Executive Cyber Intelligence Bi-Weekly Report

ISRAEL

Cyberattack on Israel's Defense Ministry thwarted

Israel Channel 2 News reported that a cyberattack, targeting Defense Ministry computers, was thwarted in recent weeks. The hackers sent an infected email containing malicious files that would enable the following of open network computers content from a distance. Although the Israeli Defense Ministry blocked the attachment, the email reached many users in a number of departments. The security information division within the Ministry of Defense alarmed the workers in order to refine procedures in order to prevent similar incidents in the future. The Ministry of Defense statement in response to the attack was as follows: "This was not (an attack targeting) the internal network and/or classified information, but rather on the Internet, which is unclassified. The Ministry’s defense systems acted to prevent the Internet from being affected."

U.S. and CANADA

Chinese hackers attack on U.S. officials’ email accounts might cause US-China cyberwar

Personal email accounts belonged to officials in the Joint Staff where breached by Chinese government hackers. The attack was aimed at personnel of "all top national security and trade officials," said U.S. government sources. Due to the attack, about 4,000 military personal and related civilians lost connection to their email accounts while the system was cleaned. Like previous Chinese attacks, this one was made by spear phishing. As a result of the attack, the U.S. government has launched several different investigations into cybersecurity breaches, the largest of which exposed the personal information of 22 million past and present government employees held in the Office of Personnel Management’s (OPM) database, according to the Guardian. The investigation revealed a problem within the U.S. government's security system, and internals fights between several governmental wings, which caused cybersecurity gaps. Other efforts are being made to stop the Chinese hackers' attempts once and for all. The Obama government decided to act against the attacks in order to improve its preemption, and prevent any other Chinese attack on American databases and government sites. Currently, the U.S. government cannot agree on the correct way to imitate China; the U.S. government is aware of the fact that an American attack will cause a Chinese counterattack, a scenario the U.S. government is ready for. A U.S.-China cyberwar is possible and will cause unpreventable damage to American systems and civil and military infrastructure, for which the U.S. government is not yet ready.

U.S and Ukrainian hackers traders used stolen data to make $100 Million

A group of mainly U.S. based stock traders and computer hackers in Ukraine made as much as $100 million in illegal profits over five years, by conspiring to use information stolen from thousands of corporate press statements before their public release. On August 10th, FBI agents swooped in and arrested five men who allegedly helped run a massive international insider-trading ring — stretching from Pennsylvania to Ukraine — using hackers to gain unauthorized access to quarterly reports of corporate earnings. The group gained access to more than 150,000 pre-released quarterly reports and made $30 million in illicit profits by trading in the companies' stock before the information became public, according to court papers. Ivan Turchynov, 27, and Oleksandr Ieremenko, 23, based in Kiev, and the masterminds of the ring, used sophisticated techniques like "SQL injection attacks" to hack into BusinessWire, PRNewswire and Marketwired to gain access to the quarterly results, the feds alleged. At the same time, the Securities and Exchange Commission (SEC) filed a similar civil action against 31 people and companies, including offshore hedge funds, alleging they earned $100 million by trading in the stolen data from February 2010 until August 10th, 2015.

The mastermind of the U.S. trading group was Arkadi Dubovoy, a 51-year-old Ukrainian immigrant living in the Atlanta area who was nabbed Tuesday at home by the FBI. He also drew his family and friends into the scheme and made more than $11 million, the SEC alleged. Vitaly Korchevsky, a 49-year-old former Wall Street money manager and currently the pastor at the Slavic Evangelical Baptist Church in Brookhaven, Pennsylvania, made $17.5 million thanks to the scheme. He was arrested at his home. The Dubovoy group, which made more than $31 million, tried to conceal its trading by setting up accounts at 10 brokerages, the SEC alleged.

RUSSIA

Kaspersky Lab accused of sabotaging rivals with fake malware

According to news agency Reuters referring to the former employees of the company, for 10 years, a well-known manufacturer of anti-virus software "Kaspersky Lab" deceived its competitors by supplying false information about malicious software. According to sources, who wished to remain anonymous, the "Kaspersky Lab" employees, labeled safe files as infected, resulting in anti-virus solutions from Microsoft, AVG, Avast and other producers mistakenly delete important files from users' computers, taking them for malware. As a result from these actions, suffered not only competitors, but also ordinary consumers.

