Executive Cyber Intelligence Bi-Weekly Report - Dec 1st, 2015

ISRAEL

A new Elbit cyber training center at Ariel University

Ariel University of Samaria is currently establishing a training center for cyber protectors, using technology by Cyberbit, a subsidiary of Elbit Systems. The institute will be part of the Cyber Technologies Center at the university. The center will be used as a professional platform for instruction in an academic framework meant to train students of engineering, computers science, cyber professions as well as engineers and people in the computers industry seeking professional instruction for handling attacks on computerized infrastructures system in various companies in the industry. The institute will enable cyber protectors to practice using a technological system called “Cyber Instructor,” developed by Cyberbit. This cyber instructor simulates the attacked environment, and with different cyber scenarios, offers trainees guidance in acquiring professional tools to handle cyberattacks and effectively defend against them.

UNITED STATES

US army to embed new cyber-proof tactical communication infrastructure

Assuming that the role of cyberwarfare in the next American conflict will be extensive, significant, and will require decision-making ability, the US army is developing new capabilities to give it an advantage in the future battlefield. The latest tool to join the American weapon arsenal is the public key infrastructure (PKI). This infrastructure, originating in the civil sector, uses digital certificates to encrypt communications. In developing destructive cyber weapons, the US army has realized its communication capabilities are vulnerable to cyberattacks. PKI infrastructure provides extensive solutions to information security concerns for tactical networks, allowing forces on the ground to act without risking hostile cyber sabotage of its tactical communications, and creating communication gaps between the forces. “PKI is today’s quintessential information assurance tool,” said Col. (Ret.) Cedric Leighton, a former deputy director of training for the National Security Agency. “In the cyber age, with such a high risk of enemy hackers gaining access to sensitive tactical networks, it’s essential that the protection that PKI provides be put in place on all networks.” As part of an online security review last summer, the US Marines turned to the IT administrators to immediately implement PKI. Other US security sectors have implemented or are planning to use PKI, often with an eye toward protecting highly vulnerable tactical networks. “The interesting thing about PKI is that it covers four different areas: authentication, data integrity, nonrepudiation, and confidentiality,” said Bob Fedorchak, principal information security engineer supporting the Cyber Security and Information Assurance Division of the Army’s Communications-Electronics Research, Development and Engineering Center (CERDEC) Space and Terrestrial Communications Directorate. “There are [other] solutions that cover one or maybe two areas, but not all four at once.”

Iranian cyberattack against US State Department officials

On November 24, four months after a historic accord between Washington and Tehran to limit Iranian nuclear ambitions, a sophisticated computer espionage by Iran, culminating in a series of cyberattacks against US State Department officials, has been detected by American officials and private security groups. Over the past month, Iranian hackers identified individual State Department officials who focus on Iran and the Middle East, and broke into their email and social media accounts, according to diplomatic and law enforcement officials. The State Department became aware of the compromises only after Facebook told the victims that state-sponsored hackers had compromised their accounts. It should be noted that in the aftermath of the nuclear accord, American intelligence officials warned senior officials that they expected Iran to increase its use of cyberespionage. Iranian cyberattacks are hardly new. They emerged after the American cyberattacks on Iran’s nuclear facility at Natanz, an operation that destroyed upward of a thousand Iranian centrifuges and drove home to the Iranian leadership the destructive power of cyber weapons. The American attacks began at the end of George W. Bush’s administration. State Department officials say none of this will affect the nuclear deal. The International Atomic Energy Agency reported last week that Iran is already beginning to dismantle some of its centrifuges – at the same site the United States and Israel attacked with cyber weapons.

