Information Technology

Meta, formerly Facebook, has announced it has restricted access to several accounts, including some belonging to Russian state-media organisations, in Ukraine. “We have been in contact with the government of Ukraine. At their request, we have restricted access to several accounts in Ukraine, including those belonging to some Russian state media organisations,” Meta VP global affairs Nick Clegg wrote in a tweet.

Ukraine Crisis

“We are also reviewing other government requests to restrict Russian state-controlled media.” The steps taken by the social media giant are in response to Russia’s invasion of Ukraine, which began four days ago. Meta added it has also established a special operations centre staffed by “experts” from across the company, including native Russian and Ukrainian speakers, to monitor its platform and respond to misinformation issues in real time. “We have teams of native Russian and Ukrainian content reviewers to help us review potentially violating content. We’re also using technology to help us scale the work of our content review teams and to prioritise what content those teams should be spending their time on, so we can take down more violating content before it goes viral,” Meta said. Additionally, the company outlined it has introduced new security features to keep people in Ukraine safe. These include giving users the tool to lock their Facebook profile in one step, temporarily removing the ability to view and search the friends lists of Facebook accounts in Ukraine, and rolling out notifications for screenshots and activating the disappearing messages feature on Messenger. “View once media” has also been enabled on WhatsApp to allow users to send photos or videos that can vanish after being seen, as well as “disappearing mode” to automatically erase all new chats after 24 hours. Russian-state media have also been blocked from advertising and making money on its platform, the company said. “Our thoughts are with everyone affected by the war in Ukraine. We are taking extensive steps across our apps to help ensure the safety of our community and support the people who use our services — both in Ukraine and around the world,” Meta wrote in a post. Clegg also wrote on Twitter that Ukrainians have suggested that Meta remove access to Facebook and Instagram in Russia. However, he said: “People in Russia are using FB and IG to protest and organise against the war and as a source of independent information”.”The Russian government is already throttling our platform to prevent these activities. We believe turning off our services would silence important expression at a crucial time,” he said. Twitter said it has also taken similar steps, including pausing advertisements in Ukraine and Russia “to ensure critical public safety information is elevated and ads don’t detract from it”. Meanwhile, Twitch and OnlyFans have reportedly blocked all users from Russia from accessing their accounts, preventing users from being able to withdraw money earned on their respective platforms, amid tougher sanctions being introduced against Russia.  Related Coverage More

Singapore has issued an advisory note highlighting the need for local organisations to bolster their cyberdefence amidst the ongoing conflict between Ukraine and Russia. In particular, businesses should be on the lookout for possible ransomware attacks as such tactics are commonly used by threat actors. There were no immediate reports of any threats to local businesses related to the Ukraine conflict, but organisations here were urged to take “active steps” to beef up their cybersecurity posture, according to Cyber Security Agency of Singapore (CSA). The government agency noted that cyber attacks on Ukraine and developments in the conflict had fuelled warnings of increased cyber threats across the globe. Organisations in Singapore should increase their vigilance and strengthen their cyberdefences to safeguard against potential attacks, such as web defacement, distributed denial of service (DDoS), and ransomware. 

