A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.

**Born in the cloud. Built for the future of business. This is automation, unleashed.**

Automation 360 is a single, integrated platform that transcends front office and back office technology siloes to automate business processes across all systems and applications, including both SaaS and legacy apps.

 

A must read, one-of-its-kind, industry report

What are top-performing companies doing with RPA to achieve an astounding 380% ROI? Get the inside scoop in the latest Now & Next: State of RPA report.

**Leave no process or employee behind with end-to-end automation, powered by cloud**

Automation 360 has you covered at all angles in the virtuous cycle of hyperautomation

Double your automatable processes by turning every piece of structured and unstructured data in any document into a consumable digital asset through AI and ML with IQ Bot.

Learn about IQ Bot

Take an accurate pulse on every bot and critical insights on every process in real time to enable data-driven decisions and enhancements with Bot Insight.

Learn about Bot Insight

**Unify front and back office with ready-for-anything, access-from-anywhere, end-to-end automation**

Delight employees and customers alike with automation-powered superior experiences

Front Office

Raise your customer satisfaction score with automation that efficiently resolves customer issues and optimizes time spent with customers.

Learn More

Back Office

Turn complex manual processes using legacy systems into streamlined automations, reducing human error and speeding digital transformation.

Learn More

Employee Experience

Empower human ingenuity. Integrate automation into employees' day-to-day, freeing them from mundane tasks and increasing high-value productivity.

Learn More

**Reap the benefits of a modern platform**

Automate 2x more processes\* out of the gate—from simple to highly complex business processes

Increase security, agility, and innovation at 1/5 of the cost\* of infrastructure and maintenance of legacy on-premises and cloud-hosted solutions

Scale 3x faster\* compared to any other platform, with reduced setup, bot creation, and bot deployment time

\*IQ Bot’s pre-trained OOTB solutions for over 100 use cases of document extraction lead to 2x more process automation; AARI enables customers to automate 2x more processes than possible with only RPA  
\*1/5 cost: based only on estimated infrastructure and maintenance cost  
\*3X faster scaling: Based on estimated speeds of development, deployment and maintenance, compared with other RPA platforms  
Actual results will vary by customer deployment

**Solve your business challenges with Automation 360**

Entrenched legacy apps

Begin your automation journey without having to change your existing technology. Gain efficiencies from Automation 360 working across both modern and legacy software.

The need for cloud

Speed up modernization of your on-premises enterprise technologies to SaaS solutions by automating data migration with Automation 360 for fast and accurate results.

Employee experience

Improve the employee experience with digital assistants for every employee to automate swivel-chair tasks.

Customer experience

Increase customer satisfaction with shorter processing times, more accurate data, and better customer service and support.

**A complete 360-degree solution for every nuance**

Security & governance

Automation 360 is ISO27001 and Soc 1 & 2 certified, providing the most comprehensive, multi-layered approach to security including identity and access management, data encryption, audit logs and monitoring, cloud infrastructure security, incident response, and application security.

AI/Machine learning

With AI and machine learning built into the platform, Automation 360 is continuously improving. You can even integrate third-party AI capabilities into your processes with drag and drop ease.

Pre-built Bots

Accelerate and scale automation with prebuilt bots from Bot Store, including more than 1200 prebuilt bots, packages, and digital workers, directly integrated with Automation 360.

Rich partner ecosystem

The extensible, pluggable Automation 360 architecture can easily integrate with additional enterprise solutions offered by our technology partners.

**Leading companies trust Automation Anywhere**

RPA is one of the key tools we have in our toolkit which enables broader digitization of our internal processes.

**– Andrew Davies**, CFO 

RPA brought speed to our operations. The complex processes in treasury and tax are now more accurate and efficient.

**– Vikas Kapoor**, Senior Vice President, Finance 

Our corporate goal is to reach $22 billion of revenue by the year 2022. The only way to scale that much is to do things better. Automation is allowing us to do that.

**– Cynthia Holmecki**, Global Leader Intelligent Automation Solutions 

It just took 3 weeks for small and medium-sized processes to be automated. The heaviest processes took only 9 weeks. The results were delivered fast, giving us the opportunity to assess the fast pace.

**– Ravi Konda**, Sr. Manager, IT 

Combining RPA with cognitive automation and analytics gives us the foundation to transform how we serve customers.

**– Richard Mendoza**, Automation Capabilities Leader 

Bank leadership is excited because we recovered our investment with a 1300% ROI within the first year.

**– Jorge Ivan Otalvaro**, VP Service Delivery and Operations 

With the implementation of RPA for our billing portal, we’ve increased our efficiency and production, decreased processing costs, and scaled for the future.

**– Kevin Tucceri**, Business Process Owner, Credit & Collections 

Once we got a few groups on board with RPA, that was really a game changer for us. People started to see the results and the excitement was contagious.

**– Joe Cotnoir**, Director HRIS—Business Process Enablement, HR Services 

**...and users love us!**

**A+ CUSTOMER SUCCESS**

Maximize return on your automation investment with the most comprehensive customer success program

**Learning and community resources**

Our customers become part of the most comprehensive RPA support ecosystem. Get product education and training with Automation Anywhere University, connect with thousands of RPA practitioners in the A-People online community, and have access to 24/7 technical support.

Automation Anywhere University

Our intelligent automation platform comes with world-class training

Learn More

Community Edition

Instantly start your RPA journey with the FREE Community Edition

Get Started Now

A-People Community

Join the fastest-growing RPA network in the world

Join A-People

**Get started  
with Cloud RPA**

CVE-2022-29856: Cloud Automation | Automation Cloud   | Automation Anywhere

A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2021-41948: 1-click stored XSS from admin panel to site · Issue #8 · intelliants/subrion-plugin-contact_us

Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps.

Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps.

Over the past 15 years, the cloud has blown business into a new age of networking, for solid reasons: Small businesses can get online fast, using the same tools as the big companies; large companies can scale up and down to match demand; and organizations of all sizes can quickly react to business fluctuations in terms of allocating resources and onboarding applications.