Hilton Hotel chain suffered a data breach

On Tuesday, November 23, Hilton Worldwide Holdings Inc. reported a security breach related to customer credit and debit card payments at its hotels. The company promptly launched a global investigation to determine how far the breach had spread, and has further secured its systems. Hilton Worldwide worked closely with third-party forensics experts, law enforcement, and credit and debit card companies on this investigation. Hilton’s announcement comes just days after Starwood Hotels & Resorts Worldwide Inc. said hackers had stolen customer credit and debit card information in a security breach that took place over nearly eight months at fifty-four locations. The Trump Hotel Collection and Mandarin Oriental Hotel Group are among the other hotels that previously warned guests about potential security breaches. It is still unclear how many of the 4,500 Hilton hotels worldwide were affected. The company is asking all its guests who stayed at Hilton properties during certain dates in November and December last year, and from April 21 to July 27, 2015 to review their payment card statements for signs of fraud. Hilton said malicious software, known as malware, infiltrated payments systems at hotel restaurants, gift shops, and other hotel locations. The malware may have collected customer names, card numbers, security codes, and expiration dates, Hilton said. Consumers are not liable for unauthorized purchases made on their cards, but breaches can sometimes enable hackers to use the information to create counterfeit cards.

EUROPE

United Kingdom plans to use cyberattacks to hit back at terrorists

Two weeks ago, the Chancellor George Osborne claimed that the United Kingdom will significantly increase their efforts to target terrorists in cyberspace given the threat of Islamic State militants who use the internet to spread their terrorist ideology and plans to kill people. Osborne declared “We reserve the right to respond to a cyberattack in any way that we choose.” However, the chancellor did not specify what kind of cyberattacks would be carried out by UK intelligence agencies. The United Kingdom has various means of responding to potential cyberattacks including infecting and disrupting enemy computers systems or, if needed, the extreme response of disrupting power supplies, which could cause loss of life. The statement made by Osborne is a step forward in the fight against cyber terrorism. Until today, states have only used offensive cyber capabilities against other states, and not in order to fight cyber terror. If such a decision would be implemented, it would likely be in attempt to disrupt terrorist computer systems and to stop their cyber activities. The United Kingdom and other countries, such as the United States and Israel, clearly have the capabilities to launch cyberattacks and are actively developing offensive cyber capabilities in case such a situation should arise.

France is increasing its defense budget to strengthen its operations, cyber defense, and intelligence

After the recent terrorist attacks in Paris, the French government decided to change its law, reaching a new stage in the fight against terror, as it significantly increased its level of security. The French Senate voted for a €273 million increase for 2016, led by the Minister of Defense Jean-Yves Le Drian following the attacks of November 13. The minister added that there will be no reduction of staff until 2019, in order to strengthen operational staff units, the cyber defense, and intelligence. Moreover, the French President François Hollande announced additional resources for the fight against terrorism including 5,000 jobs in the police and the gendarmerie and 2,500 positions in the Ministry of Justice. Some positions will be allocated to cyber defense and intelligence. France is taking these attacks and threats against its population and infrastructures extremely serious. The French government understands the challenge of cyber defense and its role in the fight against terror. A better monitoring and analysis of the content of social networks, forums, communication platforms and the Darknet will help to counter this phenomenon and attempt to reduce the risks. Along with the United Kingdom, France is now the second country in Europe to significantly increase its security policy and to take new extreme measures to preserve the country from other terrorist attacks.

RUSSIA

Attack on a government e-payment collection system

The Russian system “Plato,” designed to charge trucks with above the maximum permitted weight of twelve tons, and launched on November 15, 2015 with the aim to direct the collected funds for road repairs was attacked by DDoS attacks on November 25. The launch of the e-payment collection system was a major scandal and caused resentment among Russian truckers. The head of the company said that the attack was carried from outside Russia.

ARAB COUNTRIES

ISIS’s Website Isdarat was hacked by opponent hacker group, Anonymous

Hackers, affiliated with the hacking teams Anonymous and GhostSec, started a virtual mockery campaign against ISIS, and replaced an ISIS website with ads for the drug Viagra and the anti-depressant Prozac. Hacktivists targeted the Islamic extremist group and took over its Isdarat website. The message that appeared on the website read, “Too much ISIS, enhance your calm. Too many people are into this ISIS stuff. Please gaze upon this lovely ad so we can upgrade our infrastructure to give you the ISIS content you all so desperately crave.” This was only one act in the cyberwar that Anonymous has declared against ISIS following the Paris attacks. Anonymous has identified more than 39,000 suspected-ISIS profiles on Twitter and has reported them.

Iran launched cyber offensive after nuclear deal

In the four months since Iran’s signing of the nuclear agreement, Iran is targeting US State Department officials with cyber espionage. The cyberattacks have increased over the last month, as Iranian hackers broke into the emails and social media accounts of State Department officials. The State Department only became aware of this strategy after Facebook told the victims that state-backed hackers had infiltrated their accounts. The hacking represents a dramatic shift in Iran’s cyber strategy, moving from a focus on destructive cyberattacks to digital espionage. This adds up to an increasingly sophisticated cyber program, which has carried out a series of high profile attacks around the globe in the past few years.

ISIS used cyber security guide freely found on the net

After the deadly Paris attacks a few weeks ago, many intelligence experts and others were surprised that no one was able to predict this attack in advance. It appears that ISIS distributed among it terrorists an online cyber security manual, available to the public from a cyber security firm in Kuwait. As of November 25, the manual is still available and was originally aimed at journalists and human rights activists in the Gaza Strip. It is important to point out that while ISIS did not create the specific cyber security manual used by its members in the Paris attack, it does not mean that the organization does not have a guide of its own.

CHINA and Asia-Pacific

Australian Cyber Intelligence Center to join APAC forces in combatting cyber crimes

Deloitte Australia has joined APAC forces to create a network of cyber intelligence centers throughout the Asia Pacific region, including Japan, Singapore, Malaysia, and India. A new center in Hong Kong is planning to join Deloitte’s Australian Cyber Intelligence Centre next year. The Center coordinates a strategic approach against the threat of cyberattacks, and aims to actively share global cyber intelligence in real-time to enable businesses to join forces and get ahead of serious cyber risks.

India and Malaysia to deepen collaborations in cyber security

India and Malaysia recently signed several Memoranda of Understanding (MoUs), including one on cyber security, to strengthen their bilateral strategic partnership and to enhance cooperation in cyber defense. In the MoU on cyber security, both parties agreed to a close cooperation and the exchange of information concerning cyber security incident management, technology cooperation, cyberattacks, and best practices regarding cyber security incidents.

Cyber Security Week 2015, Sri Lanka

Since 2008, Sri Lanka CERT | CC has been running a Cyber Security Week (CSW) – an annual security awareness program in Colombo. CSW 2015 was held during the first week of November, and consisted of a one-day conference, technical workshops, a hacking challenge, and an information security quiz for university students.

Vietnam passes law on Internet security amid rising cyberattacks

Vietnam’s lawmakers ratified a law on safety in cyberspace earlier this month, at a time when the country is at high risk of cyberattacks and already being affected by hackers. According to the National Assembly, the law on online information security, including regulations on preventing and fighting online terrorism, will take effect on July 1, 2016. In the first nine months of this year, some 20,000 Vietnamese websites, including eighty-eight state-run platforms, were infected with malicious software, according to a report by the Vietnam Computer Emergency Response Team (VNCERT). Cybercriminals also spread phishing viruses to more than 5,000 websites, while more than 7,000 others were defaced during the period. Cybercriminals mostly target small-to-medium-sized enterprises as well as individuals to steal financial information and demand ransoms, according to Nguyen Huu Nguyen, director of the Ho Chi Minh City branch of the VNCERT.

AFRICA

Increasing cybercrime is expected to be Africa's next challenge

Cybercrime in African countries is becoming a growing threat to companies and to the national economy. Given the ongoing increase in internet access, countries with technology fragility in the African continent face a higher exposure to cyber threats. It is believed that most Africa-based businesses are vulnerable to cybercrime. A world mapping of cyber threats has recently determined that seven countries out of the twenty most targeted by cyber criminals are African, including Tunisia, which ranks eighth. On the African continent, Malawi, Namibia, and Tanzania have received the most numerous threats. South Africa, during the month of October 2015, faced about 6000 criminal cyberattacks, including 2000 against vital infrastructures.