Information Technology

Image: Asha Barbaschow/ZDNet
Australia’s second tranche of cyber laws has passed through both houses of Parliament, meaning entities running “systems of national significance” will soon be beholden to enhanced cybersecurity obligations that could force them to install third-party software. Home Affairs Minister Karen Andrews said the laws would boost the security and resilience of Australia’s critical infrastructure.”Throughout the pandemic, Australia’s critical infrastructure sectors have been regularly targeted by malicious cyber actors seeking to exploit victims for profit, with total disregard for the community and the essential services we all rely on,” Andrews said.”The Bill builds on the Morrison Government’s strong support for our national security agencies announced in Tuesday’s Federal Budget, to make Australia stronger and keep Australians safe in an increasingly uncertain world.Australia’s parliamentary body tasked with reviewing cyber laws threw its support behind these laws last week, saying the laws would create a standardised critical infrastructure framework to make it easier for government and industry to approach cyber attacks in a precautionary fashion.The laws, packaged in the Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022, were initially meant to be part of the initial tranche of cyber laws for critical infrastructure entities that were enshrined last year. They were eventually left out of the first set of laws, however, due to the federal government wanting further consultation from industry on how to co-design a critical infrastructure regulatory framework.Along with enhanced cybersecurity obligations, the critical infrastructure reforms will require critical infrastructure entities to maintain a risk management program for identifying hazards to critical infrastructure assets and the likelihood of them occurring. In addition, entities will have to submit an annual report about the risk management program and if any hazards had a significant impact on critical infrastructure assets.Home Affairs Secretary Mike Pezzullo previously said the costs for running the risk management program, on average, would set entities back a one-off AU$9.7 million payment to set the program up and an annual ongoing cost of AU$3.7 million.  In terms of where the critical infrastructure reforms sit in the big picture, the reforms and the ransomware action plan will act as the federal government’s primary regulatory efforts for bolstering Australia’s cybersecurity posture. It sits separate to the Coalition’s newly proposed AU$9.9 billion cybersecurity program that was announced in the federal Budget, which is primarily focused on providing more resources to the Australian Signals Directorate.RELATED COVERAGE More

Image: ACT Policing
Australian Federal Police (AFP) Commissioner Reece Kershaw told senators on Thursday morning that additional funding from this year’s Budget would allow his law enforcement agency to start deploying the warrant powers it received in recently passed “hacking” laws shortly. Outlined in the annual federal Budget released on Tuesday night, the Coalition plans to hand over AU$142.2m across four years to the AFP for upping its specialist operational, intelligence, collection, and criminal asset confiscation capabilities, which includes these new warrants. The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 was enshrined late last year, giving the AFP the ability to issue three types of warrants. The first of the warrants is a data disruption one, which can be used to prevent “continuation of criminal activity by participants, and be the safest and most expedient option where those participants are in unknown locations or acting under anonymous or false identities”. The second is a network activity warrant that would allow the AFP and ACIC to collect intelligence from devices that are used, or likely to be used, by those subject to the warrant. The last warrant is a hostile account takeover warrant that would allow the agencies to take control of an account for the purposes of locking a person out of the account. Kershaw told senators that the hostile account takeover warrant would primarily be used in child protection in instances where predators refuse to hand over their identity. He added that the funding would hopefully allow the AFP to become better equipped at monitoring how criminals use cryptocurrencies. “The environment is getting more complex with cryptocurrencies so this will help us with identifying where the money and the flows [are] in the Australian system, at least, where we can work with AUSTRAC, Home Affairs, our other partner agencies, the Australian Criminal and Intelligence Commission, and Australian Border Force on dealing with hitting them where it hurts,” Kershaw said. The Department of Home Affairs in recent years has steadily pushed for law enforcement agencies, such as the AFP, to receive more powers. Alongside these new warrants, the AFP gained the ability to request or demand assistance from communications providers to access encrypted communications last year. Last week, the AFP also launched a new AU$89 million cybercrime centre. With the increased powers and resources, Kershaw said the AFP has seized, on average, AU$250 million in criminal assets annually over the past two years. By comparison, the AFP previously seized around AU$60 million worth of criminal assets per year. Given these new capabilities, the AFP is now considering a “stretch target” of seizing AU$1 billion of criminal assets per year. Last night, the Australian Federal Police (AFP) also set up a new taskforce specifically for protecting high-office holders and parliamentarians in the upcoming federal election, which is expected to be held in May. Among its numerous responsibilities, the taskforce will monitor online material that targets these key figures.”Hiding behind a keyboard to issue threats against politicians does not ensure anonymity,” the AFP said. “The AFP has world-leading technology to identify individuals who break the law by harassing, menacing or threatening to kill politicians.” The taskforce, consisting of hundreds of investigators, intelligence officers, and protective security specialists, will conduct its operations in a new “incident coordination centre”.  Related Coverage More

