Executive Cyber Intelligence Bi-Weekly Report - Jan 15th, 2016

ISRAEL

Israeli cyber security exports grew by 10 percent in 2015

At least $3 billion worth of cyber security products and services were sold abroad in 2015. The significance of the Israeli cyber industry’s contribution to the GNP is apparent from figures published by the Israel Export Institute throughout the second half of 2015. According to the Institute, the total sum of cyber security software and services exported from Israel stood at $3 billion in 2014 with a major portion going to the United States, the primary destination for the industry as a whole.

UNITED STATES

Islamic State as a hacking threat for the United States

Islamic State adherents have made no secret of their desire to acquire capabilities that will allow them to launch cyberattacks against US government and civilian targets. Security experts and officials have diverging opinions whether IS should be considered a believable hacking threat for the United States. In December 2015, IS hackers tried to penetrate computers that regulate the nation’s electricity grid. Clifton Triplett, the new cybersecurity adviser hired by the US Office of Personnel Management, said this month that he expected they might ultimately breach the agency’s systems. Yet private security researchers who track the Islamic State’s online efforts say the group’s capabilities are, in fact, not much better than those of tech-savvy teenagers who deface websites for thrills. Moreover, two men considered the Islamic State’s most sophisticated hackers have been sidelined. Their technical skills for executing a major cyberattack were only good enough to attack a few nation-states. In addition, the online focus of IS has been recruitment and not computer attacks because terrorists prefer the greater chaos by physical attack. US vulnerability to cyberattacks, however, is well known. Nearly 22 million individual records were stolen when hackers, believed to be from China, penetrated the government’s central personnel office. American companies’ annual losses to cyber thieves total 0.64 percent of gross domestic product, or roughly $115 billion, according to a 2014 report by the Center for Strategic and International Studies. The US government spends more than $5 billion annually on cyber defense, with responsibility divided among the departments of Defense and Homeland Security, the National Security Agency and the FBI. US companies, primarily responsible for their own protection, spend a multiple of that figure.

CIA investigate cyberattack in Ukraine

US intelligence and security agencies are investigating whether Russian government hackers were behind a cyberattack on the Ukrainian power grid on December 23, that left a large area of the country without electricity due to “interference” in its systems. Approximately 700,000 homes were without power for several hours. Computer security experts at the Central Intelligence Agency, the National Security Agency, and the Homeland Security Department are examining samples of malicious software recovered from the networks of a power company in western Ukraine. If the blackout is positively attributed to the work of hackers, it will be the first documented case of a cyberattack on an electrical power facility that led to a loss of electricity. While hackers are suspected of having caused a blackout at least once in the past, there has never been a publicly confirmed case with technical data to back it up.

Microsoft notify users of government hacking

Microsoft will begin notifying users of its online services if they have been targeted by hackers of suspected state-sponsored online attacks, joining Google, Facebook, Twitter and Yahoo in stepping up their security policies with similar measures. Such attacks have increased in intensity in recent years and often involve more sophisticated, sustained forms of trickery to gain control of online accounts than those employed by ordinary digital criminals.

White House anti-terror messaging

On January 1, the White House announced a new messaging offensive to fight the Islamic State’s online influence and encouraged technology companies to help battle the terrorist group’s propaganda and recruitment efforts. The Obama administration unveiled two initiatives – a federal task force and a hub in the State Department – designed to strengthen the government’s efforts to counter violent extremism on social media sites like Twitter and Facebook.

Honors for drone operators and cyberattackers

On January 7, the Defense Department announced that it has created an award to honor drone operators and those who launch cyberattacks, similar to those given to pilots. The new awards, a Pentagon official said, will allow the military to recognize service members who operate other technology that will be developed in the future as military tactics evolve. The use of drones has been widely credited with diminishing al-Qaeda and other terrorist groups; civilians have also died in drone attacks, fueling anger toward the United States among Muslims across the Middle East. The military has also increased its use of cyber weapons. In 2010, a cyberattack took out nearly 1,000 centrifuges that Iran had been using to purify uranium. The Pentagon is also planning to make changes that hopefully will shorten the time that it takes to award the medal of honor, and to standardize what define “acts of combat valor.”

