Information Technology

In the five years since I first explored the potential impact of a Digital Cold War on the IT industry, tensions with Russia have gotten worse, especially following a series of cyberattacks on systems in the United States. These include Russia’s involvement in the SolarWinds breach, as well as its interference with the 2016 US presidential elections via attacks on the Democratic National Committee infrastructure and the purchasing of tens of millions of ads on Facebook in an attempt to sow discontent among US voters.Under Vladimir Putin’s leadership, the nation has focused on international cybersecurity concerns for many years.

Ukraine Crisis

Ukraine invasionUnder the pretext of “Peacekeeping operations,” Russia has now initiated a full-scale invasion of Ukraine. Presumably, Russia also has been responsible for recent cyberattacks on Ukrainian banks.In response, the United States, NATO nations, and allied countries have imposed numerous economic sanctions on Russia, including blocking its two state-owned banks from debt trading on US and European markets and freezing their assets under US jurisdictions, as well as freezing the assets of the country’s wealthiest citizens. Germany has halted its plans on Russia’s Nord Stream 2 Gas Pipeline. Further wide-ranging sanctions are expected as Russia continues its assault on Ukraine.On February the 23rd, President Biden condemned the military action and said, “President Putin has chosen a premeditated war that will bring a catastrophic loss of life and human suffering. Russia alone is responsible for the death and destruction this attack will bring, and the United States and its Allies and partners will respond in a united and decisive way. The world will hold Russia accountable.”The economic impacts of this conflict will likely be significant, including a halt on Russian oil and natural gas exports to Western Europe and, presumably, the denial of civil and commercial air transit to Asia through Russian airspace. Although the United States, unlike Europe, is not a major consumer of Russian energy exports, it would be simplistic to say that Russia has no impact on US business at all.An extended conflict with Russia — coupled with the imposition of wide-ranging sanctions — will have a tangible impact on the global technology industry.Russian tech firms are now ‘technologia non grata’ within enterprises in Western nationsLet’s start with Russian software companies themselves.

ZDNet Recommends

Many of these have significant market share and widespread use within US corporations. Some of these were founded in Russia, while others are headquartered elsewhere but maintain a significant amount of their development presence within Russia and other parts of Eastern Europe. UK-incorporated Kaspersky Lab, for example, is a major and well-established player in the antivirus/antimalware space. It maintains its international headquarters, and has substantial research and development capabilities in Russia, even though its primary R&D center was moved to Israel in 2017.It’s also thought that Eugene Kaspersky, the company’s founder, has strong personal ties to the Putin-controlled government. Kaspersky has repeatedly denied these allegations, but questions about the man and his company remain and will be further scrutinized, particularly as the conflict develops.In the past, evidence emerged that Kaspersky’s software was involved in compromising the security of a contract employee of the United States National Security Agency in 2015. Kaspersky Lab insists that, to the contrary, the evidence supporting this has not been properly established and has produced an internal audit of the findings.NGINX Inc is the support and consulting arm of an open source reverse proxy web server project that is very popular with some of the most high-volume internet services on the planet. The company is of Russian origin but was sold to F5 Networks in 2019. The founder of the company, Igor Sysoev, announced his departure in January of this year.Parallels, Inc., which Corel acquired in 2018, focuses extensively on virtualization technology. Their Parallels Desktop is one of the most popular solutions for Windows virtualization on the Mac. Historically, their primary development labs were in Moscow and Novosibirsk, Russia. The company was founded by a Russian, Serguei Beloussov (who became a Singaporean citizen in 2001), and has many persons of Russian origin as key developers and executives. Two of their products, Virtuozzo and Plesk, were spun off as their own companies in 2017. Parallels’ Odin, a complex management stack for billing and provisioning automation used by service providers and private clouds running on VMware’s virtual infrastructure stack and Microsoft’s Azure, was sold to Ingram Micro in 2015. It is unknown how much Russian code is in these systems. Acronis, like Parallels, is another company founded by Serguei Beloussov. After founding Parallels in 1999, and being involved with both companies for some time, he became CEO of Acronis in May of 2013. The company specializes in cybersecurity products for end-to-end device protection, and in the past, has had bare-metal systems imaging, systems deployment, and storage management products for Microsoft Windows and Linux. The company maintains its global headquarters in Singapore. However, it has substantial R&D operations in Eastern Europe in addition to operations in Israel, Singapore, and the US.

