News In Context

Preparing For The Next NotPetya

As the Russian invasion of Ukraine continues and, alongside that, a rise in hacking and cyber attacks, governments and businesses are preparing for the worst.

A piece of malware called HermeticWizard is an example of what has cybersecurity experts worried. Hackers traced to Russia began at least as early as January targeting Ukraine with “wiper” malware, designed to completely wipe out  all of the content on computers, Ray Canzanese, director of threat research at cybersecurity company Netskope, told The Wall Street Journal. New versions of such malware have been discovered since then. HermeticWizard, which researchers detected in the past week, is the most dangerous yet: a piece of software designed to spread another, HermeticWipe, to any other potentially vulnerable computers in a network, according to the Journal article. Previous Russian wipers—there have been at least three targeting systems in Ukraine since January—weren’t paired with this additional software designed to spread them autonomously. Malware with such “worm” characteristics was behind the devastating NotPetya attack in 2017, the most economically damaging cyberattack in history. Attributed to the Russian state, NotPetya did billions of dollars’ worth of damage to companies like Maersk and FedEx even though its intended target was Ukraine “Everyone in cybersecurity is saying they are bracing for the next NotPetya,” Canzanese told the Journal.

Three cybersecurity companies Cloudflare., CrowdStrike Holdingsand Ping Identity announced this week that they are teaming up to form the Critical Infrastructure Defense Project, a project that will provide free cybersecurity services to help vulnerable industries protect themselves.The project is designed to enhance defenses against critical areas of enterprise risk. Under the project, eligible organizations will have access to the full suite of Cloudflare zero-trust security solutions, endpoint protection and intelligence services from CrowdStrike and zero-trust identity solutions from Ping Identity.

In addition, in collaboration with core partners across the public sector, the companies behind the project said they will also offer an easy-to-follow roadmap that businesses in any industry can use to implement step-by-step security measures to defend themselves from cyberattacks.

The security features available to organizations through the Critical Infrastructure Defense Project provide a zero-trust model for securing networks, endpoints and identities of organizations and critical threat intelligence for teams at risk of attack. Hospitals and water and power utilities in the U.S. are encouraged to apply to be part of the program.

Meanwhile Google said it will pay $5.4 billion for cybersecurity company Mandiant, in a bid to better protect its Cloud customers.  If the deal announced March 8 is approved by regulators Mandiant will join Google’s cloud computing division, which is yet to grow to the same size as Microsoft Azure or Amazon Web Services. “Organizations around the world are facing unprecedented cybersecurity challenges as the sophistication and severity of attacks that were previously used to target major governments are now being used to target companies in every industry,”  Thomas Kurian, CEO of Google Cloud, said in a statement.

In Europe, telecoms ministers from the 27 EU countries said March 8 that they want the European Commission to set up a cybersecurity emergency response fund to counter large-scale cyberattacks, citing the recent attacks against Ukraine, according to an EU draft document.

“The possible spillover effect of such cyber attacks to European networks also highlights the need for the EU to move forward with an ambitious and comprehensive plan for its cybersecurity,” the draft document said.”The current geopolitical landscape and its impacts in cyberspace strengthen the need for the EU to fully prepare to face large-scale cyberattacks. Such a fund will directly contribute to this objective,” the paper said.The ministers also asked for more regulations to secure digital infrastructure, technologies and products, and attract companies to provide their expertise. The request for a data breach defense fund turned out to be eerily prescient. On March 10 Vodafone said it is working with law enforcement to investigwho are threatening to leak the telecommunication giant’s source code.

  • Lapsus$ claims it has 200 gigabytes worth of Vodafone source code The same group last week claimed responsibility for a data breach of South Korean electronics giant Samsung in which the hacking group obtained source codes of Galaxy-branded devices like smartphone.

IN OTHER NEWS THIS WEEK

HEALTH

Drug Factory Beads Implanted In Mice Take Out Tumors Within A Week

Among the many challenges in treating tumors is the difficulty in getting anti-cancer drugs to the right locations, and in the right amounts. A new type of implant developed at Rice University tackles both these issues, carrying the cellular machinery needed to produce and deliver continuous doses of anti-cancer compounds, and doing so with such potency that they took out 100% of ovarian tumors in mice in the space of a week.

MOBILITY

U.S. Eliminates Human Controls Requirement For Fully Automated Vehciles

U.S. regulators issued final rules March 10 eliminating the need for automated vehicle manufacturers to equip fully autonomous vehicles with manual driving controls to meet crash standards. Automakers and tech companies have faced significant hurdles to deploying automated driving system  vehicles without human controls because of safety standards written decades ago that assume people are in control. The rules revise regulations that assume vehicles “will always have a driver’s seat, a steering wheel and accompanying steering column, or just one front outboard passenger seating position.”

 

CRYPTOCURRENCIES

White House Lays Out Ground Rules For Digital Assets

The White House has issued a sweeping executive order on the oversight of cryptocurrencies and prompted the Federal Reserve to step up the pace on exploration of the case for a central bank digital currency. The Order lays out a national policy for digital assets across six key priorities: consumer and investor protection; financial stability; illicit finance; US leadership in the global financial system and economic competitiveness; financial inclusion; and responsible innovation.

ENERGY

Enel, Santander Sign Global Deal  To Support Clients’ Clean Energy Transition

Enel and Santander have signed a memorandum of understanding (MoU) aimed at supplying and financing solar facilities, lithium batteries, and energy efficiency solutions for households, SMEs, and corporations. Under the MoU, Enel, through Enel X Global Retail, the Group’s advanced energy services business line, will design customised turnkey solutions for clients while Santander will provide them with tailored financing.

For more of The Innovator’s News In Context articles click here.

 

About the author

Jennifer L. Schenker

Jennifer L. Schenker, an award-winning journalist, has been covering the global tech industry from Europe since 1985, working full-time, at various points in her career for the Wall Street Journal Europe, Time Magazine, International Herald Tribune, Red Herring and BusinessWeek. She is currently the editor-in-chief of The Innovator, an English-language global publication about the digital transformation of business. Jennifer was voted one of the 50 most inspiring women in technology in Europe in 2015 and 2016 and was named by Forbes Magazine in 2018 as one of the 30 women leaders disrupting tech in France. She has been a World Economic Forum Tech Pioneers judge for 20 years. She lives in Paris and has dual U.S. and French citizenship.