Click to Expand

As well, of course, over the past few years, the pandemic has made cloud resources crucial when it comes to supporting remote workforces.

_\[**Editor’s Note:** This article was originally published in the free Threatpost eBook “Cloud Security: The Forecast for 2022.” In it we explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists. Please download the FREE eBook for the full story\]_

However, the mad dash to set up shop in the cloud can sometimes lead to stormy weather: There are, after all, beaucoup security challenges hidden behind the cloud’s promise of blue skies. As Prevailion CTO Nate Warfield enumerates, cloud marketplaces “are rife with pre-built virtual machine (VM) images containing unpatched vulnerabilities, overly permissive firewall settings, and even malware and coin miners. Cloud providers don’t take a proactive stance towards breach and compromise monitoring and, in many cases, won’t even pass on notifications to their customers which they have received from external researchers.”

Click to Expand

In order to put some quantifiable numbers around how organizations are faring in their journeys to the cloud, Threatpost polled 400+ readers. Topics included what security dangers respondents have encountered, and which ones they most fear they’ll run into. We also asked what security tools they plan to implement in the coming months.

When asked how confident respondents are that their organization had implemented sufficient cloud security, the majority felt bullish (68 percent). Worryingly, almost a quarter (24 percent) said they had no confidence in their organization’s cloud security. Just 8 percent said they feel “highly” confident.

**Lions & Tigers & Shared**

Click to Expand

**Responsibility**

Warfield’s list of challenges is just the tip of the iceberg, according to the poll results. There are also data-privacy and regulatory issues; the basic challenges of implementing cloud, such as staff shortages; the threat of cyberattack and data exposure; and plain old confusion.

Not everyone is sure who’s responsible for what when it comes to the sharedresponsibility model for public cloud deployments. And, a recurring question is what zero-access architecture for access management entails.

Just over half said they have embraced the shared-responsibility model for public cloud deployments (59 percent), but a quarter said they “don’t really understand it” and 12 percent said they did not. When asked if they’ve implemented a zero-trust architecture for access management, 53 percent said, “not yet but plan to,” and 17 percent said it confused them. Just 23 percent said yes. Six percent said absolutely not.

The notion of “DevSecOps,” where security is built into an organization’s cloudnative application lifecycle management, has more support: 71 percent noted that they’ve either adopted the strategy or soon plan to; but a fifth (21 percent) said they didn’t fully grasp what it means.

Meanwhile, organizations perceive there to be a lot of security pitfalls in the cloud. In its poll, Threatpost asked about a number of them, from API vulnerabilities to stolen cloud credentials, and container bugs to a smorgasbord of malware, including ransomware and cryptomining malware.

**Security Pitfall No. 1: Misconfigurations**

The biggest number of respondents – 27 percent – cited misconfigurations and data exposure as the biggest threat to their cloud deployments.

Click to Expand

While many respondents reported that they’ve either experienced a cyberattack on their cloud assets in the past 12 months (18 percent) or that they aren’t exactly sure (2 percent), an even larger portion – 38 percent – reported having experienced a data-exposure incident due to misconfiguration.

Poll respondents’ takes on the issues confirm what’s been a constant over the past few years; namely, misconfigured cloud deployments have been, and continue to be, rampant. In a 2020 survey of 2,064 Google Cloud buckets by Comparitech, 6 percent of all Google Cloud buckets were estimated to be misconfigured and left open to the public internet, for anyone to access their highly sensitive content.

Respondents ranked their other most-worrying cloud security threats as account compromise and stolen cloud credentials, (20 percent); API vulnerabilities (13 percent); advanced attacks against cloud providers (11 percent); ransomware (9 percent); cyberespionage/data theft (6 percent); distributed denial of service (DDoS, 5 percent); other malware (3 percent); and cryptojacking (2 percent).

**How You’re Protecting the Cloud**

Fortunately, efforts to secure the cloud aren’t static. Nor are the technologies. When asked what security tools they’re planning on implementing in the next 12 months, poll respondents listed a host of technologies that will hopefully fill in whatever holes they have in their cybersecurity umbrellas.

For better or worse, multifactor authentication (MFA) on all accounts was cited as the top tool already in use by the most respondents, at 12 percent. It’s important however not to fall into a false sense of security: In January 2021, the feds warned that cloud attacks were bypassing weaker two-factor authentication, such as schemes that use a code sent to a mobile phone via SMS.

Click to Expand

In terms of the top security tools that poll respondents plan to invest in, encryption for data at rest and data in transit (cited by 11 percent) took the lead, followed by identity access management (11 percent) and the adoption of self-managed security controls offered by cloud providers (9 percent).

The top most-cited planned upgrade to cloud security in the poll was user-behavior analytics: i.e., the use of artificial intelligence and machine learning to analyze large datasets and identify patterns that signify security breaches. This can be used to spot anomalous behavior that may indicate data exfiltration or other malicious activity that might otherwise slip by security tools and personnel. In all, 9 percent of respondents said their organizations have behavior analytics in the works in the coming year.

Click to Expand

The next set of top cloud-security tools on the to-do list were cloudconfiguration monitoring tools (cited by 8 percent), a single console to manage security across multiple clouds (7.5 percent), and MFA on all accounts (7.5 percent). Next up were risk assessment and auditing (7.5 percent), policybased data loss prevention (DLP) (7 percent) and data activity monitoring (7 percent).

**What’s Gumming Up the Works**

Some security tools are in place, while more are being implemented. But all of this work to secure the cloud is, well, work, and it often requires more hands than are available. As noted earlier, respondents cited a lack of skilled staff as the biggest challenge when it comes to securing the cloud, (19 percent).

Indeed, the (ISC)²’s 2021 Cybersecurity Workforce Study found that there are 2.72 million open cybersecurity positions globally, and that the worldwide cybersecurity workforce needs to grow 65 percent to effectively defend organizations’ critical assets. Out of those, cloud management and cybersecurity ranked highest when it comes to the biggest talent gaps that companies need to fill.

