by tyler | Dec 29, 2023 | Tech
Earlier this month, at the Slush tech conference in Helsinki, this editor had the opportunity to sit down with Sanna Marin, the popular former prime minister of Finland who became known internationally for socializing with friends, but whose accomplishments in office are far more significant, including successfully pushing Finland to join NATO to better protect the country from its neighbor Russia after its invasion of Ukraine.
Marin, who opted out of Finnish politics in September, works today at the Tony Blair Institute as a strategic counselor; she is also working on a startup with one of her longtime political advisors . Still, based on the rapturous crowd that Marin drew during our conversation at Slush, it’s easy to imagine her eventual return to the political arena.
She didn’t rule it out during our sit-down. However, we spent much more time talking about what Russia’s aggression means for the rest of the world, why women should more readily trust themselves in positions of power, and the promises and perils of AI — and what lawmakers should do about it. Here are excerpts from that chat, edited lightly for length and clarity.
In late 2019, you took on a job that’s typically the culmination of a long career in public service and you took it on fairly early [at age 34]. What was it like to be thrust into that position?
Well, of course, when you take that kind of position or job, you’re never fully prepared. When you do the work, then you learn what the job is, so it’s a leap of faith. In Finland, we’ve had a few female prime ministers, but if we look globally, the situation isn’t very good. We have 193 countries in the UN and only 13 of them are led by women, so the world isn’t very equal [when it comes to] leadership and it never has been. I only hope that we will see more female leadership in the world in the future.
We’re sitting here in front of a very big audience of tech founders who are trying to knock down walls and also shatter glass ceilings. What’s your advice to them?
My main advice is to trust yourself. Believe in yourself. If you’re in a position where you are able to take a leadership position, then think, ‘Maybe I am capable. Maybe I can do this.’ Especially women, many times they question themselves. Are they ready for that job? Are they good enough? Can they do everything perfectly? Men don’t think like that. They think that ‘Yeah, I’m better. I’m the best one for the job.’ I think women also need that attitude and they need the support and to be encouraged to take risks and leadership positions, because women are good leaders. And if you’re at that point where you can take that position, it’s because you are good and you are capable. So go for it.
You went through a lot as PM. Soon after you were elected, COVID took hold of the world. Last year, Russia invaded Ukraine. You have a very long and complicated relationship with Russia. You’ve got a very long border with Russia. Can you take us back to that day when you heard the news [of the invasion] and what was going through your mind?
I can remember vividly, like it was yesterday, because we knew by then that it was probable that Russia would attack Ukraine. During that [preceding] summer, almost half year earlier and during that whole fall, Russia, for example, slowed energy flows to Europe to lessen different countries’ storage, and thus, Russia could use energy as a weapon against Europe later on. Russia also put many troops near the Ukrainian border, saying it was a drill and they wouldn’t attack. Now we know that was a lie. Many leaders were in contact with Putin, trying to find diplomatic, peaceful routes out of the situation before the full attack started, and he lies to everyone. Now, we have to learn from that. I have said on many stages that Western countries, democratic countries everywhere globally, should stop being naïve. We should wake up to authoritarian regimes and [recognize that’s how] they function and see the world and their logic is very different from the democratic countries. We thought in Russia’s case that because we have close economic and business ties with Russia that those connections could secure peace because it would be so costly and so stupid to start a war. Because it is stupid. It’s illogical, from our perspective. But authoritarian countries don’t think like that. So it didn’t prevent anything.
You’ve talked before of people’s naivete when it comes to dealing with authoritarian governments, including as it relates to tech, where you believe that autonomy is also important. I’ve heard you express concern about Europe’s broad reliance on chips from China, for example. How would you rate Finland’s progress on this front?
Finland is doing quite well compared to many other countries . . . When we look at tech, the most important thing is to invest in education from early childhood to universities [and to invest heavily in] R&D and new innovations . . . We agreed in Finland that we are aiming to raise our R&D funding to up to 4% of our GDP by the year 2030, which is actually a very ambitious goal . . . but I’m an optimist and I want to believe that technology can actually help us in solving the big issues of the future, like climate change, loss of biodiversity, pandemics and other critical problems. So we need technical solutions. We need innovation. And we need to make sure that we also have the platforms and the will to encourage building that. . .
