Information Technology

Image: Asha Barbaschow/ZDNet
The federal government has released its 2022-23 federal Budget, containing a AU$9.9 billion kitty for bolstering cybersecurity and intelligence capabilities in the midst of a growing cyberthreat landscape around the world. The near-AU$10 billion will be spent across a decade under a program called Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers (REDSPICE). “This is the biggest ever investment in Australia’s cyber preparedness,” said Treasurer Josh Frydenburg, who announced the Budget on Tuesday night. Looking at how the federal government envisions the AU$9.9 billion will be spent, the Australian Signals Directorate (ASD) will be the biggest recipient of these funds. Over the next four years, the ASD will receive AU$4.2 billion to double its employee head count — amounting to 1,900 new jobs — triple its offensive cyber capabilities, double its cyber hunt and response activities as well as preserve its ability to deliver a “strategic advantage”. “The package will help ASD to keep pace with the rapid growth of cyber capabilities of potential adversaries, as well as being able to counter attack and protect our most critical systems,” according to Budget documents. REDSPICE will also provide funding for Australian industry and support new employment pathways through partnerships with educational institutions, particularly in the areas of data science and analysis, artificial intelligence, cybersecurity, and IT engineering.Prior to the federal government’s announcement of the AU$9 billion cybersecurity package, the Coalition had already conveyed a firm posture for ramping up cybersecurity. On Monday, Prime Minister Scott Morrison announced a new cyber and critical technology centre that would be set up within the Office of National Intelligence. “The multi-agency centre will ensure Australia, working with our allies, can better anticipate and capitalise on emerging technologies,” said Morrison, who spoke at an event commemorating the ANZUS Alliance’s 70th anniversary. “With challenging and changing geopolitical realities — where technological advantage for our intelligence agencies is more important than ever — Australia is, as always, stepping up to do more. We look to, but we never leave it to the United States.” Morrison on Friday called organisations to prioritise trust over costs and efficiency when it comes to data security. “I tell you particularly in a more troubled world, especially from a data security point of view, supply chains are frankly more about trust now than they even are about efficiency or cost,” the Prime Minister said at the opening of Macquarie Telecom’s new AU$85 million data centre in Sydney. Days prior to that, Home Affairs Minister Karen Andrews launched an Australian Federal Police-led (AFP) cybercrime centre to bolster the country’s cybercrime fighting efforts, which cost AU$89 million. While the AU$9 billion figure packs a punch, the federal government has not provided details of how it will assess the effectiveness of these newly announced cyber efforts. Read more: The disappointment of Australia’s 2020 cybersecurity strategy Just two years ago, the Coalition handed down its 2020 Cyber Security Strategy along with AU$1.35 billion to Australia’s security agencies for the program called the Cyber Enhanced Situational Awareness and Response (CESAR) package. Since CESAR’s rollout, however, there have been limited updates regarding the effectiveness of the program in stopping cyberthreats. More funding for Australia’s digital economy strategy The federal government has also introduced an incentive for small businesses, companies with less than AU$50 million in turnover, to up their technology investment. The incentive will allow small businesses to deduct an additional 20% of the cost incurred on business expenses and depreciating assets that support their digital adoption, such as portable payment devices, cybersecurity systems, or subscriptions to cloud-based services. “From tonight, every AU$100 these small businesses spend on digital technologies like cloud computing, eInvoicing, cyber security, and web design will see them get a AU$120 tax deduction. Investments of up to $100,000 per year will be supported by this new measure,” Frydenburg said. This year’s federal Budget also sees more funding put towards Australia’s Digital Economy Strategy, which received AU$1 billion in last year’s Budget, with another AU$130 million over four years to be allocated. Of that new amount, AU$38.4 million will be used to implement further Consumer Data Right measures, while AU$30.2 million will be spent on a fourth cyber hub within the Australian Taxation Office, AU$18.6 million will be put towards shaping global critical and emerging technology standards, and AU$13.6 million will be used for continuing the digitalisation of the transport sector. STEM development receives over AU$45 million Outside of cyber, the federal government has pledged AU$45.4 million over five years to support STEM development in Australia. This consists of AU$33.4 million to the National Measurement Institute to deliver essential measurement standards and services that underpin business continuity and international trade and AU$5.3 million to improve the National Science and Technology Council’s provision of science and technology advice to the federal government. In addition, AU$6.7 million of the STEM package will be used to extend support for the Women in STEM Ambassador and Superstars of STEM initiatives, which are both focused on raising the profile of Australian women in STEM. Continuing the women in STEM focus, the federal Budget has also allocated a separate AU$3.9 million over two years to support women shifting into digitally skilled roles. In partnership with industry, this initiative will provide mentoring and coaching to facilitate a mid-career transition into the ‘tech workforce’. The new STEM funding comes after the federal government on Monday announced it made good on one of its commitments from last year’s Budget, delivering AU$10.7 million for digital cadetships — 10 months after the cadetship initiative was announced. Rocket