Satellite communications giant Viasat on Wednesday shared new information from its investigation into the February cyberattack that took down service for broadband customers in Ukraine and across Europe. The company confirmed the “multifaceted and deliberate” attack impacted “several thousand” customers in Ukraine and tens of thousands of other fixed broadband customers across Europe. 

ZDNet Recommends

The incident against Viasat’s KA-SAT network took place on Feb. 24, the same day that Russia invaded Ukraine. According to Viasat’s incident summary, a targeted denial of service attack was first detected when high volumes of focused, malicious traffic made it difficult for many modems to remain online. The traffic emanated from several SurfBeam2 and SurfBeam 2+ modems and/or associated customer premise equipment physically located within Ukraine. “We believe the purpose of the attack was to interrupt service,” Viasat said. “There is no evidence that any end-user data was accessed or compromised, nor customer personal equipment (PCs, mobile devices, etc.) was improperly accessed, nor is there any evidence that the KA-SAT satellite itself or its supporting satellite ground infrastructure itself were directly involved, impaired or compromised.”The attack was localized to a single, consumer-oriented partition of the KA-SAT network operated on Viasat’s behalf by a Eutelsat subsidiary, Skylogic. It didn’t impact Viasat’s directly managed mobility or government users on the KA-SAT satellite, nor did it affect users on other Viasat networks.The investigation and forensic analysis of the event identified a ground-based network intrusion by an attacker who gained remote access to the trusted management segment of the KA-SAT network. The attack apparently managed to gain that access by exploiting a misconfiguration in a VPN appliance. The attacker used their network access to execute legitimate, targeted management commands on a large number of residential modems simultaneously.Viasat said that it’s still working with the wholesale distributors of its services to bring their customers back online. Some customer modems promptly received over-the-air updates, while other customers are getting new modems entirely. Viasat has already shipped tens of thousands of replacement modems to distributors, the company said. The California-based company said it’s working with Eutelsat/Skylogic, as well as the cybersecurity firm Mandiant and law enforcement and government agencies, to continue its investigation into the attack. More

Hackers can easily use stolen usernames and passwords to conduct cyber attacks because many online accounts still don’t use two-factor authentication controls designed to help keen them safe.  Two-factor authentication (2FA) – or multi-factor authentication (MFA) as it’s alternatively known – is one of the key methods which individual users and wider organisations can use to help protect their online accounts from being hacked, even if their login credentials have been leaked or stolen. However, according to the DCMS Cyber Security Breaches Survey 2022, only around third of organisations have any requirement for two-factor authentication on user accounts – the figure stands at 37% for businesses and 31% for charities. That means that around two thirds of organisations don’t have any rules around two-factor authentication at all, so employees are unlikely to be using it, leaving their user accounts vulnerable to cyber attacks and hacking. Two-factor authentication creates an additional layer of protection, requiring users to use a text message, app or hardware key to confirm that it’s really them attempting to login to their account. This can help to stop cyber criminals from logging into online accounts with breached or stolen passwords. SEE: Multi-factor authentication: How to enable 2FA to step up your security But with so few users equipping accounts with two-factor authentication, cyber criminals could directly access accounts if they’ve got the login credentials, whether the username and password is stolen using a phishing email, guessed because it’s weak or taken from a previous data dump. Breached accounts, particularly those accessed using Remote Desktop Protocol (RDP), can be used to steal additional information, or be quietly used to move around the network and lay the foundations for a malware or ransomware attack. Two-factor authentication is more widely used in some sectors than it is in others. For example, the DCMS data says there are policies in place in around two thirds of businesses in information and communications, while under one in five businesses within the food and hospitality have rules around it. Other industries with low uptake of two-factor authentication are utilities, production, and manufacturing, where only 28% of businesses have any policies in place. These critical industries are already a tempting target for cyber criminals – particularly ransomware gangs – and the lack of additional protections on accounts leaves them even more vulnerable. At a time when the government is urging organisations to be wary of cybersecurity threats, more needs to be done to ensure that two-factor authentication and other cybersecurity measures, like applying security patches in a timely manner, using strong passwords and keeping anti-virus software up-to-date are in place.  “It is vital that every organisation take cyber security seriously as more and more business is done online and we live in a time of increasing cyber risk,” said Cyber Minister Julia Lopez. “No matter how big or small your organisation is, you need to take steps to improve digital resilience now and follow the free government advice to help keep us all safe online.”  The National Cyber Security Centre (NCSC) also offers advice to businesses and individual users on how to keep accounts secure and how to stay safe online. MORE ON CYBERSECURITY More