The next biggest challenge facing organizations is a lack of visibility into what data is held within cloud applications, cited by 13 percent. That’s followed by insufficient identity and access management controls at 11 percent.

It’s clear that cloud security is increasingly top-of-mind at organizations, which have big plans for addressing it. But it’s a proverbial journey, not a sprint. As Prevailion’s Warfield noted, it’s crucial to take it seriously, and the time is now to start implementing controls.

“Cloud networking isn’t inherently insecure,” he said. “But as the world shifts to a cloud-centric and hybrid cloud environment, particularly for remote workforces, organizations need to recognize that their cloud-security strategy, policies, controls and processes must be as robust as in a classic onpremises environment.”

**_Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our_** **_FREE downloadable eBook_****_, “Cloud Security: The Forecast for 2022.”_** **_We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists._**

Security Turbulence in the Cloud: Survey Says…

At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country.
"Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and

At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country.

"Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public's trust in those same institutions," the company's Digital Security Unit (DSU) said in a special report.

The major malware families that have been leveraged for destructive activity as part of Russia's relentless digital assaults include: WhisperGate, HermeticWiper (FoxBlade aka KillDisk), HermeticRansom (SonicVote), IssacWiper (Lasainraw), CaddyWiper, DesertBlade, DoubleZero (FiberLake), and Industroyer2.

WhisperGate, HermeticWiper, IssacWiper, and CaddyWiper are all data wipers designed to overwrite data and render machines unbootable, while DoubleZero is a .NET malware capable of data deletion. DesertBlade, also a data wiper, is said to have been launched against an unnamed broadcasting company in Ukraine on March 1.

SonicVote, on the other hand, is a file encryptor detected in conjunction with HermeticWiper to disguise the intrusions as a ransomware attack, while Industroyer2 specifically targets operational technology to sabotage critical industrial production and processes.

Microsoft attributed HermeticWiper, CaddyWiper, and Industroyer2 with moderate confidence to a Russian state-sponsored actor named Sandworm (aka Iridium). The WhisperGate attacks have been tied to a previously unknown cluster dubbed DEV-0586, which is believed to be affiliated to Russia's GRU military intelligence.

32% of the total 38 destructive attacks are estimated to have singled out Ukrainian government organizations at the national, regional and city levels, with over 40% of the attacks aimed at organizations in critical infrastructure sectors in the nations.

In addition, Microsoft said it observed Nobelium, the threat actor blamed for the 2020 SolarWinds supply chain attack, attempting to breach IT firms serving government customers in NATO member states, using the access to siphon data from Western foreign policy organizations.

Other malicious attacks involve phishing campaigns targeting military entities (Fancy Bear aka Strontium) and government officials (Primitive Bear aka Actinium) as well as data theft (Energetic Bear aka Bromine) and reconnaissance (Venomous Bear aka Krypton) operations.

"Russia's use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations targeting services and institutions crucial for civilians," Tom Burt, corporate vice president of customer security and trust, said.

"Given Russian threat actors have been mirroring and augmenting military actions, we believe cyberattacks will continue to escalate as the conflict rages. It's likely the attacks we've observed are only a fraction of activity targeting Ukraine."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine

Even the head of the country's online offensive is surprised by the successes—although they’re not without controversy.

When Russian president Vladimir Putin launched his full invasion of Ukraine in February, the world expected Moscow’s cyber and information operations to pummel the country alongside air strikes and shelling. Two months on, however, Kyiv has not only managed to keep the country online amidst a deluge of hacking attempts, but it has brought the fight back to Russia.

Even Ukrainian officials are surprised by how ineffective Russia’s digital war has been.

“I think that the root cause of this is the difference between our systems,” says Mykhailo Fedorov, Ukraine’s 31-year-old minister for digital transformation. “Because the Russian system is centralized. It's monopolized. And it leads to the scale of corruption and graft that is becoming increasingly apparent as the war continues.”

Speaking to WIRED from near Kyiv, Fedorov says his country has been preparing for this moment since Russia first invaded in 2014. “We have had eight years,” he says.

In recent weeks, Fedorov and the Ukrainian government have deployed the controversial face recognition program ClearviewAI to identify killed and captured Russian soldiers. They have deployed thousands of Elon Musk’s Starlink terminals to keep the country connected, even amid Russian bombardment. They have crowdsourced intelligence collection, letting ordinary Ukrainians report troop movements. And, perhaps most critically, they have beaten back aggressive attempts to knock offline their internet, energy, and financial systems.

Fedorov, who also serves as deputy prime minister, ran Ukrainian president Volodmyr Zelensky’s wildly successful election campaign in 2019, winning by nearly 50 points in the second round against incumbent Petro Poroshenko. He did so, in part, by leveraging authentic selfie videos to market the former comedian as an unconventional politician who eschews the normal trappings of politics. It’s exactly that style of video that Zelensky has uploaded regularly from the streets of Kyiv in recent weeks, offering a stark contrast with Putin’s stiff proclamations inside his palatial offices.

Ukraine has brought the war home to Russia in more cutting ways. In March, Reuters reported that Ukraine had purchased face recognition software from American company Clearview AI to identify the bodies of Russian soldiers killed in action—Kyiv later acknowledged that they were using this information to contact the families of the dead soldiers.

“We are pursuing two goals here,” Fedorov says. “First is: We are notifying their relatives, and telling them, basically, that it's not a very good idea to go to war with Ukraine. So that serves as a cautionary tale. And secondly, it's a humanitarian purpose—just telling them where their relatives, or friends, or children are so that they don't try to get this information from the Russian authorities. Because, more often than not, they can't.”

That decision hasn’t come without criticism. Contacting the families of soldiers killed in battle could be seen as harassment. Others have pointed out that being deployed in Ukraine is a PR coup for ClearviewAI, which has been embroiled in scandal over its liberal use by police forces across North America.