man gets more fuelAustralia’s space sector also saw a big injection in this year’s Budget, with the federal government allocating AU$1.3 billion, AU$38.8 million per year, to grow the sector. The majority of those funds, AU$1.2 billion, will be used to establish a National Space Mission for Earth Observation to secure access to key earth observation data streams, build Australia’s sovereign capability, and enter agreements with international partners including for the procurement and operation of Australian Satellite Cross-Calibration Radiometer satellites. The remaining amounts will be put towards setting the conditions for rocket launches from Australia, fast-tracking the launch of space assets, and planning and streamlining future space plans. The move builds on the federal government’s “mission to triple the size of the sector and create up to 20,000 new jobs by 2030”, a goal that was set out under the Australian Civil Space Strategy. Improving regional connectivity with another AU$1.3 billion Another big-ticket tech item in this year’s Budget is the AU$1.3 billion, to be allocated over six years, for improving regional telecommunications, including through providing greater mobile coverage and targeted solutions to address issues such as mobile congestion. The funding was provided as part of the government’s response to the Regional Telecommunications Review, which found NBN upgrades will widen the digital divide between rural and urban areas. Chief among the list of things that are part of the networking kitty is almost AU$815 million over five years to expand the mobile black spot, regional connectivity, and mobile network hardening programs. Meanwhile, AU$480 million of the AU$1.3 billion has been provided to the company responsible for running the NBN to upgrade its fixed wireless and satellite networks to improve services in regional, remote, and peri-urban Australia. The remaining amount will be used by Australia’s consumer watchdog to review mobile tower access fees. The rest of the techAddressing the floods across Australia’s eastern coast, the federal government announced it will implement a new cell broadcast messaging system, in collaboration with the state and territory governments, to ensure critical information can be provided to the Australian public concerning significant emergencies. The amount allocated to this new system was not disclosed. In terms of upping Australia’s privacy capabilities, AU$17 million over two years will be provided to support the Office of the Australian Information Commissioner in undertaking its privacy and regulatory functions, including in relation to social media and other online platforms. The information commissioner has been calling for more funding for years, having said during Senate Estimates earlier this year that it has been developing an increasing backlog of privacy complaints. For Australia’s eSafety agency, the federal government will invest AU$31.6 million over the next five years towards online safety initiatives as part of its new national plan to end violence against women and children. This includes over AU$27 million for the eSafety Commissioner to expand her office’s capabilities, which includes supporting victim‑survivors of technology-facilitated abuse. This funding was recommended by the parliamentary committee that ran Australia’s social media probe, which found social media companies were not doing enough to reduce online harm. The federal government has also provided an additional AU$96.8 million over four years for system upgrades to Australia’s health system. According to Budget documents, the upgrades will look to reduce manual processing and improve claim timeframes for patients and medical providers for Medicare services, the Pharmaceuticals Benefits Scheme, and other health-related payments. Australia’s flagship digital health initiative, My Health Record, also received more funding in this year’s Budget to the tune of AU$23.8 million over four years. This amount will be used to improve linkages with the My Health Record and provide additional funding to accredited practices for their provision of temporary telehealth services during the COVID-19 pandemic, and enable communities affected by natural disasters to access continued healthcare services via telehealth. At the end of last year, the federal government pledged over AU$100 million to make telehealth a permanent fixture within the country’s healthcare system. According to Budget documents, the federal government is also set to digitalise trust and beneficiary income reporting and processing as of mid-2024, which it said would give all trust tax return filers the option to lodge income tax returns electronically, increasing pre-filling and automating ATO assurance processes. Continuing with the ATO, the government has committed AU$6.6 million over the forward estimates period for the development of IT infrastructure required to allow the ATO to share single touch payroll data with state and territory Revenue Offices on an ongoing basis. The ATO’s patent box initiative, announced in last year’s Budget, has also received approval by the federal government to be expanded. As part of the expansion, the federal government will provide concessional tax treatment for corporate taxpayers who commercialise their eligible patents linked to approved agricultural and veterinary chemical products. “This measure is estimated to decrease receipts by AU$10 million, and increase payments by $13.4 million over the forward estimates period,” Budget documents say. Funding for the three ATO initiatives has already been provided by the federal government. For the ABS, AU$19.9 million over four years has been provided for the development of a new reporting application to enable businesses to submit surveys on business indicators directly through their accounting software. The Budget comes with the federal election looming in May, with the election for both houses set to be held by May 21 at the latest.  Updated at 9:11am, 30 March 2022 AEST: clarified the new 1,900 jobs from the REDSPICE program is part of the ASD doubling its headcount. Related Coverage More