Special feature

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

Veeam Software founded by Russian-born Ratmir Timashev concentrates on enterprise backup solutions for VMware and Microsoft public and private cloud stacks. Like Parallels and Acronis, it is also multinational. For many years, it had much of its R&D based out of St. Petersburg, Russia. It was purchased by Insight Partners in 2020 and installed a new management team. However, it has yet to be determined how much Russian legacy code is in its products or continues to be contributed to them.These are only just a few examples. Numerous Russian software firms generate billions of dollars of revenue that have products and services that have significant enterprise penetration in the United States, EMEA, and Asia. There are also many smaller ones that perform niche or specialized services, such as subcontracting.It should also be noted that many mobile apps — including entertainment software for iOS, Android, Windows — also originate in  Russia.Russian services firms will also be impactedMany global technology giants in the software and services industries have used Russian and Eastern European developers in the past because of their high-quality and value-priced work compared to their US and Western Europe-based counterparts. And many have invested hundreds of millions of dollars in having a developer as well as reseller channel presence in Russia. World governments do not need to levy Iran-style isolationist sanctions against Russia for a snowball effect to start within US corporations that use Russian software or services.The escalation into full-blown conflict in Ukraine will make C-seats within global enterprises extremely concerned about using software that originates from Russia or has been produced by Russian nationals. The most conservative companies will probably “rip and replace” most off-the-shelf stuff and go with other solutions, preferably American ones.The Russian mobile apps? BYOD mobile device management (MDM) policies will wall them off from being installed on any device that can access a corporate network. And if sanctions are put in place by world governments, we can expect them to disappear entirely from the mobile device stores.Countless games and apps originating from Russia could be no more when actual sanctions on that industry are implemented.But C-seats aren’t going to wait for governments to ban Russian software. If there is any lack of confidence in a vendor’s trustworthiness, or if there is any concern that their customer loyalty can be swapped out or influenced by the Putin regime and used to compromise their own systems,  be assured that software of Russian origin will disappear very quickly from enterprise IT infrastructure.Contractor visas will certainly be canceled en-masse or will not be renewed for Russian nationals performing work for large corporations. You can count on it.Any vendor that is being considered for a large software contract with a US company is going to undergo significant scrutiny and will be asked if any of their product involved Russian developers. If it doesn’t pass the most basic audits and sniff tests, they can just forget about doing business in this country.So if a vendor does have a prominent Russian developer headcount, they will have to pack up shop and move those labs back to the US or country that is better aligned with US interests — as we have seen with the companies listed above. This goes especially for anybody wanting to do federal contract work.Then there is the issue of custom code produced by outsourced firms. That gets a lot trickier.Obviously, there’s the question of how recent the code is and whether or not there are suitable methods in place to audit it. We can expect that there will be services products offered shortly by the US and Western European IT firms to pour through vast amounts of custom code so that they can be sure Russian nationals leave behind no backdoor compromises under the influence of the Putin regime.If you thought your Y2K mitigation was expensive, wait until your enterprise experiences the Russian Purge.I don’t have to tell any of you just how expensive a proposition this is. The wealthiest corporations, sensing a huge risk to security and customer confidence, will address this as quickly as possible and swallow the bitter pill of costly audits.But many companies may not have the immediate funds to do it. They will try their best to mitigate the risk on their own, and compromised code may sit around for years until major system migrations occur and the old code gets (hopefully) flushed out.We will almost certainly be dealing with Russian cyberattacks from within the walls of our own companies for years to come, from software initially developed under the auspices of having access to relatively cheap and highly-skilled strategically outsourced programmer talent.Will Russian software and services become the first victim in a Digital War? Talk Back and Let Me Know. More

Darktrace has acquired Cybersprint in a deal worth €47.5 million. 

