The popular open source discussion platform attracts millions of users every month, prompting the message from CISA urging updates to be pushed through. Researchers have detailed the finer points of the problem in blog posts and reported the issue to Discourse, which did not respond to requests for comment. BleepingComputer conducted a search on Shodan that found all Discourse SaaS instances have been patched. Saryu Nayyar, CEO of cybersecurity company Gurucul, said Discourse “continues to make news after researchers discovered a vulnerability that enabled attackers to invoke OS commands at the Administrator level.” 

“It’s critically important for both systems administrators and individual users to keep up with security information from software providers and to install patches promptly. We can’t rely on Microsoft or other OS vendors to automatically push patches to our systems. Users of Discourse software should test and install this patch as their most important priority,” Nayyar said. “Most user computers don’t have computer admin access. If the only admin access on a computer is through the network administrator account, if you can execute using admin access, hackers have the potential to send a command that can compromise the entire network.”Haystack Solutions CEO Doug Britton said the vulnerability is dangerous because it can be run remotely without already being an authenticated user on the victim server.”Level 10 bugs are undoubtedly the most serious vulnerabilities. Discourse is a major communications platform,” Britton said.  More

Getty/D-Keine Thieves love to steal iPhones because they can quickly sell them for easy cash. So we’re going to show you the most important security setting you need to change on your iPhone today to stop them.  First, you need to know that if a thief steals your iPhone, the first thing a clever one […] More

Do not fall easily to the allure of “free” in the VPN world. There’s usually a catch because providers often explore other ways to make money from you. They may hide crucial features behind a paywall, or worse, they may sell your data for a profit.Also: The best VPN services: Expert testedYou can test the best VPNs for free with a trial or a money-back guarantee. But if you want a 100% free VPN to use for the long term, there is a handful of secure options you can choose from. The VPN provider’s reputation is important to ensure free apps don’t compromise your security once installed on your device, and so the only free services we can recommend are usually backed by their paying subscribers. What is the best VPN for free right now?We’ve extensively tested every major VPN on the market, including some free VPN offerings. Our pick for the best free VPN is Proton VPN More

travellinglight/iStock/Getty Images Plus via Getty Images Follow ZDNET: Add us as a preferred source<!–> on Google. ZDNET’s key takeaways Per-seat software licenses may soon be obsolete. Most software will soon be purchased by agents. Prepare for consumption-based pricing models. Goodbye, per-seat software licensing? Goodbye, software as a service? Vendors ahead in the artificial intelligence (AI) space – […] More