EUROPE

UK Nuclear Submarines may be vulnerable to cyberthreats

British Prime Minister David Cameron has recently expressed his desire to invest around £31 billion on a new fleet of submarines, fully equipped with the latest nuclear missiles. However, these new submarines could be vulnerable to cyberthreats. According to Lord Browne, former defense secretary, “There could be no guarantee of a reliable nuclear deterrent without an end-to-end assessment of the cyber threat to the system.” This question is actually very pertinent and should be seriously taken into account when considering to purchase the nuclear submarines. While the common fear is how to protect any electronic devices connected to the global internet network, this fear exists when there is no internet connection. In the computer environment, this is known as “air gapping” and was always thought to be secure that it would be impossible to hack into its systems. According to the cyber warfare expert Kim Zetter, however, air gapping is no longer as secure as people think it is. “Modern computer-controlled hardware will always have someone trying to gain access to it and someone will always be trying to gather information on their enemy so it is important for these systems to be secure and always checked for vulnerabilities.” Indeed, it is not too difficult to imagine that with strong military cyber intelligence capabilities, as well as the development of hacking and computer programs, any nation will be able to target a critical infrastructure even if it is not connected to the internet. Today every new military weapon system, as well as aircraft, tank, UAV, and submarine, should be seriously tested for cyber threats in order to anticipate any vulnerabilities.

RUSSIA

Unprecedented attack: Russia suspected after Ukrainian power grid blackout

Analysts say the incident, which left 700,000 homes without electric power in Ukraine at the end of December, 2015, may be a “milestone” in the cybersecurity landscape as it constitutes the first known power outage caused by a cyberattack. The Ukrainian government says that Russia launched the attack that lasted a few hours. The cyberattack is suspected to be caused by the malware “Black Energy,” which disabled the control systems of the electrical infrastructure. Experts suspect this incident to be closely linked to the malware that was used to target European countries and NATO in 2013, reportedly launched by a Russian hacker group called SandWorm.

Russian hacker extradited to the United States by the Ministry of Justice of Finland

The Finnish Ministry of Justice, at the request of US authorities, extradited the well-known Russian hacker, Maxim Senah to the United States. Senah is suspected of large-scale Internet-fraud operations. His attacks caused damage estimated in the millions of dollars. The Russian hacker was arrested in August 2015 at the Finnish border.

ARAB COUNTRIES

Data security breach at Etihad three years ago confirmed

The second largest airlines company in the United Arab Emirates, Etihad, suffered from a cyberattack three years ago and personal data belonging to some seven thousand premium club passengers was stolen. The company’s spokesman confirmed the attack did occur, but that financial information was not stolen. This specific attack was conducted by civilian criminal that most likely had nothing to do with any terror organization; nonetheless it shows the airlines company was not prepared for terror cyberattacks by the Islamic State and others. The information was stolen from a lost computer, which had access to Etihad’s computer system. Large companies like Etihad should have a better data security system since it holds the passengers’ private details, including bank accounts. Most likely some of the passengers work for the UAE government, and stealing their information could affect the country as a whole.

CHINA and ASIA PACIFIC

Anonymous warns China of mass cyberattacks over missing book publisher

Anonymous Hong Kong has warned China of mass cyberattacks against its online websites over missing publisher Lee Bo. Lee and his four colleagues are believed to have disappeared as a result of their work at the Causeway Bay Bookstore, selling banned works critical of the Communist Party. They have been missing since January 3, 2016 and are presumably in the custody of the PLA, the armed forces of China’s Communist Party. Anonymous Hong Kong posted a video on Facebook, threatening to hack Chinese government and police websites in honor of Lee and his colleagues.

Singapore Power regularly tests measures to prevent cyberattacks

Singapore’s local power company Singapore Power has a versatile approach to defending, detecting, responding, and recovering from cyberattacks, according to a company spokesperson. This approach is stated to be done in “close consultation and guidance” from agencies such as the Energy Market Authority (EMA) and the Cyber Security Agency (CSA).

A dedicated team constantly looks out for unusual activities on the power grid. Furthermore, external companies are hired to conduct tests on Singapore Power’s systems. More details were not released due to the sensitive nature of the information.

Cybercrime gang targets Japanese banks with Trojan attacks

The language barrier that has long protected Japanese banks from being targeted by Trojan attacks seems to have been overcome. A cybercrime gang has launched an aggressive, new infection campaign in which the advanced malware tool is being used to target customers of fourteen major Japanese banks. Until now, the cybercrime gang was known to target mainly banks in Europe. But more recently, researchers from IBM X-Force found that the malware contains attack schemes that have been uniquely customized for targeted Japanese banks. IBM further said that US organizations need to monitor such threats because cyber criminals can easily modify and migrate such threats for use in the United States.