StackCommerce
Cybersecurity skills are highly valued in the tech industry, and there are always job openings available. So if you want to switch to a well-paid tech job, these 10 e-learning bundles can help. They all have classes starting at the beginner level, and they’re on sale for an additional 50% off when you use coupon code LEARNNOW during our Best of Digital Sale.These courses are self-paced, and you don’t have to complete all of them before you can start applying for new positions. In fact, you’ll often be able to start sending out over 100 job applications a day after completing just one course.The Super-Sized Ethical Hacking BundleYou can learn beginner to advanced ethical hacking techniques, even with no prior experience. This bundle covers topics ranging from pen testing to social engineering, including hands-on interactive courses.For a limited time only, get The Super-Sized Ethical Hacking Bundle for $21.50 (reg. $1,080) with code LEARNNOW.The Ethical Hacker Master Class BundleThese 10 courses not only teach you ethical hacking from scratch, but they’ll also train for coveted CompTIA certifications. This includes A+, Network+, and Security+, three foundational certs that can endorse your skills in designing and implementing functional networks and addressing security incidents.For a limited time only, get The Ethical Hacker Master Class Bundle for $19.50 (reg. $4,883) with code LEARNNOW.How to Hack from Beginner to Ethical Hacking CertificationYou need no experience whatsoever to learn how to hack with this bundle of courses. They are designed for all levels and can take you from total novice to professional. Some of the topics covered include using Raspberry Pi to hack devices and coding custom tools with Python.For a limited time only, get How to Hack from Beginner to Ethical Hacking Certification for $19.50 (reg. $1,649) with code LEARNNOW.The Premium Ethical Hacking Certification BundleWhether you’re looking for an all-in-one hacking guide from zero to hero, specialized WordPress hacking skills, or CompTIA pen-testing prep, this bundle has what you need. You can switch to an exciting tech career with just one of these courses.For a limited time only, get The Premium Ethical Hacking Certification Bundle for $30 (reg. $1,600) with code LEARNNOW.The Ultimate White Hat Hacker Certification BundleThis is a highly-rated bundle of courses that provides a range of cybersecurity training in just 10 courses. Some courses cover tools like Wireshark, Tcpdump, Syslog, and Nmap, while others can help you gain valuable CompTIA certifications.For a limited time only, get The Ultimate White Hat Hacker Certification Bundle for $20 (reg. $1,345) with code LEARNNOW.The All-In-One 2022 Super-Sized Ethical Hacking BundleIf you’re looking for the most comprehensive bundle of ethical hacking courses, this is it. These trainings cover everything from bug hunting and pen-testing through an ethical hacking certification course.For a limited time only, get The All-In-One 2022 Super-Sized Ethical Hacking Bundle for $21.50 (reg. $3,284) with code LEARNNOW.The All-in-One Ethical Hacking & Penetration Testing BundleWhile the courses in this bundle cover a wide range of topics, from phishing to network layer attacks, it’s particularly suitable for anyone who wants to work with Microsoft Azure. The “Cloud Security with Microsoft Azure for Beginners” course, for example, could help you pursue a career change.For a limited time only, get The All-in-One Ethical Hacking & Penetration Testing Bundle for $14.99 (reg. $1,800) with code LEARNNOW.The 2022 Premium Certified Ethical Hacker Certification BundleThese 10 courses offer free ethical hacking tools, certifications to make your resume shine, and much more. Start from scratch and move at your own pace into advanced network hacking.For a limited time only, get The 2022 Premium Certified Ethical Hacker Certification Bundle for $17.50 (reg. $2,000) with code LEARNNOW.The 2022 Ultimate Ethical Hacking Super-Sized Certification Prep BundleWhether you are a complete novice, a Cisco professional, or anything in between, this bundle offers training material that can help you succeed as an ethical hacker. You can even prepare for the CompTIA Network+ and Security+ exams.For a limited time only, get The 2022 Ultimate Ethical Hacking Super-Sized Certification Prep Bundle for $17 (reg. $1,800) with code LEARNNOW.The Complete 2022 PenTest & Ethical Hacking BundleWith hands-on hacking, practical pen-testing courses, and more, you’ll be ready to take the CompTIA PenTest+ course included in this bundle. This certification may even help your resume stand out when seeking cybersecurity roles.For a limited time only, get The Complete 2022 PenTest & Ethical Hacking Bundle for $24.50 (reg. $1,770) with code LEARNNOW.