How would you grade the European Commission’s work?
In many ways, the situation in Ukraine has deepened the relationship between Europe and the States and also Great Britain. Europe as a whole has a great role in making sure that we have good rules internationally when it comes to big tech and the development of AI. So we need ethical rules that every country in the world should or have to follow. I can see a lot of risks if the European Commission or other legislative bodies don’t work with the entrepreneurs or private sector businesses because the development of new technologies is so fast, so cooperation is key. And I would like to see more interaction and cooperation between private and public.
We’re already seeing so much good from AI when it comes to healthcare and education. We’re also hearing more and more about risks to humanity. I know you’ve been excited about AI for some time. Have you changed your view about its potential?
Every technology — everything new — comes with risks. There is always a negative side to everything. But there is also a positive side, and that’s why I would like to see more and more interaction between the ones who are creating the technology and the legislative people who are creating the rules for these technologies . . . so we can make sure that there are more positive sides than negative ones.
I love the work-life balance in Finland, and I also love that there’s some aversion to outsize wealth, the very extreme opposite of which we see in the U.S. and especially in the Bay Area, where people tend to value themselves based on how much money they make. I do wonder if that is a gating factor to ambition here or to attracting and retaining entrepreneurs.
It’s very important that you have balance in your life. If you only work, you can work very hard for a certain period of time, but then you will burn out. I think we should encourage ambition but also [ensure people] have free time that they can spend with their family. In fact, we renewed the parental leave system in Finland [when] I led the government to ensure more time is given to fathers to spend with their small children, while also [making it more possible] for mothers to build their careers. I haven’t ever met a father who has said, ‘I really regret spending time with my kid when he or she was small,’ right? Nobody ever says that. That time away from work gives people perspective.
You’re now a political consultant working for the Tony Blair Institute. What do you make of the characterization of TBI as the ‘McKinsey to world leaders’?
Well, [my longtime advisor Tuulia Pitkänen] and I used to do this, working in almost 40 countries globally, advising governments, advising heads of states on different matters. Of course, it varies from country to country whether it’s to do with agriculture, technology or many other things, and my job [at TBI] is to [similarly] advise heads of state and also different governments on certain issues. You know, when you are in that position of leadership, leading a country, nobody really understands that. You cannot read it in a book, you have to experience it. So leaders need that kind of interaction — to speak with people who really know the job and how hard it is and all the factors that you have to consider doing that job. So that’s my job there. But I also do many other things like speaking at different events and interacting with people. I still want to change the world. I haven’t lost my passion about the issues [that compelled me to enter into] politics in the first place. I still have all those passions, but now I have of course more freedom to do other things and I’m open to them.
You were so popular as a prime minister. You’re also still very early in your career. Are you interested in going back into politics at some point?
I haven’t said that I wouldn’t ever go back. Of course, it’s a possibility. Someday, I might find that passion to pursue a political career once again. But for now, I’m doing something else. And I believe you should always close some doors to open new ones. Closing some doors, doing something else, finding new paths has worked well for me so far. So I never have had a five-year or 10-year career plan or any plan of the sort. I believe opportunities come to you, and then you take them or not. You can always choose. But my advice is to not plan too much of your life because life is always a mystery and it’s always unknown and that’s why it’s so interesting.
by tyler | Nov 6, 2023 | Tech
The U.S. government has sanctioned a Russian national for allegedly laundering millions of dollars worth of victim ransom payments on behalf of individuals linked to the notorious Ryuk ransomware group.
According to an announcement from the U.S. Treasury’s Office of Foreign Assets Control (OFAC), Ekaterina Zhdanova, 37, is accused of using virtual currency exchange transfers and fraudulent accounts to launder money for Russian elites, ransomware groups, and other bad actors to help them evade economic sanctions imposed on Russia’s financial system following the February 2022 invasion of Ukraine.