Image: Getty Images
The European Commission and the United States announced a new Trans-Atlantic Data Privacy Framework over the weekend, signalling clarification may be on the way regarding what data flows are allowed after a European court struck down the EU-US Privacy Shield one and a half years ago. The Privacy Shield agreement had set the terms for transatlantic transfers of personal data. The agreement was struck down, however, after the European Court of Justice found US laws did not offer enough data protection safeguards to meet European standards, leading to legal uncertainty regarding what data flows are allowed. The legal uncertainty led to European regulators, in recent months, issuing orders against flows of personal data that passed through products such as Google Analytics. Meta, meanwhile, “threatened” to pull its services out of Europe if governments could not come to an agreement on a new EU-US transatlantic data transfer framework. The company eventually backpedalled from its comments, but it remained staunch in calling for a new framework to be established. According to a White House fact sheet, the new Trans-Atlantic Data Privacy Framework will see the US government implement reforms to better protect the personal data of EU citizens, such as allowing these citizens to seek redress at a newly-created, independent Data Protection Review Court that will have “full authority” to adjudicate claims and direct remedial measures as needed. The US government will also ensure signals intelligence collection may only be undertaken where necessary to advance legitimate national security objectives, and must not disproportionately impact the protection of individual privacy and civil liberties under the framework. “The new framework marks an unprecedented commitment on the US side to implement reforms that will strengthen the privacy and civil liberties protections applicable to US signals intelligence activities,” the European Commission and US government said in a joint statement. With the US committing to these reforms, among others that have yet to be publicly detailed, citizens and companies on both sides of the Atlantic will be able to continue their existing data flows between the EU and US, which companies like Google have already lauded. “We look forward to certifying our processes under the Trans-Atlantic Data Privacy Framework at the first opportunity. For Google, these (and similar) standards serve as a floor, not a ceiling, for the protections we offer our users and customers,” Google VP of public policy Karan Bhatia said. Max Schrems, the privacy lawyer who raised the lawsuit that culminated in the Privacy Shield agreement being canned, was sceptical of the new framework, with its details yet to be released. “Seems we do another Privacy Shield especially in one respect: Politics over law and fundamental rights,” Schrems said. “This failed twice before. What we heard is another ‘patchwork’ approach but no substantial reform on the US side. Let’s wait for a text but my [first] bet is it will fail again.” Related Coverage More

Credit: Microsoft
Microsoft is adding a new Vulnerable Driver Blocklist feature to Windows Defender on Windows 10, Windows 11, and Windows Server 2016 or newer releases. This feature is aimed at helping IT Pros to protect users against malicious and exploitable drivers.