More ZDNet Academy Deals More

Eugene Krupnov: “A day after we left, an enemy rocket hit a high-rise building not far from our home in Kyiv.”
Image: Eugene Krupnov
“Our daughter kept asking if we would die.” Eugene Krupnov, developer of the popular Mac application Unclutter, found himself answering his eight-year-old daughter with a bit of pop-culture gallows humor. “Not today, we joked, quoting Arya from Game of Thrones.” On February 24, Krupnov and his family evacuated from Kyiv. “As we were fleeing the city, we heard how the shelling escalated, we saw unthinkable traffic across the highways and endless lines at every gas station. It was night time. And it seemed like an apocalypse.”
“The first days we had more confusion, panic and anxiety. Now you almost get used to things, and just have to care less. I try to consume less news, as it often brings stress and sadness.”  
— Unclutter’s Bohdan Toporivsky  

Krupnov told ZDNet, “A day after we left, an enemy rocket hit a high-rise building not far from our home in Kyiv.” Ukraine has a very large tech sector. According to Bloomberg, the country boasts a quarter of a million tech professionals, many of whom provide coding services to major players like Apple, Google, Lyft, Ubisoft, Daimler, BMW, Citi, and JPMorgan, among many others. According to the trade group IT Ukraine Association, as reported in the Wall Street Journal, IT export volume, “increased 36% to $6.8 billion last year, up from $5 billion in 2020 and $4.2 billion in 2019.” According to Ukrainian developer outsource firm Daxx, via research from SkillValue, Ukraine’s developers rank 5th worldwide in terms of overall competence. There are also thousands of entrepreneurial companies building their own software products. We spoke to eight of them this week. Tanya Vert is a PR specialist at BeLight Software. I’ve spoken to her over the years, particularly when I reviewed Live Home 3D. The idea for this article occurred to me when I was using Live Home 3D last week to rearrange my home workshop. Here I was using a product to rearrange my home, when the developers were losing theirs. The BeLight team is spread across Ukraine now, with half of the team staying in Odesa. When I checked in with Vert, she told me, “There are air raid alarms several times a day, explosions are heard all the time. People spend several hours every day in shelters. There is no subway in Odesa, so underground parking lots, basements and corridors inside buildings serve as shelters. Every night, we enjoy missiles, drones and air defense performance in the sky over the sea.” Headway startup team in the first days of the war.
Image: Headway startup
Bohdan Toporivsky is SEO and Content Manager, also at Unclutter. He shared what he calls “our life these days” with me. “The first days we had more confusion, panic and anxiety. Now you almost get used to things, and just have to care less. I try to consume less news, as it often brings stress and sadness.” In his email, he told me, “We are happy to have enough food and clothes – too many Ukrainians don’t have that luxury. Most of my other friends I text with are holding up relatively well too. It’s rather hard to sleep, air raid alert wakes us up once or twice a night (more during the day) and we go to the basement a.k.a. bomb shelter.” Bohdan Toporivsky: “It’s rather hard to sleep, air raid alert wakes us up once or twice a night (more during the day) and we go to the basement a.k.a. bomb shelter.”
Image: Bohdan Toporivsky
Right now, he’s living in a refugee/guest house of a local church. “We settled there,” he said, “not knowing for how long. It’s been almost a month now.” In the past week, I’ve spoken to eight companies either based in Ukraine or with large teams who work there. Amidst the horror of war, there were two themes that became apparent during our conversations: their efforts to maintain business continuity, and the Ukrainian spirit of their team members. Business continuity and data security Skylum is a company known for its Luminar and Aurora HDR photo editing products. Many in the Mac community know them by their original name, MacPhun. According to a post by CEO Ivan Kutanin, his team of 130 is currently scattered across Ukraine and the world.  Despite all the pressures he and his company are facing, one of the most important messages he wants his customers to hear is one of reassurance, “Rest assured that we securely host all of our infrastructure and user data on Amazon Web Services. All servers for this cloud service are located in the European Union and are not in Ukraine, so you can be confident that your data is securely stored.” Image: Anna UstynovaThe CEO of a software company is doing his best to reassure his customers about their security, while his own team is working out of “bomb shelters, on the road, or in the homes of relatives and friends in safer locations.” MacPaw is another company very familiar to Mac users. They make CleanMyMac X, Gemini Photos, and the Setapp Mac software subscription service. In a letter to ZDNet, Oleksandr Kosovan, MacPaw’s CEO and founder told us, “MacPaw is a company from Ukraine and operates primarily in Kyiv. Part of our team decided to stay in Ukraine to defend our country and help people in need. Some team members moved abroad to safer places with their families and kids.”
“There are many different situations being experienced by our people. Some have returned to 80-100% work capacity, others are still in shock, while others are experiencing air-raid alarms every few hours.”
— Readdle’s Maria Henyk