Ryuk first emerged in 2018 and is known for its attacks targeting the U.S. public sector. In 2020, during the COVID-19 pandemic, the gang was linked to an attack on Universal Health Services , one of the largest healthcare providers in the U.S., costing the healthcare giant at least $67 million in lost earnings.
OFAC said Zhdanova laundered more than $2.3 million of “suspected victim payments” for a Ryuk ransomware affiliate in 2021. Zhdanova allegedly ran the illicit funds through cryptocurrency exchanges that lack anti-money laundering controls, including the Russia-based Garantex exchange, which was the subject of U.S. sanctions in 2022.
Zhdanova also uses traditional businesses to maintain access to the international financial system, including through a luxury watch company that has offices around the world, according to OFAC. As per Chainalysis , a search of Zhdanova’s email address also reveals that she is currently selling a 13-room hotel in Moscow that “generates a profit of up to 1,000,000 rubles a month,” or about $11,000 at the time of writing — though it’s unclear the hotel business relates to her alleged money laundering activity.
TechCrunch sent Zhdanova several WhatsApp and Signal messages via the phone number included on the listing, but did not hear back.
Zhdanova has also been accused of conducting virtual currency exchange transfers on behalf of oligarchs who have relocated internationally. According to OFAC, a Russian oligarch sought out Zhdanova to move over $100 million in wealth on their behalf to the United Arab Emirates, and she also helped similar clients obtain tax residency in the country, as well as identification cards and bank accounts based in Dubai.
In February, the U.S. and U.K. governments levied sanctions against seven individuals allegedly connected to a single network behind the Conti and Ryuk ransomware variants, as well as the infamous Trickbot banking trojan . The sanctions came days after Russian citizen Denis Mihaqlovic Dubnikov, 30, pleaded guilty in a U.S. court to laundering Ryuk ransomware funds following his extradition from the Netherlands.
Do government sanctions against ransomware groups work?
by tyler | Nov 1, 2023 | Tech
In just a few weeks, Group-IB will be celebrating its twentieth birthday. It’s a momentous occasion for the controversy-marred threat intelligence company, which helps organizations and governments investigate cyberattacks and online fraud. And Group-IB is planning to celebrate in style.
In an exclusive interview, Group-IB co-founder and CEO Dmitry Volkov tells TechCrunch that the company is using this “key juncture” to scale up and become a global cybersecurity powerhouse; not only is Group-IB celebrating the two-decade milestone by raising its first round of funding in seven years — it’s also planning to make its mark in the United States.
Group-IB may have big plans coming up, but the company hasn’t had much to celebrate in recent years.
Back in September 2021, Group-IB’s co-founder and former CEO Ilya Sachkov was arrested by Russia’s Federal Security Service, and since convicted of treason by a Moscow court and sentenced to 14 years in prison. Investigators have said Sachkov was suspected of passing classified information to a foreign country, but no other details about the case have been revealed.
Sachkov’s arrest came after the 37-year-old cybersecurity expert spearheaded a move of Group-IB’s headquarters from Russia to Singapore after the U.S. government accused Moscow of meddling in the 2016 U.S. presidential election. Sachkov, who had been critical of the Russian government in the past, said at the time that moving to Singapore was part of the company’s efforts to grow its business and remain independent.
Months after Sachkov’s arrest, Group-IB — now headed by Volkov — further distanced itself from Russia by announcing it was leaving the country entirely. Group-IB, once seen as a shining star in Russia’s home-grown tech industry, completed its exit from Russia in April.
Volkov says that while Group-IB never kept that it was founded in Russia a secret, it was clear the company’s ties to the country were harming its relationship with international clients — particularly following Russia’s invasion of Ukraine in February 2022.
Volkov sold his stake in Group-IB’s Russia-based business to the company’s local management, and the standalone Russian business now operates under the brand F.A.C.C.T. Group-IB’s branding and trademarks will cease to be in operation in Russia by the end of 2023.
Group-IB is a provider of proprietary cybersecurity solutions that helps organizations to prevent cyberattacks, breaches, and online fraud. The company counts over 500 enterprise customers, including delivery giant DHL and Bulgarian banking giant DSK Bank, and tells TechCrunch that it makes almost 40% of its income from the APAC region.
