![](\"https:\/\/media.wired.com\/photos\/6234fdbbe8751fd4a6540752\/master\/pass\/Security-Roundup-Pipeline-TSA-Security-1232866172.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Andrew Couts| Date: Sat, 19 Mar 2022 13:00:00 +0000<\/strong><\/p>\n Andrew Couts<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n More than three<\/span> weeks into Russia\u2019s war of choice against Ukraine, fears of cyberattacks<\/a> on the country\u2019s critical infrastructure have been replaced by widespread death, destruction, and devastating upheaval across the country. The United Nations estimates<\/a> that 6.5 million people have been displaced, in addition to 3.2 million who had already fled Ukraine. Mariupol, once a thriving city of 430,000 along the country\u2019s southern coast, has been reduced to rubble. Russia has killed more than 100 children<\/a> during its assault so far.<\/p>\n As the war rages on, we investigated<\/a> one of the weapons Russia appears to have recently deployed against Ukraine: an AI-powered \u201csuicide drone.\u201d Russia\u2019s reported use of the KUB-BLA drone raises the specter of autonomous weapon systems deciding who dies during warfare. This week also saw what may be the first use of a deepfake<\/a> to spread misinformation during wartime. The deepfake, of a robotic Volodymyr Zelensky calling on Ukrainians to surrender to Russia, was deeply unconvincing. The Ukrainian president quickly refuted its authenticity, while Facebook, Twitter, and YouTube raced to remove the video from their platforms, potentially providing a how-to guide for responding to sophisticated misinformation in the future.<\/p>\n While we have yet to see Russia wage damaging cyberattacks against Ukraine\u2019s critical infrastructure since it invaded the country in late February, malware used by Russian government hacker group Sandworm<\/a>, dubbed Cyclops Blink, has spread further than previously known. Researchers at TrendMicro discovered<\/a> that a version of the malware can infect Asus routers.<\/p>\n Speaking of Russia-linked hackers, we took a deep dive into some 60,000 pages of leaked chats and files swiped from the Conti ransomware group. Our findings revealed the internal machinations<\/a> of the gang\u2019s oddly businesslike hierarchy, its plans to launch a crypo payment platform<\/a> and a social network (with dreams of starting an online casino), and what its links to Russia\u2019s military hackers<\/a> really look like.\u00a0<\/p>\n The Lapsus$ collective, meanwhile, is adding \u201cchaotic energy\u201d to the world of cybercrime. As we found in our dive into the group's activities<\/a>\u2014which include targeting high-profile companies like Samsung and Nvidia\u2014its tactics differ from ransomware gangs like Conti, using phishing attacks and data theft to extort its victims rather than encrypting their systems and demanding payment. And while the group claims it's not politically motivated, some experts remain unsure about Lapsus$'s ultimate aim.<\/p>\n Lastly, we dove into Big Tech\u2019s big plans to finally (finally!) kill off the password<\/a>. After a decade of work on the problem, the FIDO Alliance\u2014whose members include Amazon, Meta, Google, Apple, and more\u2014believes it has discovered the missing piece to make ditching our passwords easy.<\/p>\n Of course, that\u2019s not all. For all the big security stories we didn\u2019t have a chance to cover this week, click the headlines below. (And yes, a lot of them have to do with Russia.)<\/p>\n The Transportation Security Administration isn\u2019t just in charge of airport security<\/a>. The agency is also tasked with protecting US oil and gas pipelines\u2014and it\u2019s not going well. Thanks to understaffing and strict federal requirements, the TSA is reportedly struggling to meet its pipeline-security mandate. The TSA\u2019s focus on protecting this critical infrastructure follows the May 2021 attack on Colonial Pipeline<\/a>, but its mission has become all the more crucial as the specter of worst-case-scenario attacks by Russia or other nation-state actors looms large.<\/p>\n Google\u2019s Threat Analysis Group (TAG) on Thursday said<\/a> it uncovered a new group of \u201cfinancially motivated\u201d attackers that it believes breaks into targeted systems and then sells that access to other malicious actors, including Russian cybercrime groups like ransomware gangs Wizard Spider<\/a> (aka UNC 1878) and Conti<\/a>. Dubbed Exotic Lily by Google researchers, the group appears to be located in Central Europe and has targeted a wide range of victims, with a focus on cybersecurity, health care, and IT firms. To dupe these targets, Exotic Lily\u2019s members use phishing attacks concealed through spoofed domains, fake email addresses, and fake profiles on social media and other platforms, according to TAG.<\/p>\n Vigilante hackers have been on a tear<\/a> against Russian targets since the first days of Vladimir Putin\u2019s war against Ukraine. But it\u2019s the newly reinvigorated Anonymous hacktivist collective that\u2019s caused the most ruckus. Late this week, Anonymous claimed to have stolen 79 GB of emails from Transneft, a state-controlled Russian pipeline company, which were revealed by the transparency journalism outlet Distributed Denial of Secrets. Clearly having a bit of fun, the Anonymous hacktivists dedicated their intrusion to Hillary Clinton, who appeared to call on Anonymous<\/a> to hack Russian targets during a February 25 appearance on MSNBC.<\/p>\n Acting out of an abundance of caution, Germany\u2019s Federal Office for Information Security (BSI), warned local companies against using Kaspersky\u2019s antivirus software on the grounds that the company would be compelled to spy on users for the Kremlin. Echoing the US government's murky foundation for banning Kaspersky products<\/a> in 2017, BSI's warning does not appear to be based on any specific intelligence, and the company asserted as much in response to BSI\u2019s warning. \u201cWe believe that peaceful dialogue is the only possible instrument for resolving conflicts,\u201d the company said in a statement. \u201cWar isn\u2019t good for anyone.\u201d<\/p>\n