Microsoft Vice President of OS Security and Enterprise David Weston tweeted about the new Windows security option on March 27.  The feature will be enabled by default on Windows 10 in S Mode, as well as on devices that have the Memory Integrity Core Isolation feature, which relies on virtualization-based security. (This Core Isolation Memory Integrity feature also is known as Hypervisor-protected Code Integrity or HVCI). More details are available in this Microsoft article about recommended driver block rules. This blocking feature will rely on a list of blocked drivers maintained by Microsoft in conjunction with OEM partners. As explained on ghacks.net, the reason these drivers may be marked as blocked is they are known security vulnerabilities that can be exploited to elevate Windows kernel privileges; they act as malware or certificates used to sign malware, or they exhibit behaviors that circumvent the Windows Security Model and can be used to elevate Windows kernel privileges.I’ve asked Microsoft whether this new driver-blocking feature will be available on all versions of Windows 10 and 11 and when it will be fully deployed. No word back so far.In other security-related news, Microsoft announced plans for a new U.S. Government cloud environment — Office 365 Government Secret — on March 28. Currently in government review, this new Secret cloud is designed for the U.S. Federal Civilian, Department of Defense (DoD), Intelligence Community (IC), and U.S. Government partners working within Secret environments with Microsoft’s Software as a Service (SaaS) capabilities for all data classifications. The Office 365 Government Secret cloud environment is built on Microsoft’s Azure Government classified environments.  More

Okta has admitted it “made a mistake” by not telling customers sooner about a security breach in January, in which hackers were able to access the laptop of a third-party customer support engineer.The Lapsus$ hacking group published screenshots of Okta’s systems on March 22, taken from the laptop of a Sitel customer support engineer which the hackers had remote access to on January 20. “We want to acknowledge that we made a mistake. Sitel is our service provider for which we are ultimately responsible. In January, we did not know the extent of the Sitel issue – only that we detected and prevented an account takeover attempt and that Sitel had retained a third party forensic firm to investigate. At that time, we didn’t recognize that there was a risk to Okta and our customers. We should have more actively and forcefully compelled information from Sitel,” Okta said in an FAQ it published on Friday, under the heading ‘Why didn’t Okta notify customers in January?’.On January 20, Okta said, it saw an attempt to directly access the Okta network using a Sitel employee’s Okta account, which was detected and blocked by Okta, which then notified Sitel. Outside of that attempted access, there was no other evidence of suspicious activity in Okta systems, it said.Okta is an important enterprise access management software vendor. It said that only 366 customers, about 2.5% of its customers, were affected. However there have been questions as to why customers did not know about the incident sooner. In its FAQ Okta said: “In light of the evidence that we have gathered in the last week, it is clear that we would have made a different decision if we had been in possession of all of the facts that we have today.”The company has provided a detailed timeline of events from January 20 — when it received an alert that a new factor was added to a Sitel employee’s Okta account — to March 22 — the date Lapsus$ published the screenshots it grabbed. Sitel hired an unnamed forensic company to investigate the breach on January 21, which concluded it on February 28. The forensic report to Sitel is dated March 10 and Okta received a summary of that report on March 17, according to Okta’s timeline. After the screenshots were published Okta’s chief security officer David Bradbury said he was “greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report.”   More