The acquisition was announced on Wednesday. Under the terms of the agreement, Darktrace will pay €47.5 million ($53.7m), 75% of which will be handed over in cash, and 25% will be transferred through equity. According to the British cybersecurity firm, the agreed purchase price is roughly 12.5 times Cybersprint’s annual recurring revenue (ARR).  Located in the Netherlands, Cybersprint aims to “improve digital security around the globe” through the development of the Attack Surface Management platform, which leverages artificial intelligence (AI) and machine learning (ML) algorithms to automatically scan, map, and correlate business assets, as well as identify any weaknesses, vulnerabilities, and blind spots that external threats could take advantage of.  Cybersprint says the platform provides an “outside-in perspective, similarly to how hackers see your brand.” Darktrace considers Cybersprint technologies as potentially “enriching” resources able to augment the capabilities of the Darktrace Detect and Respond product line.  Darktrace solutions are based on ML algorithms designed to make calculations through real-world data feeds. Cybersprint’s platform will be integrated as a new module in Prevent and will be used to generate data for the Darktrace cross-domain Attack Path Modeling security suite. According to Darktrace, the acquisition will “accelerate the company’s market entry into new areas like proactive AI cybersecurity.” In addition, the cybersecurity firm will secure Cybersprint’s research & development center in The Hague. Darktrace already operates a separate R&D team in Cambridge, England.  Darktrace aims to complete the deal in March 2022. The purchase is not expected to materially impact Darktrace’s 2022 financial results.  “I’m very excited about this fantastic step in the journey of Cybersprint,” commented Pieter Jansen, CEO of Cybersprint. “When we began conversations with Darktrace, we felt an instant connection on vision, culture, and technology. That’s why we are looking forward to joining Darktrace and working together to accelerate state-of-the-art innovations to make organizations more cyber secure.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Asia was the most targeted region last year, accounting for one in four cybersecurity attacks launched worldwide. Japan, Australia, and India experienced the most incidents in the region, where server access and ransomware were amongst the most popular forms of attacks.Financial services and manufacturing organisations also bore the brunt of attacks in Asia, taking on almost 60% of such incidents, according to IBM’s annual X-Force Threat Intelligence Index. IBM Security monitors 150 billion security events daily across more than 130 countries, pulling from data sources such as network and endpoint detection devices, incident response engagements, and phishing kit tracking. Finance and insurance companies, in particular, took on 30% of attacks IBM was able to remediate. Manufacturing organisations bore 29% of attacks in the region, followed by professional and business services at 13% and the transport sector at 10%.

Asia took on 26% of cybersecurity attacks IBM observed globally. Japan, in particular, saw significant activities that the tech vendor attributed to the Summer Olympic Games, which were held in Tokyo last July. Europe and North America received 24% and 23%, respectively, of attacks launched last year, while the Middle East and Africa took on 14% and Latin America received 13%.  In Asia, server access attacks and ransomware were the top two forms of attacks last year, accounting for 20% and 11%, respectively, of all incidents. Data theft came in third at 10%, while remote access trojans and adware each accounted for 9% of attacks. The high portion of server access attacks might point to Asian organisations’ ability to identify such attacks quickly before they escalated to more critical forms of attacks, IBM noted. It added that REvil accounted for 33% of ransomware attacks in Asia, with others such as Bitlocker, Nefilim, MedusaLocker, and Ragnar Locker also surfacing last year.Hackers also looked to exploit vulnerabilities and tapped phishing as a way to breach businesses in Asia, with both tied as the top infection vectors contributing to 43% of attacks. Brute force was used in 7% of attacks while another 7% of hackers used stolen credentials to gain initial access to networks.  Worldwide, IBM said there was a 33% climb in attacks brought about by vulnerability exploitation of unpatched software. This led to 44% of ransomware attacks carried out last year. Unpatched vulnerabilities in manufacturing companies, specifically, resulted in 47% of attacks. This vertical experienced the most attacks last year, taking on 23% of the overall global count. Financial services and insurance previously had been the most targeted industry, according to IBM. “Experiencing more ransomware attacks than any other industry, attackers wagered on the ripple effect that disruption on manufacturing organisations would cause their downstream supply chains to pressure them into paying the ransom,” the report noted. It stressed the need for enterprises to prioritise vulnerability management to mitigate security risks. Unpatched vulnerabilities led to half of attacks in Asia, Europe, and MEA last year. According to IBM, ransomware remained the top attack method in 2021. In addition, the average lifespan of a ransomware group before it shuttered or rebranded was estimated to be 17 months. The report pointed to REvil, which was responsible for 37% of all ransomware attacks in 2021 and had operated for four years through various rebrands. This suggested the likelihood it had resurfaced despite its takedown in an operation involving multiple governments in mid-2021.Hackers also had their eyes on cloud environments. The number of new Linux ransomware code climbed 146% last year alongside a shift in target focus towards Docker containers. These activities could make it easier for more threat actors to tap cloud platforms for malicious purposes, IBM warned. RELATED COVERAGE More