EUROPE UK: Large data breach against the largest British cell phone dealer

A few days ago the largest British cell phone dealer was the victim of a large data breach. Indeed, about 2.4 million details of personally identifiable information, including names, addresses, birth dates, and bank cards of 90,000 people, have been stolen by cyber criminals. According to the company, cyber criminals targeted a department in charge of managing the following websites: OneStopPhoneShop.com, e2save.com, and Mobiles.co.uksites, as well as providing services to ID Mobile, TalkTalk Mobile, Talk Mobile, and some customers of Carphone Warehouse. According to the first reports of the investigation, the attack probably was launched two weeks before it has been discovered. Moreover, the cyber criminals may have performed a DDoS attack as a cover to help them infiltrate the retailers' systems and perpetrate the data thefts. In order to launch a DDoS attack, a large network of compromised computers, known as a botnet, is used to flood the targeted computers. The company immediately announced the closure of the targeted websites, started to investigate the case in order to determine the nature of compromised data, and inform the customers affected by this attack.

In addition, Sebastian James, the chief executive of Dixons Carphone, apologized for the incident and declared that, "We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems. The company will continue to investigate the data breach and will probably collaborate with law enforcement agencies including the Cyber Department of the UK National Crime Agency . . . "

European Union to adopt new cyber security rules

The activity of Internet companies within the EU could be subjected to cybersecurity rules. Indeed, these rules should be included in the Network and Information Security (NIS) Directive, proposed in February 2013, and addresses the strengthening of the responsiveness of the EU’s 28 member states and the cooperation between the authorities in the fight against cybercrime. The EU cooperation issues were first addressed in 2013 with the launch of the European Crime Centre. Furthermore, other measures adopted or proposed by the EU including the establishment of a European Computer Emergency Readiness Team (CERT) in order to counter cyber threats and simulate various cyberattack scenarios. Primarily intended to maintain public confidence in the digital business, the NIS is the subject of disagreement between member states and regulatory authorities on issues such as the inclusion of service platforms, search engines, networks social, e-commerce sites, and cloud providers.

ARAB COUNTRIES

Islamic State's cyberwar against the West may have already began

After a hooded man, claiming to be affiliated with the Islamic State, said a few months ago in a video clip that he and other hackers who support the radical Islamic terror organization are about to wage a cyberwar against the U.S., it seems things are about to become real. Although experts said it is unlikely this cyberwar will start before the end of the year, a group named "Islamic State Hacking Division" has published a list of personal information belonging to a couple of hundred employees at the U.S. Air Force, Marines, NASA and the Port Authority of New York and New Jersey. U.S. officials refused to respond anything else, and said, "We are aware of the report, but cannot confirm credibility at this time. The safety of our service members is always a primary concern"

CHINA and APAC

China is setting up "cybersecurity police stations" at major Internet companies to catch illegal Internet behavior

China is planning to set up "cybersecurity police stations" in major Internet companies and for websites so authorities can move more quickly against criminal online behavior.

The given reason for this project is due to Deputy Minister of Public Security, Chen Zhimin, who believes that the police should take a leading role in online security, and work closely with Internet regulators to stop illegal behavior as early as possible. The authorities have been tightening control over the Chinese Internet in recent years and reprimanded social media companies for failing to move quickly enough to remove pornography, scams, rumors, or politically sensitive content.

A veil of secrecy masks might have stepped-up cyberattacks in Asia

According to cybersecurity experts, there is no uniformity across Asia regarding cybersecurity. Some of the Asian countries do not even have a law to regulate cyberattacks. In mainland China, security seems to be the lowest priority. In general Asia faces a lack of mechanisms to report illegal Internet behavior. There is no telling how often or how much personal information is taken from databases. Moreover, Asian corporations and governments invest less in security and when on target, they share less with regulators and other countries, in part because of long-standing tensions with their neighbors. As a result, they become quite easy targets for cyberattacks. According to the network security company FireEye Inc., companies in Asia are targeted 35 to 40 percent more than the global average. Law firm DLA Piper estimates Asian institutions are twice as likely to be targeted.