Special feature

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

In an advisory note issued Sunday, Singapore Computer Emergency Response Team (SingCERT) pointed to the need to keep watch for ransomware attacks, which were one of the most common attacks launched by threat actors. “Falling victim to such attacks will adversely impact the operations and business continuity of any organisation,” said SingCERT, which sits within CSA. It said Singapore businesses should carry out necessary steps to secure their networks and review system logs to swiftly identify potential intrusions. These should include ensuring systems and applications were patched and updated to the latest version, disabling ports that were not essential for business purposes, and adopting strong access controls when using cloud services. In addition, system events should be properly logged to facilitate investigation of suspicious issues while both inbound and outbound network traffic should be monitored for suspicious communications or data transmissions, SingCERT said. It added that organisations also should have in place incident response and business continuity plans. Any suspicious compromise of corporate networks or evidence of such incidents should be reported to SingCERT. Australian Cyber Security Centre (ACSC) this past week also issued an advisory note urging local organisations to adopt an “enhanced cybersecurity position” and boost their cybersecurity resilience in light of the heightened threat landscape. “There has been a historical pattern of cyber attacks against Ukraine that have had international consequences,” it said. “Malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities. While the ACSC is not aware of any current or specific threats to Australian organisations, adopting an enhanced cybersecurity posture and increased monitoring for threats will help to reduce the impacts to Australian organisations.”Also stressing the need for vigilance to ransomware attacks, the Australian agency advised local businesses to review and enhance detection, mitigation, and response measures. They should, amongst others, ensure logging and detection systems in their environment were fully updated and functioning and apply additional monitoring of their networks where required.The Ukraine government reportedly had sought volunteers from the nation’s hacker community to protect critical infrastructure and run cyber spying missions against Russia. Citing sources involved in the call to action, a Reuters report said requests for volunteers popped up on hacker forums on Thursday. RELATED COVERAGE More

Can technology go too far in disturbing your peace?
Getty Images
The trend is inevitable.

more Technically Incorrect

And, as with so many trends, there’s pain too.Business owners have embraced technology as the elixir that offers speed and money-saving. Which has led to their permissiveness of its invasiveness running rampant.It’s not surveillance, many insist. It’s security. Meanwhile, their customers are left wondering who’s guarding the guardians.I wafted to this subject because of a tweet by a writer and drag queen. Joe Wadlington seemed excited that there was a new boutique hotel in the Castro district of San Francisco.But then he perused the rules perpetrated by the hotel’s management company, Kasa. It insists on quiet hours between 9 pm and 8 am. One person’s quiet is another person’s having a lovely time.So one section of Kasa’s rules offers: “Kasa apartments are proactively monitored for compliance with this noise policy.”Few enjoy the concept of proactive monitoring. It smacks of proactive snooping.Yet Kasa insists: “Decibel sensors notify the Company of sounds in the Kasa that exceed 75 decibels (dB). You hereby consent to the use of sound level monitoring.”I can hear you grunting at a minimum of 72 decibels. These people have sensors to monitor your every sound level? Isn’t that excessively, well, personal?And wait, how loud is 75 decibels? The University of Michigan tells me normal human conversation scores around 60. Office noise is a 70. And an average radio or vacuum cleaner scores a 75.You may, like me, find all this perplexing. Could it be that if you play the radio after 9 pm you’ll get a warning notice? And if you do it twice, you get a $500 fine or be kicked out of the hotel? (Them’s Kasa’s rules, you see.)For those who may not have visited the Castro district, it’s the home of the gay community and is a vibrant and sometimes loud place to be. The Bold Italic pointed out that if you claim your hotel is “community powered” — as the Hotel Castro does — its “current guest policies sit as an odious dichotomy to that very sentiment.”I fear some, though, may feel torn about the general principle.For many people, one of the more painful aspects of hotel existence is the prospect of thin walls and/or noisy people in adjacent hotel rooms.How many haven’t, at least once in their lives, called the front desk to complain about excessive noise coming from another guest — or, indeed, guests?If noise is being automatically monitored by technology, is this necessarily a bad thing?Then again, can technology really assess the true impact of noise? Is this better left to human judgment? And what if the people next door rather like the noise and even knock on their neighbor’s door to see if they can partake?Of course, many hotels are tending toward resisting human intervention because they’re resisting hiring humans. Indeed, as far as I can judge, the Hotel Castro has a virtual front desk.Ergo, once you’re in the grip of technological oversight, you’ll find it in places you don’t expect.Just as guests in Airbnbs these days have to ask whether the homeowner has an active camera system installed, so perhaps hotel guests may begin to ask questions about how they might be surveilled too.Sometimes, it’s hard to get a good night’s sleep, isn’t it? Or, as Wadlington put it: “I’m….so creeped out.”