Cybersecurity giant Fortinet found that Log4j had nearly 50 times the activity volume compared to ProxyLogon based on peak 10-day average volume in the second half of 2021. The finding was part of the company’s FortiGuard Labs Global Threat Landscape Report released this week. The Fortinet report also spotlighted attacks on Linux systems, many of which come in the form of executable and linkable format (ELF) binaries.”The rate of new Linux malware signatures in Q4 quadrupled that of Q1 2021 with ELF variant Muhstik, RedXOR malware, and even Log4j being examples of threats targeting Linux. The prevalence of ELF and other Linux malware detections doubled during 2021,” the report explained. “This growth in variants and volume suggests that Linux malware is increasingly part of adversaries’ arsenal.”
Fortinet
Threat actors are also evolving their use of botnets beyond DDoS attacks. Instead of being “primarily monolithic,” Fortinet said botnets “are now multipurpose attack vehicles leveraging a variety of more sophisticated attack techniques, including ransomware.” “For example, threat actors, including operators of botnets like Mirai, integrated exploits for the Log4j vulnerability into their attack kits. Also, botnet activity was tracked associated with a new variant of the RedXOR malware, which targets Linux systems for data exfiltration. Detections of botnets delivering a variant of RedLine Stealer malware also surged in early October morphing to find new targets using a COVID-themed file,” the report said. The report went into detail about how cyberattackers are maximizing attack vectors associated with remote work and learning. Fortinet saw an explosion in various forms of browser-based malware that appeared in the form of phishing lures as well as scripts that inject code or redirect users to malicious sites.

more Log4j

The researchers split the distribution mechanisms into three broad categories: Microsoft Office executables (MSExcel/, MSOffice/), PDF files, and browser scripts (HTML/, JS/).”Such techniques continue to be a popular way for cybercriminals to exploit people’s desire for the latest news about the pandemic, politics, sports, or other headlines, and to then find entryways back to corporate networks. With hybrid work and learning remaining a reality, there are fewer layers of protection between malware and would-be victims,” Fortinet said. When it comes to ransomware Fortinet said it continues to see a mix of new and old ransomware strains used in attacks.FortiGuard Labs said it “observed a consistent level of malicious activity involving multiple ransomware strains, including new versions of Phobos, Yanluowang and BlackMatter.” Researchers with Fortinet noted that the Log4j vulnerabilities and others were one example of how quickly cybercriminals and nation states move in exploiting widespread flaws. Derek Manky, chief of security insights and global threat alliances at FortiGuard Labs, said new and evolving attack techniques span the entire kill chain but especially in the weaponization phase, showing an evolution to a more advanced persistent cybercrime strategy that is more destructive and unpredictable.  More

Cloudflare announced on Wednesday that it is acquiring cybersecurity firm Area 1 Security for approximately $162 million. Area 1 Security has a cloud-native platform built to work alongside email programs to stop phishing attacks.Cloudflare said 40-50% of the $162 million price tag is payable in shares of Cloudflare’s Class A common stock. The acquisition will close in Q2. 