According to Kosovan, “Those team members who are already outside of Ukraine are working to maintain MacPaw products and the stability of the company’s services. While preparing for the massive invasion, the company also organized an office in Ivano-Frankivsk, Western Ukraine. We prepared the company to work completely autonomously.” Kosovan told us he is staying in Kyiv, “to protect Ukraine and stop the war in any way possible.” So is MacPaw CTO Vera Tkachenko. In a tweet, she says, “Seventh day of a war. I’m staying in Kyiv and have to move to a shelter several times a day. Food and medicine supplies are limited. Civilians in suburbs are attacked with bombs several times a day. But our defense forces are real heros and we’ll win!” Image: Bohdan ToporivskyReaddle is a Ukrainian-founded company that produces Spark email and PDF Expert. In an email conversation with Maria Henyk, Readdle’s PR & marketing manager, she told us, “We’re equipping a location in Odesa as a shelter for the team, their families, and their pets. The company is providing financial help for all Ukrainian employees, along with assistance for those who can and want to move abroad.” “There are many different situations being experienced by our people,” Henyk told us. “Some have returned to 80-100% work capacity, others are still in shock, while others are experiencing air-raid alarms every few hours.” Henyk asked us to share this message, “As for our customers, nothing has changed for them. For many years, we’ve been investing in the safety and security of our systems and products, so everything customer-facing is up and running. Millions of people worldwide rely on our products, receiving timely updates and customer support.” Anna Ustynova provides communications and global PR for Headway, a maker of a motivational app. In an email, she told ZDNet, “Since the beginning of the invasion, the top priority of Headway has been to ensure the safety and well-being of our employees and their families in Ukraine. We have launched an emergency plan, and now over 95% of the Ukrainian Headway teammates and their families, who desired to move, are in a safe place.” Image: Anna UstynovaShe continued: “Our Kyiv R&D unit settled down partly in the west of Ukraine, partly abroad. No employee was fired; instead, Headway is going to hire more Ukrainian talents and all previously sent offers were secured and already two employees have joined us since 24th February.” Ajax System makes smart alarms popular in Europe. Valentine Hrytsenko, chief marketing officer at Ajax Systems told ZDNet, “Since the outbreak of the war in Ukraine, our company is doing everything necessary to ensure the protection and safety of its people, business, and supplies to partners.”  
“To protect the safety of our team members, we won’t be providing further details of our contingency plans or team member locations.”
— Grammarly’s Jen Dakin