ZDNet Recommends More

Two Zabbix vulnerabilities have been added to the US Cybersecurity Infrastructure and Security Agency’s catalog of known exploited vulnerabilities. Federal civilian agencies have until March 8 to patch CVE-2022-23131 and CVE-2022-23134 — a Zabbix Frontend authentication bypass vulnerability and a Zabbix Frontend improper access control vulnerability. Zabbix is a popular open-source monitoring platform. Patches for the issues were released in December. Zabbix explained that in the case of instances “where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.””Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default),” Zabbix said. “To remediate this vulnerability, apply the updates listed in the ‘Fixed Version’ section to appropriate products or if an immediate update is not possible, follow the presented below workarounds.” Zabbix credited SonarSource’s Thomas Chauchefoin for discovering and reporting the issue. SonarSource released its own blog on the vulnerabilities where Chauchefoin goes into detail about the intricacies of the issue. He discovered it in November and noted that the initial patch proposed by Zabbix was able to be bypassed. BluBracket’s Casey Bisson explained that Zabbix is broadly used by businesses of all sizes to monitor servers and network equipment everywhere from data centers to branch offices. “A vulnerability that allows attackers past the authentication controls could give those attackers access to extensive details about the infrastructure,” Bisson said. “The details in Zabbix could reveal a map of sensitive company networks and equipment deep in company networks, including potentially vulnerable versions of software on that equipment. That information might be used to target further electronic attacks, social engineering, and spear phishing.”
CISA
Vulcan Cyber’s Mike Parkin added that Zabbix has a user base distributed worldwide, with a large portion of them in Europe, and spread across a range of verticals.  Both the National Cyber Security Center of the Netherlands and the Ukrainian Computer Emergency Response Team released notices about the issue in recent days. The Ukrainian notice says CVE-2022-23131 has a severity level of 9.1. Parkin noted that the attack surface is reduced because the target has to be in a non-default configuration, and the attacker needs to know a valid username. “Zabbix has included a workaround – disabling SAML authentication – and patches have been released, so it should be straightforward for affected organizations to mitigate this issue,” Parkin said.  More

NVIDIA has responded to reports that it was dealing with a wide-ranging cyberattack, telling ZDNet that it is in the process of investigating the cybersecurity incident. On Friday, British newspaper The Telegraph reported that the company had been facing two days of outages related to email systems and tools used by developers. “We are investigating an incident. Our business and commercial activities continue uninterrupted. We are still working to evaluate the nature and scope of the event and don’t have any additional information to share at this time,” an NVIDIA spokesperson said on Friday. The spokesperson did not respond to follow up questions about the scope of the attack and whether it was a ransomware incident. The chipmaker was recently embroiled in controversy over its attempt to purchase Arm for $40 billion. The deal fell apart earlier this month, with both sides of the deal citing “significant regulatory challenges” as the reason why. NVIDIA is the biggest chipmaker in the US and reported a revenue of $7.64 billion in the last quarter.  More