Area 1 Security claims to have blocked more than 40 million “malicious phishing campaigns spanning business email compromise, malware, ransomware, and other advanced threats.” “Email is the largest cyber attack vector on the Internet, which makes integrated email security critical to any true Zero Trust network. That’s why today we’re welcoming Area 1 Security to help make Cloudflare’s platform the clear leader in Zero Trust,” said Matthew Prince, CEO of Cloudflare. “To us, the future of Zero Trust includes an integrated, one-click approach to securing all of an organization’s applications, including its most ubiquitous cloud application, email. Together, we expect we’ll be delivering the fastest, most effective, and most reliable email security on the market.”Area 1 Security CEO Patrick Sweeney added that by combining their phishing protection and threat intelligence capabilities with Cloudflare’s global network, data capabilities, and Zero Trust platform, they can help companies of any size better secure their entire network infrastructure.”Today, email is a business’ most-used cloud application. It’s unfortunately unprotected. We estimate that more than 90% of cyber security damages are the result of just one thing: phishing,” Sweeney said.Cloudflare recently launched an Advanced Email Security Suite as its first foray into email security in 2021. The company said Area 1 Security’s highly scalable technology and years of experience in email protection would enhance Cloudflare’s global networkIn a blog post, Cloudflare explained that they are constantly being attacked. “We have been using Area 1 for sometime to protect our employees from these attackers. In early 2020, our security team saw an uptick in employee-reported phishing attempts. Our cloud-based email provider had strong spam filtering, but fell short at blocking malicious threats and other advanced attacks. Additionally, our provider only offered controls to cover their native web application, and did not provide sufficient controls to protect their iOS app and alternate methods of accessing email,” Cloudflare said. “Clearly, we needed to layer an email security solution on top of their built-in protection capabilities.The team looked for four main things in a vendor: the ability to scan email attachments, the ability to analyze suspected malicious links, business email compromise protection, and strongAPIs into cloud-native email providers. After testing many vendors, Area 1 became the clear choice to protect our employees. We implemented Area 1’s solution in early 2020, and the results have been fantastic.” They went on to say that Area 1 helped them proactively identify phishing campaigns and contributed to a “significant and prolonged drop in phishing emails.”Area 1 has worked in the email security space for nine years and has a significant trove of threat intelligence data. “Area 1’s technology was so effective at launch, that our CEO reached out to our ChiefSecurity Officer to inquire if our email security was broken. Our CEO hadn’t seen any phishing attempts reported by our employees for many weeks, a rare occurrence. It turns out our employees weren’t reporting any phishing attempts, because Area 1 was catching all phishing attempts before they reached our employee’s inboxes,” the company added. 

Tech Earnings More

Ukraine’s State Service of Special Communications and Information Protection said a number of government websites and banks are dealing with a “massive DDoS attack” as the country prepares for a potential invasion by Russian-backed forces.   The websites for the Ministry of Foreign Affairs, Ministry of Defense, Ministry of Internal Affairs, Security Service (SBU) and Cabinet of Ministers all faced outages confirmed both by the State Service of Special Communications and Information Protection and Netblocks, an organization tracking internet outages around the world. 

⚠️ Confirmed: #Ukraine’s Ministry of Foreign Affairs, Ministry of Defense, Ministry of Internal Affairs, the Security Service of Ukraine and Cabinet of Ministers websites have just been impacted by network disruptions; the incident appears consistent with recent DDOS attacks 📉 pic.twitter.com/EVyy7mzZRr— NetBlocks (@netblocks) February 23, 2022