Fedorov, for his part, says Russia “can spin this whatever way they want. But the fact of the matter is, there are tens of thousands of Russians dying in Ukraine, and we are just providing this information to their families because that serves, among other things, a humanitarian purpose.”

There is a propaganda element to Kyiv’s use of face recognition technology as well.

“This facial recognition plays to our, let's say, to our advantage in the information space,” Fedorov says. Moscow has projected the image of a professional and volunteer fighting force. “We're trying to say that, for example, Russia is sending conscripts … we are proving that and justifying that with a lot of factual information. We can give you a list of hundreds of people who are 18 and 19 years old, with their names and with their birth dates and how and where specifically, they were conscripted. So that gives some substance to our claims.”

Fedorov says the utility goes beyond just identifying the dead.

“One interesting case study of how we used Clearview AI,” Fedorov says. “There was a man who was found in a Ukrainian hospital, claiming that he was a Ukrainian soldier who suffered from shell shock or some kind of trauma and that he forgot everything. And he was claiming that he was Ukrainian. So the doctor sent the picture to us, and we were able to ID him in a matter of minutes. We found his social network profile, and we established that he was Russian and, of course, he was brought to responsibility.”

Ukrainian officials have said that the frequency of Russian cyberattacks tripled immediately prior to the war, and they have aggressively targeted critical infrastructure since the war began.

But Viktor Zhora, deputy head of Ukraine's State Service of Special Communications and Information Protection, says Moscow may have maxed out its ability to launch attacks. “Russian cyber operations likely reached their full potential," he says.

Zhora told WIRED that years of training, exercises, and cooperation with NATO have made Ukraine far more resilient to cyberattacks. Some attacks are easier to defend against than others—as we spoke, Zhora said he was monitoring an active attack on the state administration of Lviv, which had been publicly announced by Russia hours earlier.

But Zhora stresses that while it is wrong to overestimate how powerful Russia’s cyber capabilities are, it would also be wrong to underestimate its more “sophisticated” operations. “We should continue to observe their potential, like Sandworm, like a Fancy Bear, like Gamaredon, many other groups that are still active, and still very dangerous,” he says, referring to a number of Russian government hacker groups.

Brandon Valeriano, a senior fellow at the Cato Institute who specializes in cyber operations, says offensive cyber operations don’t mesh well with traditional, kinetic warfare. At best, he says, “they’re enabling, they’re complimentary … they don’t transform it.”

Valeriano points to a slowdown in the tempo of Russian-backed cyberattacks targeting the United States as evidence that Moscow’s capacity isn’t as expansive as some have assessed. “They’re not organized for offensive cyber operations in the way that we think they are,” he says.

Kyiv’s ability to beat back against those operations, Valeriano says, can be attributed to “intense collaboration between Ukraine, Western powers, and NATO.” Indeed, Five Eyes signals intelligence agencies have both been providing training and support for Ukraine’s cyber defense and have been sharing threat intelligence. (Zhora stresses that information-sharing is a “two-way road.”)

Ukraine has been able to defend itself, both in cyberspace and in an outright propaganda war, because it has managed to stay online. For that, Fedorov credits a decentralized network of internet service providers and Elon Musk.

“It wouldn't be possible to restore 10 km of cable connection between villages in Chernigiv region after serious battles so quick,” he tweeted earlier this month. “Normally it takes few months.” But with one Starlink satellite, he says, five villages were reconnected in a matter of days.

“We have received over 10,000 Starlink terminals to date, and we use those where we have blind spots with, let's say, more traditional coverage,” Fedorov says. “So we are trying very hard to restore and protect our landline and mobile connections.”

Like any physical infrastructure, those Starlink terminals—which have even managed to keep the embattled city of Mariupol online—have been vulnerable to Russian shelling. Zhora says Russia has managed to hit some of those terminals but has not managed to target the system as a whole. “I suppose that it was coincidence that some shells hit these terminals and locations,” Zhora says. “It's not easy to identify and to attack them systematically.”

Keeping Ukrainians online is a clear strategic objective for Ukraine. Photo and video evidence of the brutality being doled out by the Russian army has galvanized Western support for Kyiv and led to an unprecedented level of support from NATO to help the country defend itself.

It’s also letting regular Ukrainians contribute to the collective defense.

During Zelensky’s presidential campaign, Fedorov made particular use of the messaging app Telegram, which is also popular with Russian intelligence operatives. In recent weeks, the app has been leveraged to collect evidence of possible war crimes in towns like Bucha, but also to enable Ukrainians to upload details of Russian troop movements. A Telegram bot collects photos and videos of Russian military movements, verifying Ukrainians through their digital ID,: a project spearheaded by Fedorov.

“Regular internet users—so, basically, civilians—they can go and post photos of what's happening in Ukraine,” Fedorov says.

The Ukrainian security ministry said in a tweet in March that those crowdsourced reports have directly contributed to drone strikes against Russian tanks.

“There are actually very many ways that regular citizens can contribute to the effort,” Fedorov says. One particularly “successful vector,” he says, is basically trolling. His government has been sending users “into the comment sections of posts by some very high traffic Russian influencers and just trying to talk sense into people and telling them that there's actually a war in Ukraine.”

Fedorov is also responsible for Ukraine’s IT Army, a network of cyber activists and hackers who have targeted Russian systems. In recent weeks, they have dumped huge troves of personal information from large Russian corporations.

Russia’s poor information security has also been a significant factor in their fumbled invasion.

A huge number of technology providers, from cybersecurity firms to cloud hosting services, have pulled out of Russia since the start of the war—either due to sanctions or to a concerted push from Fedorov and others in the Ukrainian government. “If the world were able to stop the delivery of these products to Russia, we see that they will have no infrastructure even to organize attacks,” Zhora says.

Russia’s attempts to knock out mobile and internet connections in Ukraine have mired their own communications. Their encrypted radio platform, Era, has been unreliable, leading Russian soldiers to opt for unencrypted platforms. Numerous outlets have reported details of conversations between Russians troops, their commanders, and their families—some even admitting to possible war crimes over unencrypted channels.