The average ransom demand made following a ransomware attack has risen to $2.2 million as cyber criminals are becoming bolder and have a bigger impact on the businesses they’re targeting. The amount ransomware attackers are demanding has more than doubled since 2020, when the average ransom demand for a decryption key stood at $900,000, The figures comes from cybersecurity researchers at Palo Alto Networks, who analyzed ransomware incident response cases they were involved in during 2021. While the final ransom payments are often much less than the initial ransom demands, they’ve also risen significantly in reason years. During 2020, the average ransom paid was just over $300,000, which rose to $541,000 in 2021.  Analysis of incidents suggests that for those businesses which paid a ransom when the attackers initially demanded over $3 million, the average amount paid was 43% of the ransom demand – but some cyber criminals managed to blackmail victims into paying almost the full amount they first asked for. SEE: What is ransomware? Everything you need to know about one of the biggest menaces on the webFor example, researchers cite an incident by the BlackCat ransomware gang which saw cyber criminals demand a payment of $9 million for a decryption key and walking away $8.5 million. Sometimes ransomware attackers get much less than they demand; in one case, cyber criminals behind a Suncrypt ransomware attack made a ransom demand of $12 million, only to get paid just $200,000 – 1.67% of their ransom demand. The overall trend of the rise in ransom demands and rise in ransom payments shows that ransomware is working, as cyber criminals can make millions of dollars from a single victim who gives into the extortion demands.  Despite warnings not to pay because it only encourages further ransomware attacks, the Unit 42 report suggests that 58% of organisations hit by a ransomware attack opt to pay the ransom. But even if the ransom is paid, that isn’t necessarily the end of their troubles – researchers say 14% of organisations paid cyber criminals more than once.  The network being down because of encrypted files and servers is disruptive enough, but one of the reasons so many victims are giving into ransom demands is because of the rise of double extortion attacks. In order to carry out a ransomware attack, hackers enter the network, providing them with access to sensitive files and data. Many cyber criminals use this as extra leverage, copying the data before it’s encrypted and threatening to publish it if the ransom isn’t paid – and in many cases, it’s working. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)   “Cyber criminals are doubling down by finding additional ways to extort victims in conjunction with ransomware,” said Ryan Olson VP of threat intelligence at Unit 42 for Palo Alto Networks. “In 2021, ransomware gangs took these tactics to a new level, popularizing multi-extortion techniques designed to heighten the cost and immediacy of the threat,” he added. But this hasn’t just involved threats to publish stolen data – in some cases cyber criminals are adding other extortion tactics including the threat of DDoS attacks, or even harassing employees of the victim organisation over the phone. Ransomware continues to be one of the most significant cybersecurity threats facing businesses and the wider world today, but there are ways in which businesses can help protect themselves from falling victim to attacks. Many ransomware attacks begin with hackers exploiting unpatched cybersecurity vulnerabilities or remote desktop protocol (RDP) logins.  Information security teams should therefore ensure that security patches for known vulnerabilities are applied as quickly as possible and that login credentials are protected with multi-factor authentication in order to help defend against attacks. Any passwords which are suspected of being leaked or stolen should be changed. It’s also vital for IT departments to understand and monitor the network, as this can help them identify potentially malicious behaviour before cyber criminals trigger a full-blown ransomware attack. MORE ON CYBERSECURITY More

An Estonian man connected to multimillion dollar ransomware attacks has received a 5-and-a-half-year jail sentence for his involvement in online fraud schemes.The US Department of Justice says Maksim Berezan, a 37-year-old from Estonia, took part in at least 13 ransomware attacks, including seven against American businesses, which cost victims over $53 million in losses. Berezan was an active member of an online forum designed for Russian-speaking cybercriminals to gather and exchange their criminal knowledge, tools, and services, the DoJ said.Berezan was arrested in Latvia in November 2020 and extradited to the US where he pleaded guilty in April 2021 to conspiracy to commit wire fraud affecting a financial institution and conspiracy to commit access device fraud and computer intrusions. Following his arrest, police searched Berezan investigated his computers and found evidence of his involvement in ransomware attacks, with $11 million in ransom payments flowing through cryptocurrency wallets he owned. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)   According to court documents, he used the money made from cyber crime to buy two Porsches and a Ducati motorcycle, along with an assortment of jewelry. Authorities confiscated $200,000 in cash from Berezan’s home, along with cryptocurrency wallets holding $1.7 million in Bitcoin. The Eastern District of Virginia sentenced Berezan to 66 months in prison and he’s been ordered to pay $36 million in restitution. “Ransomware thieves are not safe in any dark corner of the internet in which they may think they can hide from our highly trained investigators and law enforcement partners worldwide,” said special agent in charge Matthew Stohler of the US Secret Service. “Together with our critical partners we are dedicated to protecting the public and securing every iteration of our money and every part of our national financial infrastructure.” The US Department of Justice worked with the Latvian State Police and Estonian Police to help obtain the conviction. “Cybercrime has become increasingly more sophisticated, but so have our methods for combatting it,” said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia.  “Ransomware attacks are devastating to people and organizations alike, and we have honed our strategies and techniques to target both the individual actors who perpetrate these attacks and the networks that support them,” she added.MORE ON CYBERSECURITY More

Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor had published at least 200 malicious Node Package Manager (npm) packages. The team said that the repositories were first detected on March 21 and grew rapidly, with each npm package deliberately named to mimic legitimate software. 