PrivatBank, the largest commercial bank in Ukraine, and Oschadbank, the State Savings Bank of Ukraine, both dealt with outages too. Cloudflare told ZDNet that they have seen sporadic DDoS activity in Ukraine. “We’ve seen more DDoS activity this week than last week, but less than a month ago. There have been attacks against individual websites in Ukraine which have been disruptive,” a Cloudflare spokesperson said. “So far they have been relatively modest compared to large DDoS attacks we’ve handled in the past.”A screenshot of the message left on the Privatbank website. 
Netblocks
“Today, websites of a number of government and banking institutions have undergone a massive DDoS attack again. Some of the attacked information systems are not available or work intermittently. This is due to switching traffic to another provider to minimize damage. Other websites effectively resist the attack and work normally,” the Service of Special Communications and Information Protection said in a statement. “Currently, the State Service of Special Communications and Information Protection of Ukraine and other subjects of the national cybersecurity system are working on countering the attacks, collecting and analyzing information. We ask all authorities that have been attacked or are suspected to have been attacked to contact the Government Computer Emergency Response Team CERT-UA.”Later in the day, researchers at ESET discovered a new data wiper malware used in Ukraine. ESET telemetry allegedly showed that the wiper was installed on hundreds of machines.”The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step the wiper reboots the computer,” ESET said.”In one of the targeted organizations, the wiper was dropped via the default (domain policy) GPO meaning that attackers had likely taken control of the Active Directory server.”

As many have noted online, the attack began around 4pm local time, right as Ukraine’s parliament began to discuss a state of emergency declaration. The 30-day state of emergency was approved by the Ukrainian government as both US and NATO warned that a Russian invasion is likely. Russian forces moved into eastern parts of the country over the last two days. Ukrainian journalists reported that Ruslan Stefanchuk, the chairman of parliament, said he and his family were repeatedly hit with cyberattacks. Hackers allegedly attempted to get into their email accounts, block access to their bank accounts and more, according to Kyiv Independent reporter Anastasiia Lapatina. Many of the same websites were attacked last week in a series of DDoS incidents that the US attributed to Russia. The UK Foreign, Commonwealth & Development Office added that the Russian Main Intelligence Directorate (GRU) was involved in the attack. US Deputy National Security Advisor for Cyber Anne Neuberger told the press that they have technical information showing that “GRU infrastructure was seen transmitting high volumes of communication to Ukraine-based IP addresses and domains.”In a detailed breakdown of that DDoS incident, CERT-UA said the attacks involved both the Mirai and Meris botnets and included a supplementary SMS disinformation message campaign. That attack followed the defacement of more than 70 Ukrainian government websites in January. Christian Sorensen, former leader of the international cyber warfare team at US CYBERCOM, said these attacks are designed to ratchet up attention and pressure. “It doesn’t sound like much impact yet. In the coming hours/days, I would anticipate more activities to isolate and disrupt Ukrainian citizens and especially government activities,” said Sorensen, who is now CEO of cybersecurity firm SightGain. “The purpose at this stage is to cause chaos and seed doubt in the government and economy. Next stage will be impactful and continue deterrence for other countries to get involved.” More

Hackers linked to the Russian military are exploiting security vulnerabilities in firewalls to compromise network and infect them with malware, allowing them to remotely gain access. An alert by the UK National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) has detailed the new malware, Cyclops Blink, attributing it to Sandworm, an offensive hacking operation they’ve previously linked to Russia’s GRU.Analysis by the NCSC describes Cyclops Blink as a “a highly sophisticated piece of malware” which has been “professionally developed”.Cyclops Blink appears to be a replacement for VPNFilter, malware which was used by state-linked Russian hacking groups in widespread attacks used to compromise network devices, predominantly routers, in order to access networks.According to the NCSC, CISA, FBI and NSA, Cyclops Blink has been active since at least June 2019, and like VPNFilter before it, the targeting is described as “indiscriminate and widespread” with the ability to gain persistent remote access to networks.It can also upload and download files from infected machines and it’s modular, allowing new functionality to be added to malware which is already running. SEE: Cybersecurity: Let’s get tactical (ZDNet special report)The cyber attacks are primarily focused on WatchGuard firewall devices, but the agencies warned that Sandworm is capable of re-purposing the malware to spread it via other architectures and firmware. Cyclops Blink persists on reboot and throughout the legitimate firmware update process. It targets WatchGuard devices that were reconfigured from the manufacturer default settings to open remote management interfaces to external access.An infection doesn’t mean the organisation is the primary target, but it’s possible that infected machines could be used to conduct additional attacks. The NCSC urges affected organisation to take steps to remove the malware, which have been detailed by WatchGuard. “Working closely with the FBI, CISA, DOJ, and UK NCSC., WatchGuard has investigated and developed a remediation for Cyclops Blink, a sophisticated state-sponsored botnet, that may have affected a limited number of WatchGuard firewall appliances,” said a WatchGuard statement. “WatchGuard customers and partners can eliminate the potential threat posed by malicious activity from the botnet by immediately enacting WatchGuard’s 4-Step Cyclops Blink Diagnosis and Remediation Plan,” it added. The NCSC warned that any passwords present on a device infected by Cyclops Blink should be assumed to be compromised and should be changed.Other advice about protecting networks from cyber attacks includes avoiding the exposure of management interfaces of network devices to the internet, keeping devices up to date with the latest security patches and using multi-factor authentication.  The NCSC notes that the advisory is not directly linked to the current situation in Ukraine.MORE ON CYBERSECURITY More