Multiple ransomware groups and members of the hacktivist collective Anonymous announced this week that they are getting involved in the military conflict between Ukraine and Russia.On Thursday, members of Anonymous announced on Twitter that they would be launching attacks against the Russian government. The hacktivists defaced some local government websites in Russia and temporarily took down others, including the website of Russian news outlet RT. The group claimed on Friday that it would leak login credentials for the Russian Ministry of Defense website.The actions came hours after Yegor Aushev, co-founder of a Kyiv-based cybersecurity company, told Reuters that he was asked by a senior Ukrainian Defense Ministry official to publish a call for help within the hacking community. Aushev said the Defense Ministry was looking for both offensive and defensive cyber actors.Anonymous was not the only group to get involved in the conflict. On Friday, ransomware groups Conti and CoomingProject published messages saying they supported the Russian government. A message posted by members of the Conti ransomware group. 
Brett Callow
Conti said it was officially announcing full support for the Russian government, writing that “if any body will decide to organize a cyberattack or any war activities against Russia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy.”Many experts interpreted the message as a response to an NBC story that came out on Thursday indicating US President Joe Biden has already been presented with several options for devastating cyberattacks on Russian infrastructure. The White House vociferously denied the report. Shortly after releasing the message, Conti revised it, softening the tone and support for the Russian government. The updated statement said Conti would use its “full capacity to deliver retaliatory measures in case the Western warmongers attempt to target critical infrastructure in Russia or any Russian-speaking region of the world.””We do not ally with any government and we condemn the ongoing war. However, since the West is known to wage its wars primarily by targeting civilians, we will use our resources in order to strike back if the well being and safety of peaceful citizens will be at stake due to American cyber aggression,” the new Conti message said.

The announcements came as Ukraine continued to face a barrage of DDoS incidents, phishing attacks and malware. CERT-UA said military personnel were being sent phishing messages and attributed the campaign to officers within the Belarus Ministry of Defense. Internet connectivity across the country continues to be intermittent, with Netblocks reporting outages in multiple cities. Experts were extremely wary of outside groups picking sides in the conflict and launching attacks on their behalf. The announcements further scared experts when NATO Secretary General Jens Stoltenberg said on Friday that “cyberattacks can trigger Article 5” of the NATO charter. Cybersecurity firm Sophos said the declarations from Conti and Anonymous “increase the risk for everyone, whether involved in this conflict or not.” “Vigilante attacks in either direction increase the fog of war and generate confusion and uncertainty for everyone,” Sophos said. Emsisoft threat analyst Brett Callow called the situation “unpredictable and volatile” but noted that Conti has made bold political claims in the past. “This is is probably just bluster too [but] it would be a mistake to assume the threat is empty. If your company hasn’t already gone Shields Up, now is the time,” Callow said. Bugcrowd CTO Casey Ellis said one of his primary concerns with recent developments is the relative difficulty of attribution in cyberattacks, as well as the possibility of incorrect attribution or even an intentional false flag operation escalating the conflict internationally. Conti’s position statement is noteworthy in light of Russia’s recent crackdowns on cybercrime and ransomware because it signals that they are either acting independently as the other groups seem to be or possibly operating with the Kremlin’s blessing, Ellis explained.Digital Shadows’ Chris Morgan noted that their data shows Conti was the second most active ransomware group in 2021 by number of victims. Morgan said they attributed several attacks against critical national infrastructure to Conti, including attacks on the healthcare sector in the United States, New Zealand and Ireland. The Irish government released a report this week saying the Conti ransomware attack that hit them last year may cost more than $100 million to recover from. “Conti’s activities have also recently been bolstered by hiring the developers of the infamous Trickbot trojan, which has also enabled them to control the development of another malware, the BazarBackdoor, which the group now use as their primary initial access tool. Conti consistently redefine and develop their working processes and should be considered a resourceful and sophisticated adversary,” Morgan said. Recorded Future expert Allan Liska told ZDNet the threat from ransomware groups deciding to retaliate is real and should be a concern. “Given what a hot mess Conti is right now, I have trouble believing they can organize an office luncheon much less a focused retaliation. That being said, we know ransomware groups have more targets than they can hit right now and we know when Ryuk decided to retaliate against the US in 2020 they were easily able to do so,” Liska said.”More broadly speaking, whether it is ransomware groups, anonymous, or Ukraine calling on ‘Cyber Patriots’ to assist Independent cyber activity is going to be part of any military action going forward. I am not saying it is a good idea, it is just the reality.”Others, like Flashpoint senior analyst Andras Toth-Czifra, said hacktivists getting involved in armed conflict is not a novel development, explaining that Anonymous has targeted governments before. But like Liska, Toth-Czifra said ransomware groups openly associating with the Russian government would be a “new and worrying development.””So far, Flashpoint analysts have not observed significant patriotic pride in illicit communities about Russia’s aggression against Ukraine, which is in line with the response of the Russian public in general. The situation is different from the emergence of “patriotic hackers” in the context of Russia’s 2008 war against Georgia: many Russian-speaking cybercriminals either live in Ukraine themselves or have Ukrainian associates or infrastructure,” Toth-Czifra explained. “But while the cyber underground has largely remained neutral so far, one shouldn’t forget that Ukraine has cooperated with Western law enforcement against ransomware gangs in recent years, which may influence the calculations of ransomware collectives. So far Flashpoint has seen another prolific ransomware gang (LockBit) suggesting that they would remain neutral.”On Friday the BBC reported on a Russian vigilante hacker group flooding Ukrainian government servers with DDoS attacks after work each day. One hacker admitted to emailing 20 bomb threats to schools, setting up an official Ukrainian government email address and hacking into the dashboard feeds of Ukrainian officials. The hacker openly boasted about the vigilante work they plan to take on in the future, which he said includes the use of ransomware. Allegro Solutions CEO Karen Walsh said the Conti declaration may also bring a measure of confusion to US companies with cyber insurance plans that have carve-outs for cyberattacks related to wars. “Depending on how the military legal experts classify Conti and any ransomware attacks perpetrated by cyber threat actors acting ‘on behalf of’ Russia, organizations may find that their cyber liability insurance doesn’t help them. In November, Lloyd’s Market Association published updates to their cyber liability policies that specifically address the war exclusion,” Walsh said.  “Notably, these changes mentioned cyber operations carried out in the course of war. As part of risk mitigation, companies should begin reviewing their cyber liability insurance exclusions and make sure that they question their carriers about their position on this issue.” More