The company also says it runs the largest computer forensics laboratory in Eastern Europe, where its investigators identify suspects and collect and analyze evidence on the cybercrime scene. The company, which partners with law enforcement agencies including Interpol and Europol, says it has so far carried out 1,300 successful investigations.
When it first announced its exit from the Russian market, Group-IB said it was focused on expanding its presence in the Asia-Pacific and Middle Eastern markets, where it intends to open new digital crime resistance centers, or DCRCs, to protect its clients against targeted cyberattacks.
The company is now looking to create a global network of independent DCRCs, each equipped with the expertise to assess the local specificities and threat landscape of the region on which they are based. Volkov tells TechCrunch that Group-IB plans to enter the Latin American market in 2024, before expanding to the United States in 2026.
Group-IB is an outlier in the cybersecurity industry. While it’s not the only technology company to have exited Russia in recent years, it is one of a few to remain self-sufficient. The company raised a modest $1 million in 2016 and has since relied on organic revenue to grow its business by 50% year-on-year, Volkov tells TechCrunch.
To expand globally, the company is looking to raise for the first time in seven years. “We want to speed up our business and technology development, and it’s probably a good moment for us to raise now,” Volkov said. He added that the company was “already in conversation” with some potential strategic partners, though he wouldn’t be pushed on who.
This funding will fuel Group-IB’s expansion into the Americas and its ambitions to build DCRCs in every region to become a “decentralized company.”
“If you look at other cybersecurity companies, they are always very centralized,” Volkov said. “We want to make every single point of presence of Group-IB as independent as possible.”
Group-IB’s expansion plans come as other cybersecurity vendors are laying off staff. The company plans to use this time to recruit technical experts in various regions, who would be responsible for digital forensics, incident and emergency response, and cyber forensics. (Volkov added that all potential candidates would undergo a polygraph. “Everyone — no matter what kind of role — must do a lie detector.”) Once the company starts to bring in revenue from that region, Group-IB will add layers, such as threat intelligence, and then “replicate” the same set-up in another region.
Volkov says the company has already started to hire in Latin America.
Hackers exploit WinRAR zero-day bug to steal funds from broker accounts
by tyler | Oct 31, 2023 | Tech
The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control failures for allegedly misleading investors about the company’s cybersecurity practices prior to a cyberattack launched by Russian hackers in 2019.
In a statement published late Monday , the SEC said SolarWinds “allegedly misled investors by disclosing only generic and hypothetical risks” at a time when SolarWinds and Brown knew of “specific deficiencies” in SolarWinds’ security practices and the increasing risks that the company was facing at the time.
The SEC’s complaint accused the company of making claims, including about its own security practices, that were “at odds” with its internal assessments. In one case, the SEC said Brown, who currently serves as SolarWinds’ chief information security officer, made presentations in the years prior to the hack that stated the company’s security practices were in a “very vulnerable state.”
But the federal regulator said that Brown failed to sufficiently raise security risks to the company or resolve them.
Gurbir S. Grewal, who oversees the SEC’s enforcement unit, said SolarWinds and Brown “ignored repeated red flags” and “engaged in a campaign to paint a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information.”
“Today’s enforcement action not only charges SolarWinds and Brown for misleading the investing public and failing to protect the company’s ‘crown jewel’ assets, but also underscores our message to issuers: implement strong controls calibrated to your risk environments and level with investors about known concerns,” said Grewal.
SolarWinds was hacked as far back as 2019 by a group of government hackers associated with Russia’s foreign intelligence service, who broke into SolarWinds’ network and planted a backdoor in the code of the company’s flagship Orion network management product. When the tainted Orion software was pushed to SolarWinds’ customers as a software update, the hackers gained access to every network running the compromised software, including private companies and federal agencies.
The hack was discovered almost a year later in 2020, during which several U.S. government departments were confirmed compromised, including NASA, Homeland Security and the Department of Justice, as well as security giant FireEye, and several tech companies, universities, and hospitals.
