Cyber Week in Review: February 25, 2022

Twitter expands users’ access to its Safety Mode  

Twitter is widening access to its “Safety Mode” feature, which was unveiled on a trial basis to a small subset of users across the United States, United Kingdom, Canada, Australia, Ireland and New Zealand last year. Around half of users in supported markets will be randomly selected to access the feature. When activated, Safety Mode temporarily blocks accounts that send users harmful tweets in order to reduce disruptive interactions. Concerns linger about whether leaders could harness this automated tool to keep critics from freely reacting to tweets made by the government or public officials, though Twitter currently excludes political organizations from the feature. 

Cracking down on trucker protests, Canadian government uses money laundering laws to target cryptocurrency transactions 

Faced with drawn out Freedom Convoy trucker protests in Ottawa and at the United States- Canada border over vaccine requirements, Prime Minister Justin Trudeau invoked the Emergencies Act to target protestors’ finances. The protests have been funded in part by digital assets such as cryptocurrency, with one fundraiser alone gathering $1 million in Bitcoin. In response, the government moved to broaden the scope of the nation’s money laundering laws to cover cryptocurrency, placing new restrictions on payment service providers linked to digital assets. One of the sites relied on heavily by the protesters, GiveSendGo, was recently hacked and the personal information of donors exposed. 

Ukrainian government faces second wave of Russian DDoS and wiper attacks 

The day before Russian forces invaded Ukraine, government websites were subjected to another round of distributed denial of service (DDoS) attacks, causing the websites of the Ministry of Foreign Affairs and the national parliament to go offline. In addition, a destructive wiper attack impacting hundreds of machines was reported in Ukraine and two neighboring countries. This follows a slew of DDoS attacks on Ukraine last week, which targeted government websites and banks, as well as the wiper attack called WhisperGate, which hit Ukraine in January. Ukraine, the United States, and the United Kingdom attributed those attacks to Russia, whose government in turn denied the accusations. In the wake of the first attack, the British defense secretary announced that the United Kingdom is ready to launch retaliatory cyberattacks, and the United States indicated its willingness to impose sanctions.  

Iranian parliament considers new internet regulation under proposed Protection Bill 

The outline of new internet regulations in Iran, entitled the “Protection Bill,” was approved Tuesday by a special parliamentary committee. The bill was first introduced three years ago, but was tabled in the wake of intense backlash over controversial restrictions on internet activity. Previous versions of the bill mainly restricted messaging services, while the most recent version extends controls to all online platforms, potentially disrupting already limited access to apps like Instagram and criminalizing the distribution of virtual private networks used to avoid internet restrictions. Some analysts have pointed to the role that the United States plays in inadvertently helping Iran’s censors, noting American technology sanctions make it easier for authorities to surveil users and shut down the internet. 

Equation Group backdoor exposed in Pangu Labs report 

Pangu Lab, a Chinese cybersecurity firm, released a report that detailed a backdoor used by the Equation Group, an American threat actor widely associated with the National Security Agency. The Linux backdoor, which Pangu dubbed Bvp47, was first discovered in 2013 by Pangu, although they did not have the means to attribute it to the Equation Group. The Shadow Brokers disclosures of Equation Group tools in 2016 and 2017 allowed Pangu to tie the tool to the Equation Group. Chinese cyber security firms rarely attribute tools to American threat actors and this attribution runs counter to the rhetoric of Chinese officials, who typically describe attribution as difficult and time-consuming.