Camera maker Axis said it is still struggling to deal with a cyberattack that hit its IT systems on February 20. In a message on its website, the Swedish camera giant said it got alerts from its cybersecurity and intrusion detection system on Sunday before it shut down all public-facing services globally in the hopes of limiting the impact of the attack. “Our ongoing investigation of the attack has come a long way but is not entirely finalized. So far, we have no indication that any customer and partner data whatsoever has been affected. As far as the investigation currently shows, we were able to stop the attack before it was completed, limiting the potential damage,” Axis said on Thursday. “Most prioritized external services have now been restored. Restoring the remaining services is our highest priority, together with doing it in a way that does not jeopardize security. The time of disconnected services and limited possibilities to communicate with Axis has been an unfortunate but necessary consequence. Our gradual entry into a post-attack normal is based on changes that help us avoid similar future situations.”The company announced the outages on Twitter but did not respond to requests for comment. On its status site Friday afternoon, Axis said its Case Insight tool in the US and the Camera Station License System were dealing with partial outages. The Device Manager Extend Device upgrades for OS and apps is dealing with a major outage, as of Friday afternoon. 

Update: The time of disconnected services over the past few days has been an unfortunate but necessary consequence. Our gradual reentry is based on changes that help us avoid similar future situations. Thank you for your patience. Read the full statement: https://t.co/0osAZjRJji— Axis Communications (@AxisIPVideo) February 24, 2022

Services are being restored gradually, the company said. Axis spokesman Chris Shanelaris told Bloomberg and SecurityInfoWatch.com that all public-facing internet services were disabled to protect the company’s systems. The attack was first reported by IPVM. Axis has not said if it is a ransomware attack.  More

A view of Kiev, Ukraine.
Getty Images
Editorial Note: In response to Russia’s “unprovoked attack on Ukraine” on February 23, the Cybersecurity & Infrastructure Security Agency (CISA) published an updated set of cybersecurity recommendations for organizations.In the five years since I first explored the potential impact of a Digital Cold War on the IT industry, tensions with Russia have gotten worse, especially following a series of cyberattacks on systems in the United States. These include Russia’s involvement in the SolarWinds breach, as well as its interference with the 2016 US presidential elections via attacks on the Democratic National Committee infrastructure and the purchasing of tens of millions of ads on Facebook in an attempt to sow discontent among US voters.Under Vladimir Putin’s leadership, the nation has focused on international cybersecurity activity for many years.

Ukraine Crisis

Ukraine invasionUnder the pretext of “Peacekeeping operations,” Russia has now initiated a full-scale invasion of Ukraine. Presumably, Russia also has been responsible for recent cyberattacks on Ukrainian banks.In response, the United States, NATO nations, and allied countries have imposed numerous economic sanctions on Russia, including blocking its two state-owned banks from debt trading on US and European markets and freezing their assets under US jurisdictions, as well as freezing the assets of the country’s wealthiest citizens. Germany has halted its plans on Russia’s Nord Stream 2 Gas Pipeline. Further wide-ranging sanctions are expected as Russia continues its assault on Ukraine.On February the 23rd, President Biden condemned the military action and said, “President Putin has chosen a premeditated war that will bring a catastrophic loss of life and human suffering. Russia alone is responsible for the death and destruction this attack will bring, and the United States and its Allies and partners will respond in a united and decisive way. The world will hold Russia accountable.”The economic impacts of this conflict will likely be significant, including a halt on Russian oil and natural gas exports to Western Europe and, presumably, the denial of civil and commercial air transit to Asia through Russian airspace. Although the United States, unlike Europe, is not a major consumer of Russian energy exports, it would be simplistic to say that Russia has no impact on US business at all.An extended conflict with Russia — coupled with the imposition of wide-ranging sanctions — will have a tangible impact on the global technology industry.Software companies with concerns about Russian connectionsMany companies with significant market share and widespread use within US corporations have various levels of connections with Russia. For example, some were founded in Russia and others are headquartered elsewhere but have a development presence within Russia and other parts of Eastern Europe.UK-incorporated Kaspersky Lab, for example, is a major and well-established player in the antivirus/antimalware space. It maintains its international headquarters and has substantial research and development capabilities in Russia, even though its primary R&D center was moved to Israel in 2017.It’s also thought that Eugene Kaspersky, the company’s founder, has strong personal ties to the Putin-controlled government. Kaspersky has repeatedly denied these allegations, but questions about the man and his company remain and will be further scrutinized, particularly as the conflict develops.In the past, evidence emerged that Kaspersky’s software was involved in compromising the security of a contract employee of the United States National Security Agency in 2015. Kaspersky Lab insists that, to the contrary, the evidence supporting this has not been properly established and has produced an internal audit of the findings.It’s also important to note that companies with no evidence of any wrongdoing are suffering guilt by association.NGINX Inc is the support and consulting arm of an open source reverse proxy web server project that is very popular with some of the most high-volume internet services on the planet. The company is of Russian origin but was sold to F5 Networks in 2019. The founder of the company, Igor Sysoev, announced his departure in January of this year.Parallels, Inc., which Corel acquired in 2018, focuses extensively on virtualization technology. Their Parallels Desktop is one of the most popular solutions for Windows virtualization on the Mac. Historically, their primary development labs were in Moscow and Novosibirsk, Russia. The company was founded by Serguei Beloussov, who was born in the former Soviet Union and later emigrated to Singapore. Two of their products, Virtuozzo and Plesk, were spun off as their own companies in 2017. Parallels’ Odin, a complex management stack for billing and provisioning automation used by service providers and private clouds running on VMware’s virtual infrastructure stack and Microsoft’s Azure, was sold to Ingram Micro in 2015.Acronis, like Parallels, is another company founded by Beloussov. After founding Parallels in 1999, and being involved with both companies for some time, he became CEO of Acronis in May of 2013. The company specializes in cybersecurity products for end-to-end device protection, and in the past, has had bare-metal systems imaging, systems deployment, and storage management products for Microsoft Windows and Linux. The company maintains its global headquarters in Singapore. However, it has substantial R&D operations in Eastern Europe in addition to operations in Israel, Singapore, and the US.