As with the other companies seeking to retain some level of normality in the midst of war, Hrytsenko sought to reassure customers, “The Ajax server infrastructure functions without interruption, so users and partners don’t have to worry about the stability of already installed systems. Ajax’s servers are geographically dispersed throughout Europe in Amazon data centers in Ireland and Germany.” Grammarly makes a well-known cloud-based writing assistant. According to Jen Dakin, consumer PR manager, “Grammarly’s first priority remains the safety and well-being of our team members. We have implemented our contingency plans that include relocating team members and their families to help them remain safe.” Beyond that, Dakin was keeping operational security for Grammarly, telling us only, “To protect the safety of our team members, we won’t be providing further details of our contingency plans or team member locations.” These developers are doing their best to reassure their customers that their services will continue, even as their world is being blown apart around them. Each of these teams spent years building their companies and products into successes, and ensuring continuity of their businesses – in the worst and most scary of conditions — is also about survival. If their companies suffer or shutter, they lose their livelihoods too. But there’s so much more. Each of these companies shared with me their contributions to the war effort. Ukrainian spirit Jen Dakin told us, “Grammarly will donate all of the net revenue earned from Russia and Belarus since the war started in 2014 through 2022 to causes supporting Ukraine—totaling over $5 million.” Hrytsenko of Ajax Systems told us about work the company is doing with the Ministry of Digital Transformation of Ukraine. He described an app Ajax built called Air Alert that “instantly informs about the beginning and end of a civil defense alert. The app generates a loud critical alert warning of an airstrike, chemical attack, or other types of civil defense alerts. The app receives signals first-hand from Ukrainian regional administrations, allowing people to react as quickly as possible.” Image: Anna UstynovaReaddle’s Henyk told ZDNet about the dedication of the company’s employees and how the company is supporting them, “Many people are taking part in volunteering projects, and some have joined territorial defense forces. We are proud of our team and such strength and bravery and are keeping their positions open and paying all salaries for all people as normal.” In her email to us, she continued: “Readdle employees themselves have donated tens of  thousands of dollars to the Ukrainian defense, and the company has matched this amount.” MacPaw’s Kosovan shared his pride in his team: “MacPaw team members volunteer to provide food and medicine, support Ukrainian Army, donate blood and money to Ukrainian charities like other Ukrainian citizens all over the country. Some of us are fighting in the Ukrainian Army, Territorial Defense, and the Ukrainian IT Army.”
“We try and do what we can. Our warriors need all the support they can get, on all fronts.”  
— Bohdan Toporivsky  

Kosovan also tells us that since the beginning of the war, MacPaw has been actively involved in delivering humanitarian aid to Ukrainians in need through the MacPaw Development Fund. In an email to ZDNet he said, “The MacPaw Development Fund is able to quickly source and distribute large quantities of food, medical supplies, hygiene products, and other humanitarian aid to those in need. The Fund can do it faster than most larger organizations and this can help save lives when every moment counts. Through the Fund, to date, MacPaw has spent over $4M to provide food, medical supplies, and other necessities to Ukrainians in the war zones.” BeLight’s Vert told us a little more about how her team is supporting the war effort: “We keep working from home now and help Ukraine in every way we can. Some with donations, others are helping Territorial Defense with supplies, or with the preparation of Molotov cocktails (a special explosive substance used by civilians to fight the occupants), some joined the regional branch of the Red Cross in Uzhhorod, Western Ukraine, as a volunteer.” For Unclutter’s Toporivsky, it’s all about volunteering. He told ZDNet, “A few days after the war began and we moved to that safer place, we understood that we could not just wait, read awful news, and take no action anymore.” “And four of us began doing whatever we could to somehow help our Ukrainian defenders and victims of war. Then six of us, then many more in different cities of Ukraine and beyond,” Toporivsky said in an email. “Thanks to various friends with connections to the Ukrainian army, volunteers, and funds, we started arranging humanitarian help from Poland, Slovakia, Czech Republic, and other European countries. Food, medicines, clothes, hygiene products, etc. Military equipment and protection too, when possible.”