While Fedorov’s reform mission has played a large role in modernizing Ukraine, support from the West has certainly helped. SpaceX and the United States have sent some 5,000 Starlink terminals. Fedorov says the European Union has provided some 10 million euros toward computer systems and workstations.

Asked what Ukraine needs as the war wears into its third month, Fedorov mentions satellite equipment, including more Starlink terminals, as well as laptops, tablets, and other tools “to put our civilian infrastructure back online.” He also jokes: “Let's say that the most surefire way to keep us online for a very long time to come is to provide us with artillery, tanks, and warplanes—because that will effectively end the war. And that will remove the problem altogether.”

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   Sober influencers and the end of alcohol
*   For mRNA, Covid vaccines are just the beginning
*   The future of the web is AI-generated marketing copy
*   Keep your home connected with the best wi-fi routers
*   How to limit who can contact you on Instagram
*   👁️ Explore AI like never before with our new database
*   🏃🏽‍♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones

Ukraine’s Digital Battle With Russia Isn’t Going as Expected

The AI startup releases new threat signatures to expand the computer vision platform’s ability to identify potential physical security incidents from camera feeds.

A comprehensive cybersecurity strategy should include physical security. Adversaries don't need to worry about compromising a corporate device or breaching the network if they can just walk into the office and connect directly into the network.

CISOs are increasingly including physical security as part of their strategic investments, says Stephanie McReynolds, head of marketing at Ambient.ai. Organizations are spending a lot of money and effort to lock down cybersecurity, but all of those security controls are useless if the adversary can just enter a restricted space and leave with equipment.

"The last mile of cybersecurity is physical location," McReynolds says.

Ambient.ai uses computer vision technology to solve physical security problems, such as monitoring who is entering the building or a restricted area and monitoring all the video feeds coming from the camera network. Computer vision is a subcategory of artificial intelligence dealing with how computers can process images and videos and derive an understanding of what they are seeing. The idea behind computer vision is to provide computers with eyes to see the same things humans see, and training the algorithm to think about what the eyes saw.

In the case of Ambient.ai, the company's computer vision intelligence platform serves as "the brain" behind physical access control systems, such as security cameras and physical sensors (such as door locks and entry pads). This week, the company expanded the catalog of behaviors the computer vision platform can recognize with 25 threat signatures.

**Computers Help Humans See**  
Traditionally, physical security involves staff in the security center monitoring alerts from the sensors and watching video feeds to try to detect when something untoward is happening. They may receive alerts that a door is open, or that a person swiped the access card to get into the building after-hours. There might be camera footage of someone loitering for quite some time in the building lobby, or a person entering a restricted area carrying an unauthorized laptop. Humans are expected to detect and respond to security incidents, but between fatigue and too much information to process, things can get missed.

"One individual is trying to watch 50 camera feeds at once. This doesn't work," McReynolds notes.

There have been three waves in computer vision, McReynolds says. The first wave was basic detection — that there was an object there, but no insight into what it was. The second wave added recognition, so it knew what it was looking at, such as whether it was a person or a dog. But it was a limited form of recognition, and there was a lot that was still unknown about the object it was looking at. The third wave, the current one, takes in context clues from the broader scene to understand what is happening. Just as a human would look at details around the object to understand what is happening, such as whether the person is sitting or if the person is outside, computer vision technology is now capable of collecting those details.

Ambient.ai breaks down the image or video into "primitives" — which refers to components such as interactions, locations, and objects seen — and constructs a signature to understand what is happening. A signature may be something like a person standing in the lobby for a long time not interacting with anyone, for example.

The new threat signatures expand the platform's ability to catalog over 100 behaviors, McReynolds says.

**Recognizing What Is an Incident**  
The Ambient.ai Context Graph assesses three risk factors to determine next steps: the context of the location, the movements that create behavior signatures, and the type of objects interacting in a scene. Based on these factors, the platform can dispatch security personnel to handle the incident, validate risks, or trigger proactive alerts. With the Context Graph, analysts can also tell which alerts are not security incidents, such as a door that didn't latch properly, and close the ones that don't require any action.

"A person holding a knife running in the kitchen isn't a security incident," McReynolds says. "A person holding a knife running in the lobby, on the other hand, is a security incident."

VMware, an Ambient.ai customer, claims that 93% of its alerts each year were false positives. By integrating Ambient.ai's platform with its physical access control systems, VMware's security teams didn't have to deal with those alerts and were able to focus their attention on dealing with the remaining 7% of alerts to stop security incidents on its campus.

McReynolds described a potential workplace violence scenario, where a former employee tried to use their badge to enter the building. The invalid badge in and of itself is not a security threat, but paired with security footage of the former employees sitting in the lobby and not interacting with anyone, there are enough reasons to be concerned. The alert would then be prioritized to send a guard to approach the individual.

"Sometimes it takes just a conversation and the person will stand down," McReynolds says.

All that is accomplished without resorting to facial recognition, which brings a host of privacy implications. Ambient.ai uses machine learning, pattern-matching, and computer vision to make decisions about what is important.

**Computer Vision in Security**  
Computer vision technology is useful in several security contexts because it can be used to detect manipulations that are less visible to the human eye, says Fernando Montenegro, senior principal analyst at Omdia. For example, the technology can be used to identify spoofed logos and websites used in account takeovers and ecommerce fraud. Another interesting use case is to represent binary samples as images, and then using imaging classification techniques to classify them as malicious or not, he says.

One aspect of computer vision is the capability to analyze "datasets that are not originally 'images' themselves, but can be encoded as such," Montenegro says.

Humans have the capacity to say something doesn't look right, even if they can't specifically point to something that is wrong, says Gunter Ollmann, CSO of Devo. An intriguing application of computer vision research is to train the algorithm to be able to detect something is wrong because of the way it looks, he says. By turning source code into an image, the machine can analyze the structure and other patterns to detect potential issues without having to analyze the code line by line. This kind of analysis can be used for malware analysis, by color-coding different categories of function and analyzing the image to get an understanding of what the application is doing.

There are several computer vision startups tackling cybersecurity issues. Hummingbirds AI uses facial biometrics to authenticate users and grant access to the device. When the computer "sees" a person who is not authorized that is close to the screen, the tool blocks access. Pixm relies on computer vision to identify and stop spear-phishing attacks. The platform runs in the browser window and is available from the moment the user clicks on a link until the campaign is disrupted.

"We are now in an exciting era where \[the machine\] can collaborate with the human," Ambient.ai's McReynolds says, regarding advancements in computer vision.

Ambient.ai Expands Computer Vision Capabilities for Better Building Security

Kremlin-linked actors have launched multiple assaults since invasion began

Kremlin-linked actors have launched multiple assaults since invasion began

  

A new report from Microsoft has revealed that at least six separate Russian nation-state actors have launched damaging cyber-attacks against Ukraine since the invasion began earlier this year.

The study (PDF), released yesterday (April 27), detailed how Microsoft researchers have tracked at least 237 “cyber operations” originating from Russia.

These attacks “have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership”, Microsoft states.

It comes more than two months after Russian troops invaded neighboring Ukraine, sparking the beginning of a war that has so far claimed tens of thousands of lives.

**Direct hits**

Microsoft has observed these cyber-attacks as being “strongly correlated and sometimes directly timed” with Russia’s kinetic military operations targeting services and institutions crucial for civilians.

“For example, a Russian actor launched cyber-attacks against a major broadcasting company on March 1, the same day the Russian military announced its intention to destroy Ukrainian ‘disinformation’ targets and directed a missile strike against a TV tower in Kyiv,” the report details.

As many as 32% of destructive attacks directly targeted Ukrainian government organizations at the national, regional, and city levels, while more than 40% of attacks were aimed at organizations in critical infrastructure sectors that could have negative second-order effects on the Ukrainian government, military, economy and civilians.

A diagram detailing some of the nation-state actors identified by Microsoft

“At least six known or suspected Russian cyber threat groups in addition to other unattributed threat actors are engaged in activities that range from reconnaissance and phishing for initial access to pervasive lateral movement, data theft, and data deletion,” according to Microsoft.

“The multiple phases of their operations suggest these actors are positioning themselves for continued compromises and impact on Ukrainian networks for the duration of this conflict and beyond.”

Nation-state groups mentioned in the report include GRU unit 74455, aka Sandworm, also known as Iridium, which Microsoft claims is responsible for the malware FoxBlade wiper, CaddyWiper, and Industroyer2. GRU is Russian military intelligence.

Read more of the latest security news from Ukraine

Also mentioned in the report is Nobellium, aka APT29, which is thought to be led by Russia’s Foreign Intelligence Service, which has been seen using password spraying and phishing attacks against Ukrainian and NATO member diplomatic targets.

Microsoft stated that these attacks used a variety of techniques to gain initial access to their targets including phishing, use of unpatched vulnerabilities, and compromising upstream IT service providers.

The tech giant also noted how the cyber-attackers often modify their malware with each deployment to evade detection. “Notably, our report attributes wiper malware attacks we previously disclosed to a Russian nation-state actor we call Iridium,” Microsoft added.

READ MORE Data wiper deployed in cyber-attacks targeting Ukrainian systems

The Windows-specific data wiper appeared on “hundreds of machines”, according to telemetry from information security firm ESET, in the days following the invasion.

The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data.

Although primarily directed towards Ukraine, the ‘HermeticWiper’ malware strain has also been detected in the Baltic states of Latvia and Lithuania.

Date stamps on the malware indicate that it was compiled two months before the invasion – evidence that the cyber-attack was premeditated.

**Continued escalation**

“Given Russian threat actors have been mirroring and augmenting military actions, we believe cyber-attacks will continue to escalate as the conflict rages,” Microsoft concluded.

“Our report includes specific recommendations for organizations that may be targeted by Russian actors as well as technical information for the cybersecurity community.

“We will continue to provide updates as we observe activity and believe we can safely disclose new developments.”

The full report (PDF) contains more information, including a detailed timeline of individual attacks targeting Ukraine.

DON’T MISS Ukrainian ISP used by military disrupted by ‘powerful’ cyber-attack

<span>Microsoft report unmasks at least six Russian nation-state actors responsible for cyber-attacks against Ukraine</span>

Scammers are disguising their phishing page as a donation hub for Ukrainian refugees.
The post Fake USA for UNHCR site wants your Ukraine donations in Bitcoin appeared first on Malwarebytes Labs.

Since Russia began invading Ukraine in late February, many organizations have set up donation pages to aid the most heavily affected: Families who were forced out of their homes due to bombings and children separated from grown-ups who decided to stay and take arms.

We’ve also seen a considerable amount of scams preying on those who want to bring help to the helpless. During these times of struggle, donation and phishing scams abound, too.

**There’s a spam campaign encouraging you to donate to or support Ukraine**

Our email honeypot snagged dozens of samples belonging to a campaign that spoofed an email that receivers were meant to believe came from the United Nations or United Humanitarian.

Our Threat Intelligence Team took a closer look and found that the actual senders are work email addresses of individuals linked to legitimate services in Bangladesh. The emails appeared to be compromised.

    Hello
    
    We stand with our friends and colleagues in Ukraine during this heinous assault on their freedom, their independence and their lives. We are actively supporting our resilient team and are doing what we can to insure their safety, click on the Link to see more updates or photos and videos of the invasions from Russian. Donate and Support Ukrainian now to save lives.
    
    Visit: {redacted URL}
           {redacted URL}
    
    Thanks for your support.
    Regards
    UNITED HUMANITARIAN

Clicking the links in the email body, or copying and pasting them to your browser, opens this legitimate looking website:

We inspected the URL using a domain registrant and found it was created on April 19 2022, two days before we started receiving the spam emails.

