The Five Eyes intelligence alliance, comprised of Australia, Canada, New Zealand, the United Kingdom, and the United States, collaborated to disrupt a major cyberespionage operation run by Russia’s Federal Security Service (FSB). Known as “Operation Ghost Protocol,” the FSB’s “Snake” malware targeted government entities, military organizations, and critical infrastructure in multiple countries.
The operation was a joint effort by security agencies from the member countries, who coordinated their efforts to identify and disrupt the Snake malware infrastructure. The operation involved seizure and takedown of command-and-control servers, as well as the publication of indicators of compromise (IOCs) to help organizations detect and block the malware.
According to security experts, the Snake malware had been active since at least 2015, and had been continuously updated to evade detection. It is believed to have been used for a range of activities, including data exfiltration, espionage, and cyberattacks.
The Five Eyes alliance has been increasingly active in their efforts to combat cyber threats from adversarial nations, with particular focus on Russian threat actors. Just last month, the alliance published a joint advisory warning of ongoing cyber espionage campaigns by Russian state-sponsored groups targeting government departments, political organizations, and the energy sector.
Meanwhile, cyber attackers are shifting their tactics from distributed denial-of-service (DDoS) attacks to cryptojacking, according to a report by cybersecurity firm Radware. The report highlights a decline in DDoS attacks, which have traditionally been a favorite tactic of cybercriminals, and a rise in cryptojacking, where attackers use victims’ computing resources to mine cryptocurrencies covertly.
The report also notes that ransomware continues to be a significant threat, with attacks becoming more sophisticated and targeted. In particular, attackers are increasingly using double-extortion techniques, where they not only encrypt victims’ data but also threaten to leak it if the demanded ransom is not paid.
Steve Benton, chief intelligence officer at cybersecurity firm Anomali, warns that the cybersecurity industry faces several potential headwinds. These include the increasing sophistication of cyber attacks, the global shortage of cybersecurity professionals, and the challenge of keeping up with rapidly evolving technology. He also emphasizes the need for collaboration between security organizations to effectively combat cyber threats.
In a recent episode of Afternoon Cyber Tea podcast, Ann Johnson speaks with Roland Cloutier, global chief security officer at TikTok, about the importance of risk management and resilience in the modern era. Cloutier stresses the need for organizations to prioritize security and risk management, and to build resilient systems and processes to mitigate the impact of potential cyber incidents.
In other news, yesterday’s Patch Tuesday, the monthly release of security updates by Microsoft, included a fix for an issue with a patch released in March. The issue affected some Windows systems and caused display problems. Microsoft has advised users to apply the new patch to avoid any further issues.
Overall, the cybersecurity landscape continues to evolve, with threat actors becoming more sophisticated and attacks becoming more targeted. As such, it is important for organizations and individuals to stay vigilant and take proactive measures to protect themselves from cyber threats. Collaboration between security organizations and the development of resilient systems are crucial in this regard.