Saturday, February 26, 2022

Perspective. I’m seeing many articles reflecting this theme.

https://www.usip.org/publications/2022/02/ukraine-putin-chooses-his-forever-war

Ukraine: Putin Chooses His ‘Forever War’

Putin faces a domestic political risk as Russian soldiers die in Ukraine. Ukrainian troops cannot repulse an invasion by a Russian military that analysts say has three times the personnel and 10 times the budget of Ukraine’s. But Ukraine now defends itself with a vastly bigger, better equipped and more combat-experienced army than in 2014, when Russia quickly seized Crimea and part of Donbas. And Ukrainians—military veterans and civilians—have trained and prepared to fight urban and guerrilla warfare that would mean terrible casualties not only for Ukraine but for Russia.

Putin has shown he fears the risk that Russian casualties could undermine his rule.


(Related) Logistically the cheapest and fastest to implement?

https://krebsonsecurity.com/2022/02/russia-sanctions-may-spark-escalating-cyber-conflict/

Russia Sanctions May Spark Escalating Cyber Conflict

President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies, which could escalate into cyber attacks on Western financial institutions and energy infrastructure.

Michael Daniel is a former cybersecurity advisor to the White House during the Obama administration who now heads the Cyber Threat Alliance, an industry group focused on sharing threat intelligence among members. Daniel said there are two primary types of cyber threats the group is concerned about potentially coming in response to sanctions on Russia.

The first involves what Daniel called “spillover and collateral damage” — a global malware contagion akin to a NotPeyta event — basically some type of cyber weapon that has self-propagating capabilities and may even leverage a previously unknown security flaw in a widely-used piece of hardware or software.

The second level [is that] in retaliation for sanctions or perceived interference, Russia steps up more direct attacks on Western organizations,” Daniel said


(Related)

https://www.csoonline.com/article/3651498/conti-gang-says-its-ready-to-hit-critical-infrastructure-in-support-of-russian-government.html#tk.rss_all

Conti gang says it's ready to hit critical infrastructure in support of Russian government

The ransomware group's claims follow a threat from the hacktivist group Anonymous to conduct cyberattacks against Russian targets.



Never attribute to malice that which can be adequately explained by stupidity. That includes whoever decided they didn’t need backups.

https://www.databreaches.net/dallas-it-worker-erased-police-files-by-accident-didnt-have-enough-training-report-says/

Dallas IT worker erased police files by accident, didn’t have enough training, report says

Everton Bailey Jr. reports:

A former Dallas IT worker fired after deleting millions of police files last year while trying to move them from online storage didn’t have enough training to do the job properly, according to an independent investigation of the incident.
Despite his job primarily being focused on working with Commvault, the software company the city contracts with for cloud storage management, the former city technician only received training on the software twice since 2018, said a report analyzing the incident released this week to city officials by law firm Kirkland & Ellis.

Read more at Dallas News.



What comes next?

https://www.databreaches.net/at-least-22-states-have-consumer-privacy-legislation-pending-will-2022-be-the-year-for-more-state-privacy-laws/

At Least 22 States Have Consumer Privacy Legislation Pending – Will 2022 Be the Year for More State Privacy Laws?

Deborah George of Robinson & Cole writes:

California is the gold standard for state privacy laws, having recently enacted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Virginia and Colorado also have enacted comprehensive privacy laws, which will take effect in 2023. Recently, the International Association of Privacy Professionals (IAPP) released its state privacy legislation tracker. The IAPP offers a map of the states that shows all the states and the status of any privacy legislation. The map shows the various stages of any privacy legislation, from bills introduced all the way through bills signed.

In addition, IAPP has compiled a handy chart of pending comprehensive privacy legislation that provides the name of the bill, a link to the bill, and whether the bill provides various consumer rights, business obligations, and a private right of action, similar to the consumer privacy laws passed in California, Virginia, and Colorado.

Read more at The National Law Review.



Perspective.

https://appleinsider.com/articles/22/02/25/surveillance-firm-says-apple-is-phenomenal-for-law-enforcement

Surveillance firm says Apple is 'phenomenal' for law enforcement

Secret recordings of a surveillance firm's presentation show how much iCloud data Apple surrenders to law enforcement with a warrant — though it's Google and Facebook that can track a suspect to within three feet.

PenLink is a little-known firm from Nebraska which earns $20 million annually from helping the US government track criminal suspects. PenLink also sells its services to local law enforcement - and it's from such a sales presentation that details of iCloud warrants has emerged.

… Apple is open about what it does in the event of a suboena from law enforcement. It's specific about how it will not unlock iPhones, for instance, but it will surrender information from iCloud backups that are stored on its servers.

"If you did something bad," said Tuma, "I bet you I could find it on that backup."


No comments: