Cyber Week in Review: January 22, 2021

Russian Company Props Up Parler

Parler, a controversial social media website popular among right-wing circles, has partially returned online after receiving support from Russian tech firm DDos-Guard. Upon visiting the one-page website, users are greeted by a message promising that the platform will be functional again soon. The partnership follows Parler’s removal from Amazon servers and Google and Apple app stores after rioters that stormed the Capitol building two weeks ago posted their criminal activity and called for violence on the platform. In an email received by CNN, DDos-Guard, which previously provided services for conspiracy-fraught message board 8chan, stated that it does “not provide hosting services to Parler.com,” implying that the company is merely helping Parler hide its true IP address and stave off potential distributed denial-of-service attacks. Cybersecurity experts have pointed out the irony and risks of Parler relying on Russian web services, given Moscow’s targeting of the far right with disinformation and ability to access data handled by Russian companies.

Malwarebytes Hacked by Same Actor Accused of Hacking SolarWinds

Cybersecurity provider Malwarebytes announced earlier this week that it was breached by the same threat actor that compromised IT firm SolarWinds. In a blog post, Malwarebytes’ CEO Marcin Kleczynski stated that while the company does not rely on SolarWinds services, hackers were still able to “abuse applications with privileged access to Microsoft Office 365 and Azure environments,” thus granting the hackers limited access to an “internal subset of company emails.” The statement also reveals that Microsoft initially notified Malwarebytes of “suspicious activity” in their Office 365 tenant on December 15, prompting a joint investigation into the matter. In a tweet posted on Tuesday, Kleczynski stated that he expects more companies to soon announce breaches of their own. Malwarebytes assured customers that their services are still safe to use.

Bolsonaro Retracts Opposition to Huawei 5G

After pushback from within the government, industry pressure, and the departure of ally President Donald Trump from the White House, Brazilian President Jair Bolsonaro reversed his opposition to Huawei’s inclusion in Brazil’s 5G network auctions. The retraction comes after months of resistance from members of President Bolsonaro’s government, including Vice President Hamilton Mourão who told newspaper O Estadao de S.Paulo that all companies who respect Brazilian regulations and sovereignty will be permitted access to the country’s 5G market. Previously, the Trump administration had promised $1 billion in financing to Brazil if it excluded Huawei from its 5G rollout, but the future of those funds is now uncertain under the new Biden administration. China is Brazil’s largest trading partner and biggest source of foreign direct investment, so the loss of replacement funds likely made Huawei’s exclusion politically unrealistic for the Bolsonaro administration. Brazil’s 5G auctions will take place sometime in June.

Biden Orders Assessment of Russian Hacking

On Thursday, President Biden ordered the U.S. intelligence community to conduct a sweeping review of Russia’s role in the SolarWinds hack and proposed that the New START treaty, the last remaining nuclear arms treaty between the United States and Russia, be extended for five years. This places the Biden administration in a difficult position, seeking to both punish Russia for its extensive hacking operation against the U.S. government and private sector and preserve limitations on nuclear weapons. According to the New York Times, President Biden’s aides have privately cautioned him that his options for responding to the SolarWinds breach are limited because, at least for now, it appears to be a case of espionage, which is considered to be a legitimate state activity. The United States has long conducted cyber espionage against Russia and has reportedly had a presence in the Russian electric power grid since at least 2012.

CISA Announces Ransomware Awareness Campaign 

On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) announced a new campaign to combat ransomware, which reached new levels of severity in 2020 during the coronavirus pandemic. The campaign includes a new page on CISA’s website containing a ransomware guidebook, resources for K-12 schools, and instructions for how local governments can make use of CISA’s technical services. In addition to CISA’s efforts to combat ransomware, the recently announced Ransomware Task Force, a coalition that includes Microsoft, FireEye, and McAfee among its members, plans to develop policy ideas and technical solutions to prevent and mitigate ransomware attacks.