Special feature

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

Veeam Software founded by Russian-born Ratmir Timashev, concentrates on enterprise backup solutions for VMware and Microsoft public and private cloud stacks. Like Parallels and Acronis, it is also multinational. For many years, it had much of its R&D based out of St. Petersburg, Russia. It was purchased by Insight Partners in 2020 and installed a new management team. However, it has yet to be determined how much Russian legacy code is in its products or continues to be contributed to them.These are only just a few examples. Numerous Russian software firms generate billions of dollars of revenue that have products and services that have significant enterprise penetration in the United States, EMEA, and Asia. There are also many smaller ones that perform niche or specialized services, such as subcontracting.It should also be noted that many mobile apps — including entertainment software for iOS, Android, Windows — also originate in  Russia.Russian services firms will also be impactedMany global technology giants in the software and services industries have used Russian and Eastern European developers in the past because of their high-quality and value-priced work compared to their US and Western Europe-based counterparts. And many have invested hundreds of millions of dollars in having a developer as well as reseller channel presence in Russia. World governments do not need to levy Iran-style isolationist sanctions against Russia for a snowball effect to start within US corporations that use Russian software or services.The escalation into full-blown conflict in Ukraine will make C-seats within global enterprises extremely concerned about using software that originates from Russia or has been produced by Russian nationals. The most conservative companies will probably “rip and replace” most off-the-shelf stuff and go with other solutions, preferably American ones.The Russian mobile apps? BYOD mobile device management (MDM) policies will wall them off from being installed on any device that can access a corporate network. And if sanctions are put in place by world governments, we can expect them to disappear entirely from the mobile device stores.Countless games and apps originating from Russia could be no more when actual sanctions on that industry are implemented.But C-seats aren’t going to wait for governments to ban Russian software. If there is any lack of confidence in a vendor’s trustworthiness, or if there is any concern that their customer loyalty can be swapped out or influenced by the Putin regime and used to compromise their own systems,  be assured that software of Russian origin will disappear very quickly from enterprise IT infrastructure.Contractor visas will certainly be canceled en-masse or will not be renewed for Russian nationals performing work for large corporations. You can count on it.Any vendor that is being considered for a large software contract with a US company is going to undergo significant scrutiny and will be asked if any of their product involved Russian developers. If it doesn’t pass the most basic audits and sniff tests, they can just forget about doing business in this country.So if a vendor does have a prominent Russian developer headcount, they will have to pack up shop and move those labs back to the US or country that is better aligned with US interests — as we have seen with the companies listed above. This goes especially for anybody wanting to do federal contract work.Then there is the issue of custom code produced by outsourced firms. That gets a lot trickier.Obviously, there’s the question of how recent the code is and whether or not there are suitable methods in place to audit it. We can expect that there will be services products offered shortly by the US and Western European IT firms to pour through vast amounts of custom code so that they can be sure Russian nationals leave behind no backdoor compromises under the influence of the Putin regime.If you thought your Y2K mitigation was expensive, wait until your enterprise experiences the Russian Purge.I don’t have to tell any of you just how expensive a proposition this is. The wealthiest corporations, sensing a huge risk to security and customer confidence, will address this as quickly as possible and swallow the bitter pill of costly audits.But many companies may not have the immediate funds to do it. They will try their best to mitigate the risk on their own, and compromised code may sit around for years until major system migrations occur and the old code gets (hopefully) flushed out.We will almost certainly be dealing with Russian cyberattacks from within the walls of our own companies for years to come, from software initially developed under the auspices of having access to relatively cheap and highly-skilled strategically outsourced programmer talent.Will Russian software and services become the first victim in a Digital War? Talk Back and Let Me Know. More