“There aren’t many of us, and the scale could be much bigger – we still try and do what we can,” says Toporivsky. “It’s hardly possible to do regular work nowadays. Hoping I’ll get back to it later, when things slow down. After all, our warriors need all the support they can get, on all fronts.” Life in Ukraine Unclutter CEO Krupnov told us, “We’ve been planning to release a major update this fall. And minor updates this spring. But now all the development has come to a halt. We’re only able to provide user support.” “Imagine that your life has completely changed in just a few days,” Krupnov said. “It’s emptiness, fear for your loved ones, and shame you feel because you don’t do enough for your country. It’s a sensation of overwhelming despair each time you read about murdered civilians and children or soldiers who died protecting their homeland. It’s also destroyed cities – the places you loved and felt connected to.” Still, he’s hopeful. “Though we’re scattered across the globe now, we still keep in touch and support each other. Some day, after the victory, we will get together once again to continue our work after a great celebration.” If you want to help, we’ve provided a number of donation sites and resources you can explore in the companion article, “Ukraine: How you can help.”

Ukraine Crisis

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

These contribution opportunities were suggested by the companies we profiled in the companion piece, “Ukrainian software developers: Email and photos from the war zone.” Humanitarian Support NBU Fundraising Account: According to their website, “This account is meant for charity contributions from Ukraine and from abroad. The Ministry of Social Policy will channel the raised funds to support Ukraine’s citizens severely affected by the war.”

Donate goods and food to Ukranians: If you live near any of the cities listed at this link, you can bring goods and food to be delivered to Ukranians in need by Nova Poshta Global. Help host evacuating Ukranians: UkraineNow works to find relocation destinations for evacuees. Save the Children: Save the Children is operating an emergency fund for displaced Ukrainian evacuees. Razom Emergency Fund: Razom unites various Ukrainian activists. Razom Emergency Response is providing critical humanitarian war relief and recovery according to the most urgent needs as they evolve. Nova Ukraine: Nova Ukraine is a nonprofit organization dedicated to providing humanitarian aid to the people of Ukraine. MacPaw Development Fund: The MacPaw Development Fund has been sourcing medical supplies and distributing them to hospitals, financing the production of protective gear for the Ukrainian Army and territorial defense units, supplying the military with cell phones and computers, and printing maps for patrols in Kyiv. World Central Kitchen: WCK arrived in Poland on Feb. 24th to help refugees arriving from Ukraine. In response to the February 24 attacks on Ukraine, the WCK team is serving hot, nourishing meals at a 24-hour pedestrian border crossing in Southern Poland. The Salvation Army: The nonprofit’s “Love Beyond Conflict” campaign is asking donors to support families fleeing crisis in Ukraine to help provide peace and safety.Team Rubicon: Serves communities by mobilizing veterans to continue their service, leveraging their skills and experience to help people prepare, respond, and recover from humanitarian crises. The nonprofit is pre-positioning its mobile Emergency Medical Team in Poland to assist the mass crowds of refugees crossing the border every day. Community Organized Relief Effort (CORE): A crisis response organization that brings immediate aid and recovery to underserved communities across the globe. In immediate response to the crisis in Ukraine, the CORE team is on the ground in Poland supporting the immediate needs of refugees. CORE’s initial efforts are focused on distributing hygiene kits and supplying refugees with cash assistance to help families get access to life-saving items such as food, water, and safe transit to shelter. The Tunnel to Towers Foundation: Honors the sacrifice of firefighter Stephen Siller who laid down his life to save others on September 11, 2001, as well as our military and first responders who continue to make the supreme sacrifice for our country. On March 10, the nonprofit committed $1 million to the children of Ukraine in an effort to help them find safety amid the conflict in their country. Additionally, T2T is collecting additional donations to amplify their impact and provide relief.Unclutter’s Help Ukraine Fund: Unclutter has a neat approach. If you donate, they’ll give you a free copy of Unclutter (note: I use this every day) and the funds you donate will go to local volunteers and charitable organizations. Support animals Help rescue, feed, and relocate animals: UAnimals helps shelters financially, provides them with food, and tries to evacuate animals to other countries. Journalism support Donate to support journalists on the ground: Donations to the 24.02 Fund provide bulletproof vests, helmets, fuel, sat phones, diesel generators, walkie talkies, and relocation help for journalists’ families. Activism Join a peace protest: This Google table lists upcoming peace protests and additional information about each protest’s organizers. Defense Support Donations to the Ukranian Army: This is a direct donation link to an account that disburses funds to the Ukrainian Army. Donations to Ukraine’s military via National Bank of Ukraine: This is another direct donation link that disburses “to support the Armed Forces of Ukraine.” Come Back Alive: This fund supports the Ukrainian Armed Forces with, according to the fund, “financing purely defense initiatives. Since 2014 we have provided around 1000 thermal imagers and over 250 UAVs. In addition to the material support, we increased the technological capabilities of the Army through providing 1,500 tablets with Armor software aimed at stopping the artillery.” Support Ukrainian defenders: The KOLO fund, a charity fund created by IT specialists from Ukraine, provides soldiers and volunteers with helmets and body armor, satellite phones and tactical radio equipment, quadcopters and drones, and thermal imagers and sights. You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