The SEC told SolarWinds in November 2022 that it faced enforcement action following the cyberattack, warning that the company’s cybersecurity disclosures and public statements were under scrutiny.
Following the breach, former SolarWinds chief executive Kevin Thompson was pilloried by U.S. lawmakers for blaming an intern for using the now-infamous password, “solarwinds123,” on a SolarWinds file server for several years until it was discovered by a security researcher. The SEC said in its complaint filed in a New York federal court that the simplicity of this password “did not comply with the company’s stated password complexity requirements,” which conflicted with SolarWinds’ publicly posted security statement. The SEC said that SolarWinds and Brown’s “misstatements and omissions regarding password issues were not only false and misleading, but materially so.”
A SolarWinds spokesperson declined to comment on the record. In a blog post published shortly after the SEC’s announcement, SolarWinds CEO Sudhakar Ramakrishna accused the SEC of launching a “misguided and improper enforcement action” against the company and that it will “vigorously oppose this action.”
Alec Koch, an attorney for Brown, said that he looks forward to defending Brown’s reputation and “correcting the inaccuracies in the SEC’s complaint.”
SolarWinds hackers targeted NASA, Federal Aviation Administration networks
by tyler | Oct 18, 2023 | Tech
Google security researchers say they have found evidence that government-backed hackers linked to Russia and China are exploiting a since-patched vulnerability in WinRAR, the popular shareware archiving tool for Windows.
The WinRAR vulnerability, first discovered by cybersecurity company Group-IB earlier this year and tracked as CVE-2023-38831, allows attackers to hide malicious scripts in archive files that masquerade as seemingly innocuous images or text documents. Group-IB said the flaw was exploited as a zero-day — since the developer had zero time to fix the bug before it was exploited — as far back as April to compromise the devices of at least 130 traders.
Rarlab, which makes the archiving tool, released an updated version of WinRAR (version 6.23) on August 2 to patch the vulnerability.
Despite this, Google’s Threat Analysis Group (TAG) said this week that its researchers have observed multiple government-backed hacking groups exploiting the security flaw, noting that “many users” who have not updated the app remain vulnerable. In research shared with TechCrunch ahead of its publication, TAG says it has observed multiple campaigns exploiting the WinRAR zero-day bug, which it has tied to state-backed hacking groups with links to Russia and China.
One of these groups includes a Russian military intelligence unit dubbed Sandworm, which is known for destructive cyberattacks, like the NotPetya ransomware attack it launched in 2017 that primarily hit computer systems in Ukraine and disrupted the country’s power grid.
TAG researchers observed Sandworm exploiting the WinRAR flaw in early September as part of a malicious email campaign that impersonated a Ukrainian drone warfare training school. The emails contained a link to a malicious archive file exploiting CVE-2023-38831, which when opened installed information-stealing malware on the victim’s machine and stole browser passwords.
Separately, TAG says it observed another notorious Russia-backed hacking group, tracked as APT28 and commonly known as Fancy Bear, using the WinRAR zero-day to target users in Ukraine under the guise of an email campaign impersonating the Razumkov Centre, a public policy think tank in the country. Fancy Bear is best known for its hack-and-leak operation against the Democratic National Committee in 2016.
Google’s findings follow an earlier discovery by threat intelligence company Cluster25, which said last week that it had also observed Russian hackers exploiting the WinRAR vulnerability as a phishing campaign designed to harvest credentials from compromised systems. Cluster25 said it assessed with “low-to-mid confidence” that Fancy Bear was behind the campaign.
Google added that its researchers found evidence that the China-backed hacking group, known as APT40, which the U.S. government has previously linked to China’s Ministry of State Security, also abused the WinRAR zero-day flaw as part of a phishing campaign targeting users based in Papua New Guinea. These emails included a Dropbox link to an archive file containing the CVE-2023-38831 exploit.
TAG researchers warn that the ongoing exploitation of the WinRAR bug “highlights that exploits for known vulnerabilities can be highly effective” as attackers use slow patching rates to their advantage.
Hackers exploit WinRAR zero-day bug to steal funds from broker accounts