An automated script targeted scopes used by Microsoft Azure developers, including @azure, @azure-rest, @azure-tests, and more, in the npm software registry. On Monday, Checkmarx researchers Aviad Gershon and Jossef Harush said the Supply Chain Security (SCS) team has also been tracking these activities and have recorded over 600 malicious packages published over five days, bringing the total to over 700. To try and keep the attacks under the radar, the miscreant responsible has been using unique user accounts. “This is uncommon for the automated attacks we see; usually, attackers create a single user and burst their attacks over it,” Checkmarx says. “From this behavior, we can conclude that the attacker built an automation process from end to end, including registering users and passing the OTP challenges.”According to Checkmarx, the attacker’s “factory” is developing malicious npm packages relying on type dependency confusion to dupe developers and steal their data successfully.As previously noted by JFrog, the attack method relies on typosquatting and names that mimic trustworthy packages, often removing the “scope” part of a package name to look legitimate. The command-and-control (C2) server used to manage the overall infrastructure of the attack wave, “rt11[.]ml,” is also the recipient address for the stolen information to be sent. The C2 appears to be running Interactsh, an open source tool written in the Go programming language for data extraction. Checkmarx set up its own domain and server, complete with an Interactsh client, to better understand the attacker’s method. A script was then written that opens NPM accounts upon request, using the web testing software SeleniumLibrary. The script can randomly generate usernames and email addresses under the test domain and automatically initiates the sign-up process. This is where Interactsh comes in. To bypass the One-Time Password (OTP) verification check used by NPM, Interactsh automatically extracts the OTP and sends it back to the sign-up form, allowing the account creation request to succeed. The team then adhered to the attacker’s method by creating a template npm package and a script able to communicate with NPM utilities in the ‘login’ and ‘publish’ stages. “It is worth mentioning that once the user account is open, it is possible to configure it in a way that does not require OTP in order to publish a package,” the researchers said. “This could be done using an authentication token and configuring it to work without 2FA. We presume that this is the way attackers who published bursts of malicious packages were able to automate their process without setting up the described mechanism.”Checkmarx, as well as JFrog, have reported the malicious packages to the NPM security team. In addition, the company providing the C2 server has been notified. “By distributing the packages across multiple usernames, the attacker makes it harder for defenders to take them all down with “one stroke,” Checkmarx noted. “By that, of course, making the chances of infection higher. Just to make it clear, the building blocks required for creating single (OTP verified) user[s] per package is no trivial task.”In February, JFrog found 25 malicious npm packages containing Discord token stealers. Many of these packages mimicked colors.js, open source software for using colored text on node.js — before its creator sabotaged the package. See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The US Cybersecurity and Infrastructure Security Agency (CISA) has told federal agencies to patch 66 new security bugs based on evidence of active exploitation. These new 66 bugs join a growing list of bugs in the Known Exploited Vulnerabilities Catalog that covers technology typically used in enterprises, such as network security appliances. 

ZDNet Recommends

Federal agencies have been given until April 15, 2022 to apply this batch of patches under the Binding Operational Directive aimed at reducing the significant risk of known exploited vulnerabilities. SEE: There’s a critical shortage of women in cybersecurity, and we need to do something about itThe 66 bugs include recent and older flaws in networking kit and security appliances from D-Link, Cisco, Netgear, Citrix, Kuiper, Palo Alto, Sophos, Zyxel, plus enterprise software from Oracle, OpenBSD, VMware and others, as well as multiple Windows bugs.Among the bugs are one affecting Watch Guard’s Firefox and XTM appliances (CVE-2022-26318), one impacting Mitel’s MiCollab, MiVoice Business Express Access Control Vulnerability (CVE-2022-26143), and the Windows Print Spooler Elevation of Privilege Vulnerability (CVE-2022-21999). The Mitel bug was being exploited for the TP240PhoneHome DDoS attack, which was capable of an amplification ratio of 4,294,967,296 to 1. It was observed being exploited in February and March. CISA last month gave agencies two weeks to fix a whopping 95 bugs. Again some were newly exploited while others have had patches available for several years. So, it looks like admins at federal agencies will have yet another busy few weeks finding and then patching systems. As part of its Shields Up initiative, CISA and the White House are encouraging all US organizations to step up patch and check multi-factor authentication configurations due to an increased threat from cyberattacks being directed at them by Russia. More