Cyber criminals are posing as recruiters and employers to offer people fake jobs in a scheme designed to steal money, personal data and trick victims into helping them commit money laundering. Detailed by cybersecurity researchers at Proofpoint, the job fraud campaigns attempt to lure people in with the promise of upfront payments for simple jobs that can be done while working from home. 

ZDNet Recommends

Nearly 4,000 of these email threats are being sent every day – most are sent to people in the United States, but Europeans and Australians have also been targeted. SEE: A winning strategy for cybersecurity (ZDNet special report) In over 95% of cases, the attackers are aiming at email accounts linked to universities and colleges, targeting students who are likely to be open to flexible and remote work opportunities.Remote work has risen because of the COVID-19 pandemic, something that could make the approaches look less suspicious to victims. Some of the fraudulent emails even reference COVID-19 as a reason for the fake jobs being remote. While the lure of making easy money from remote work sounds tempting, the attacks are designed to fleece victims – according to the FBI, the average loss for victims of employment fraud actions is around $3,000. “These types of threats can cause people to lose their life savings or be tricked into participating in a criminal operation unknowingly. They are very concerning for universities especially,” said Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. Those behind the attacks use several different templates, often using the real branding and logos of the companies they’re claiming to come from. The attackers are also known to use spoofed or compromised email addresses of recruiters in order to send initial emails. One of the scams purports to be from the United Nations Children’s Fund (UNICEF) for an executive personal assistant role, claiming to offer $400 for eight hours a week of work. The email contains link to a Google form, asking for a name, alternative email address, and phone number. If the victim enters their details, they receive another email with more information about the supposed job, and if the offer is accepted, the attackers send a fake cashier’s check, initially for $950, then rising to $1,950 – this is designed to look like the victim will be paid, when that isn’t the case. Instead the attackers ask the victim how much they have in their bank account, so money can supposedly be used to send toys to children in orphanages – researchers were asked to transfer $1,000. The attackers asked for the transfer to be made – something that leaves the victim out of pocket because the fake cashier’s check that supposedly covers the cost can’t be cashed. Another of the phony jobs takes a different route, sending emails in which the attackers are claiming to be recruiting college students for an alleged modelling job – which doesn’t really exist. The email claims that the victim will be paid over $2,750 up front, and any expenses related to the shoot will be reimbursed.  SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened  The attacker emails a fake check and, in some instances, it is even sent to the victim’s home – but because it’s fake, it can’t be cashed. In this case, the fraud is based around sending money to cover “shipping costs” for items to be used in the shoot – items that are never ordered for a shoot that won’t happen, ultimately resulting in money being stolen from the victim. Not only can these fake jobs leave people out of pocket, they could also potentially be unwittingly helping to facilitate cybercrime, as it’s likely some of these cash transfers are part of fraud related to other schemes. In aiming at students, the attackers are potentially exploiting naivety about online threats and the world of work – for example, a legitimate employer is very unlikely to send a paycheck before an employee’s first day of work and nor will they ask employees to buy items before they start the job. In order to avoid falling victim to these scams, it’s recommended that caution is exercised when receiving an unexpected job offer, especially if it comes from a freemail account like Gmail or Hotmail, but claims to be coming from a legitimate organisation. People should also be wary about nonexistent or overly simple interview questions and a lack of information about the job itself, or requests to switch to a personal email address or private chat account to discuss the opportunity. It’s also worth remembering that if an opportunity seems too good to be true, then it probably is.MORE ON CYBERSECURITY  More