**Be extra vigilant with “mirrored” sites**

The scam page looks slick, professional, and not what you may expect from a bogus donation portal. There’s a good reason for this. The entire site has been copied from _unrefugees.org_ using HTTrack, a free website copier.

_This is inside the code of the fake refugee website helping Ukraine families flee. Website copiers can make a fake site a spitting image of its original counterpart._

_Unrefugees.org_ is the USA for UNHCR (United Nations High Commissioner for Refugees). It is a Washington-based, not-for-profit organization whose mission is to provide food, shelter, and medical care to those fleeing their homes due to conflict, persecution, or violence.

While the fake site mirrors the legitimate site perfectly, it has one major exception: They switched out the genuine donation page for one of their own. The real site allows you to donate monthly via credit card, Google Pay, or PayPal. Donations made to the fake site, however, are made through Bitcoin.

_This is the form donors would have to fill in._

We checked multiple sources for information on the Bitcoin address provided. It doesn’t appear in scam databases or fraud reports and has neither sent nor received funds. This, combined with the site now failing to resolve, hopefully means the scammers got nowhere with their phishing attempt.

**How to tell if a donation site is what it says it is**

It’s very difficult to know at a glance which sites are real. This is especially true where donations are concerned. However, there are tools available to check.

You can check for registered charities online in most cases, and the genuine site is listed here against the BBB (Better Business Bureau) record. You can find similar types of checks in other countries.

There are very good reasons for making speedy donations. Even so, taking the time to ensure the site you’re donating to is the real deal is the best course of action for both you and the people you’ll be helping.

Stay safe out there!

Fake USA for UNHCR site wants your Ukraine donations in Bitcoin

As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.

Artificial intelligence has evolved rapidly during the last few years and is being applied across industries for endless use cases as a powerful and innovative tool. However, great responsibility comes with great power. Thanks to AI and machine learning (ML), fraud prevention is now more accurate and evolving faster than ever. Real-time scoring technology allows business leaders to detect fraud instantly; however, the use of AI- and ML-driven decision-making has also drawn transparency concerns. Further, the need for explainability arises when ML models appear in high-risk environments.

Explainability and interpretability are getting more important, as the number of crucial decisions made by machines is increasing. "Interpretability is the degree to which a human can understand the cause of a decision," said tech researcher Tim Miller. Thus, evolving interpretability of ML models is crucial and leads to well-trusted automated solutions.

Developers, consumers, and leaders should be aware of the meaning and process of fraud prevention decision-making. Any ML model that exceeds a handful of parameters is complex for most people to understand. However, the explainable AI research community has repeatedly stated that black-box models are not black box anymore due to the development of interpretation tools. With the help of such tools, users are able to understand, and trust ML models more that make important decisions.

**The SHAP of Things**  
SHAP (SHapley Additive exPlanations) is one of the most used model-agnostic explanation tools today. It computes Shapley values from coalitional game theory, which evenly shares the impact of features. When we are fighting fraud based on tabular data and using tree ensemble methods, SHAP’s TreeExplainer algorithm provides the opportunity to get exact local explanations in polynomial time. This is a vast improvement compared to neural network-based explanations because only approximations are feasible with such tools.

With the term "white box," we are referring to the rule engine that calculates the fraud score. By their nature, the black-box and white-box models will not give the same results because the black box gives us results according to what the machine learned from the data, and the white box gives scores according to the predefined rules. We can use such discrepancies to develop both sides. For example, we can tune the rules according to the fraud rings spotted with the black-box model.

Combining black-box models with SHAP lets us understand the model's global behavior and reveals the main features that the model uses to detect fraudulent activities. It will also reveal undesirable bias in the model. For example, it may uncover that a model may be discriminating against specific demographics. It is possible to detect such cases and prevent unfair predictions by global model interpretation.

Additionally, it helps us understand individual predictions made by the model. During the debugging process of ML models, data scientists can observe each prediction independently and interpret it from there. Its feature contribution gives us great intuition about what the model is doing, and we can take action from these inputs for further development. With SHAP, end users are not just getting essential features of the model, they also get information about how (in which direction) each feature is contributing to the model's output, which yields fraud probability.

**The Confidence Factor**  
Finally, confidence is gained from customers by gaining trust in a successful model with the help of SHAP. In general, the faith in a product is higher if we understand what it is doing. People don't like things that they don't understand. With the help of explaining tools, we can look into the black box, understand it better, and start trusting it. And by understanding the model, we can improve it continuously.

An alternative to gradient boosting ML models with SHAP could be Explainable Boosting Machine (EBM), the flagship of InterpretML (Microsoft's AI framework), which is a so-called "glass box" model. The name glass box comes from the fact that it is interpretable by its nature due to its structure. According to the original documentation, "EBMs are often as accurate as state-of-the-art black box models while remaining completely interpretable. Although EBMs are often slower to train than other modern algorithms, EBMs are extremely compact and fast at prediction time." Local Interpretable Model-Agnostic Explanations (LIME) is also a great tool that could be used for black-box explainability; however, it is more popular with models functioning on unstructured data.

With these tools and transparent data points, organizations can confidently make decisions. All stakeholders must know how their tools work to get the best results. Being aware of black-box ML and the various techniques that combine with it can help organizations better understand how they are getting results to reach their business goals.

Explainable AI for Fraud Prevention

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine’s digital infrastructure.

Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat (APT) groups behind attacks that began in February. According to research published by Microsoft on Wednesday, the APTs involved in the campaigns are state-sponsored by Russia.

Separate reports published this week also shed new light on the wave of cyberattacks against Ukrainian digital assets by APTs with ties to Russia.

Microsoft researchers believe six separate Russia-aligned threat actors carried out 237 cyber operations that resulted in threats to civilian welfare and attempted to carry out dozens of cyberespionage attacks against Ukrainian targets.

Moreover, Russia is believed to be using cyberattacks in a type of “hybrid war”, according to a blog post by Tom Burt, corporate vice president of Customer Security and Trust at Microsoft. That correlates  “with its kinetic military operations targeting services and institutions crucial for civilians,” he said.