There are few scenarios more distressing than losing access to your bank account. One of these is losing the keys to your digital wallet. In order to alleviate that fear among crypto users, Toronto-based internet security company 1Password announced today that it is teaming up with crypto wallet Phantom to make it easier and safer for digital wallet holders to access their cryptocurrencies, NFTs and other digital assets.1Password’s first foray into the digital wallet arena is an application programming interface, or API, called Save in 1Password, which integrates with Phantom wallet so that users can protect and trade their tokens, NFTs and collectibles built on the Solana blockchain. With Save in 1Password, the company said, digital wallet holders can now save all Phantom wallet credentials and keys to 1Password without the hassle of logging on or the threat of losing access forever. “We just want to make it easier for people to protect their digital lives,” Matthew O’Leary, vice-president of partnerships at 1Password, told ZDNet.Unlike misplacing the password to an online checking account at your local bank, a password for a digital wallet – and a seed phrase used to reset a password – are the only ways to access one’s digital account. Lose them and you lose access to your digital coins and tokens; devise an easy-to-remember password and you run the risk of someone, or something, hacking into your account. Going to your bank and flashing your ID to access your digital wallet isn’t possible. The repercussions faced by losing a password specifically for your digital wallet were epitomized by San Francisco-based programmer – and early Bitcoin adopter – Stefan Thomas who, early last year, said he couldn’t remember the password to his digital wallet. As a result, he couldn’t get access to his Bitcoin wallet which had a value of [gasp] $220 million.HOW IT WORKSThe average person is expected to remember 100 passwords as they manage their digital lives, be it from bank and email accounts to social media and Netflix subscriptions. At a time when online security is paramount, people are burdened with having to create logins, passwords and two-factor authentication to access personal accounts and information. In the haste of getting online, countless many risk using the same password or the same pattern of words, numbers and symbols across accounts. “And that’s what we’re trying to guard against,” O’Leary told ZDNet. “Too many people end up reusing their password credentials.”  

Based on its 15 years of providing password and security resources, 1Password’s entrance into the crypto market is a logical step. If you or your business needs to create an account for a crypto wallet, go to

1Password’s website

, key in your credit card information, and the sign-up flow begins. The service is available on all major computing and mobile platforms.When signing up for a Solana wallet, you’re asked to store a seed phrase that is required if you get locked out of your wallet and you need to log back in. The Save in 1Password API is integrated into the wallet, so when you’re going through the sign-up flow, you will be prompted by 1Password to automatically save that seed phrase within 1Password. “So instead of writing it down or printing it off and storing it somewhere that you won’t forget, it’s going to be stored directly in 1Password,” O’Leary said. “That just brings a lot more safety and a lot more security to people who are in droves weighing into crypto.” With more than 300 million people worldwide already invested in some form of cryptocurrency – and with that number projected to swell to 1 billion by 2023 – a lot of people new to crypto won’t necessarily understand the importance of storing a seed phrase; they might assume that they can contact a service for help in recovering that phrase. “You can’t do that in the crypto world,” O’Leary noted. “So backing that up in 1Password – that was the entire purpose of this integration,” he added.According to 1Password, to utilize this new integration, users will need to use both the Phantom extension and the 1Password browser extension. More