“The attacks have not only degraded the systems of institutions in Ukraine but have also sought to disrupt people’s access to reliable information and critical life services on which civilians depend, and have attempted to shake confidence in the country’s leadership,” Burt wrote.

Meanwhile, researchers at Computer Emergency Response Team of Ukraine (CERT-UA) have been doing analysis of their own on the cyber-attacks that have been hampered the country in the lead up to and during the war.  The agency said it recorded 802 cyber attacks in the first quarter of 2022 alone, more than double the number for the same period last year, which was 362.

Carrying out those attacks are primarily five known Russia or Belarus-sponsored APTs, CERT-UA said. Specifically, those groups are: Armageddon/Garmaredon, UNC1151, Fancy Bear/APT28, AgentTesla/XLoader and Pandora hVNC/GrimPlant/GraphSteel.

****‘Hybrid’ War****

Microsoft security teams have been working closely with Ukrainian government officials as well as both government and private-enterprise cybersecurity staff to identify and remediate threat activity against Ukrainian networks, researchers said.

Russia appears to have been preparing for the land conflict with Ukraine in cyberspace about a year before the war began, or since March 2021, according to the report.

In the lead up to the ground conflict and the subsequent invasion, threat groups with known or suspected ties Russia “continuously developed and used destructive wiper malware or similarly destructive tools on targeted Ukrainian networks at a pace of two to three incidents a week,” researchers found.

“From February 23 to April 8, we saw evidence of nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine,” they wrote.

Even before that, in January, Microsoft identified a Master Boot Record (MBR) wiper attack that it named WhisperGate targeting Ukraine to permanently disrupt organizations across the country and paint it as a failed state. Wipers are the most destructive of malware types because they permanently delete and destroy data and/or systems, causing great financial and reputational damage to victims.

From late February to mid-March, another series of wiper attacks using malware called HermeticWiper, IsaacWiper and CaddyWiper targeted organizations in the Ukraine as Russia commenced its physical invasion.

****Attacks on Critical Infrastructure****

In its latest report, Microsoft said that more than 40 percent of the destructive attacks against Ukraine were aimed at organizations in critical infrastructure sectors that could have negative second-order effects on the government, military, economy and the country’s people.

Moreover, 32 percent of destructive incidents affected Ukrainian government organizations at the national, regional and city levels.

“Acknowledging that there is ongoing activity that we cannot see, we estimate there have been at least eight destructive malware families deployed on Ukrainian networks, including one tailored to industrial control systems (ICS),” researchers wrote. ” If threat actors can maintain the current pace of development and deployment, we anticipate more destructive malware will be discovered as the conflict continues.”

The report includes a specific timeline of attacks and the malware used in the earliest weeks of the attack to support Russia’s military activities. In addition to the wipers previously mentioned, other malware deployed in the attacks includes: FoxBlade, DesertBlade, FiberLake, SonicVote and Industroyer2.

****Frequent Offenders****

On the heels of CERT-UA’s revelation of the top ATPs pummeling Ukraine in cyberspace, research firm Recorded Future’s The Record took a deeper dive into each other to examine its specific affiliations and modus operandi.

Armageddon/Garmaredon is an aggressive threat actor that’s been targeting Ukraine since 2014 and is backed by the Russian Federal Security Service (FSB). During the Russian war on Ukraine the group has used phishing attacks to distribute malware, most recently new variants of the “Backdoor.Pterodo” malware payload, according to researchers.

UNC1151 is a Belarus-aligned hacking group who has been active since 2016 and has previously targeted government agencies and private organizations in Ukraine, Lithuania, Latvia, Poland and Germany, as well as attacked Belarusian dissidents and journalists, researchers said, citing research from Mandiant.

Since Russia attacked Ukraine UNC1151 the group has been linked to the defacement of multiple Ukrainian government websites as well as spearphishing campaigns targeting the email and facebook accounts of Ukrainian military personnel to spread the MicroBackdoor malware.

Fancy Bear/APT 28 is a well-known and prolific actor active since 2017 and backed by Russia’s military intelligence service (GRU). The politically motivated group has been linked to activity aiming to influence elections in the European Union and the United States as well as attacking sporting authorities connected to the 2020 Tokyo Olympic Games.

On Feb. 24, the day Russia attacked Ukraine, Fancy Bear gained access to U.S. satellite communications provider Viasat’s KA-SAT network in Ukraine, leaving many Ukrainians without internet access and thus communication capability at the critical time when attacks began, researchers said.

Russian threat actors have used the AgentTesla and XLoader malwares since at least 2014 and 2020, respectively; both have been used in high-profile attacks. During Russia’s invasion of Ukraine, one malicious email campaign targeting Ukrainian state organizations used XLoader as its payload, while a phishing campaign targeting Ukrainian citizens spread AgentTesla,, researchers said.

Pandora hVNC/GrimPlant/GraphSteel act as downloaders and droppers under the umbrella term “Elephant Framework,” or tools that are written in the same language and used to target government organizations through phishing attacks, researchers said. In two separate malicious phishing campaigns in March, they were used against Ukrainian targets to steal sensitive information from government officials, among others, they said.

**History of Cyberattacks in Ukraine**

In March, Kaspersky’s Global Research and Analysis Team (GReAT) outlined its’ tracking of current and past cyberattacks in Ukraine.

Courtesy of Kaspersky

“The number of cyberattacks in Ukraine will increase during the next six months. While most of the current attacks are of low complexity – such as DDoS or attacks using commodity and low-quality tools – more sophisticated attacks exist also, and more are expected to come,” Kaspersky researchers wrote.

“Current complex activities include the employment of HermeticWiper, which stands out due to its sophistication, as well as the Viasat ‘cyber event’ – the partial network outage that impacted internet service for fixed broadband customers in Ukraine and elsewhere on the European KA-SAT network that affected over 30,000 plus terminals in Europe,” the Kaspersky report added.

Tag

#intel