Global Cyber Bi-Weekly Report - Mar 1, 2016

ISRAEL

Britain and Israel will join forces to combat cyberattacks

On February 16, while paying a visit to Israel, UK Cabinet Office Minister Matt Hancock announced that the United Kingdom and Israel will collaborate in order to prevent cyberattacks on their national institutions. Mr. Hancock noted, “The UK’s world class companies and universities combined with Israel’s cutting edge technology and entrepreneurial culture is an unbeatable combination.” A spokeswoman confirmed that Mr Hancock had launched a program to promote academic collaboration in the field of cyber security between the United Kingdom and Israel.

Israeli and foreign firms plan to file objections to a new draft order requiring export licenses for some cyber technologies

The plan to require Israeli companies to receive a license from the Ministry of Defense to export cyber systems with offensive and intelligence-gathering capabilities has lead American cyber security companies who do not operate in Israel to consider petitioning Israel’s Ministry of defense. According to the lawyer Daniel Reisner, a cyber and homeland security and compliance expert at Herzog & Ne’eman, the plan to regulate the Israeli cyber sector has caused concern among US security companies, who worry that the regulation advanced in Israel will be adopted by the American government. A source from the Ministry of Defense has told Globes that they have not monitored objections from foreign companies.

Team8, an accelerator-fundraiser-company in the cybersecurity raises $23 million

Team8 funding partners, which included Google co-founder Eric Schmidt’s Innovation Endeavors have been joined by new investors AT&T, Accenture, Nokia, Mitsui, and Temasek. Team8 aims to build category-leading companies that challenge the biggest problems in cyber security, according to cofounder Nadav Zafrir. The most notable player to come out of Team8, Illusive Networks, has gained worldwide recognition as it sets up a legitimate-looking system with “juicy” looking data to attract hackers who use phishing techniques to steal data. The hackers access phony log files, documents, and other items with nonsense data that look legitimate.

UNITED STATES

China and Russia remain leading threats in cyberspace

The Director of National Intelligence, James R. Clapper, gave his annual threat briefing to the Senate Armed Forces Committee in February. He noted that China remains engaged in malicious cyber activities against the United States, despite a US-Chinese bilateral agreement to refrain from conducting or knowingly supporting commercial cyber espionage. Russia also continues to conduct cyber espionage against the United States. Moreover, Clapper emphasized that Chinese cyberattacks continue. He said, “It’s our responsibility to ensure that our policymakers and particularly the Department of Defense are aware of this hemorrhage, if you will, of technological information that the Chinese purloined.” According to Clapper, foreign actors in cyberspace “remain undeterred from conducting reconnaissance, espionage, and even attacks in cyberspace because of the relatively low costs of entry, the perceived payoff, and the lack of significant consequences.”

EUROPE

United Kingdom: Defense Intelligence to establish new military cyber warfare unit

A few days ago during a meeting at the Ministry of Defense, the chief of defense intelligence announced that a new cyber warfare and electromagnetic unit will be created. The Defense Intelligence will operate this new unit, and will be in charge of several activities such as countering cyberattacks as well as offensive operations and intelligence. In the past few years the United Kingdom did not increase its cyber defense budget. According to a review made by the UK government, the security and intelligence agencies’ budgets rose by about 18 percent in real terms during its three-year term. Furthermore, the £1.9 billion dedicated to the cyber capabilities represents an increase of 76 percent on spending during the 2010-2015 period. The new unit will also cooperate with the British intelligence and security organization responsible for signal intelligence, the GCHQ.

Since 2010 the United Kingdom has invested in cyber defense. With the arrival of new cyber threats such as sophisticated Advanced Persistence Threats developed by Russia, Iran, and China as well as the emergence of cyber terrorism, the British government has decided to strengthen its cyber capabilities in order to counter these threats and be able to respond in case of a cyber conflict. The United Kingdom is not the only country in Europe that has significantly increased its cyber capabilities, as France has too. This race for defense and cybernetics armament demonstrates the strategic role of the “cyber” in the state’s defense and most likely will become more important in the coming years.

NATO and the European Union to enhance cyber cooperation

The Computer Emergency Response Team of the European Union (CERT-EU) and the NATO Computer Incident Response Capability (NCIRC) have decided to join forces in order to counter cyberattacks. They have signed a technical agreement, which will provide a framework for the exchange of information about emerging threats as well as best cyber practices between emergency response teams. Both organizations are facing the same challenge and this new cooperation will strengthen their capabilities. NATO assistant Secretary General for Emerging Security Challenges Sorin Ducaru said that, “Together, NATO and the EU are stronger in defending against cyberattacks. Intensified cooperation under this arrangement will allow us in a tangible way to better prevent cyber-attacks, but also our ability to predict, detect and respond to them.” Moreover, this new agreement shows a real desire among states to cooperate on cyber defense in order to learn from each other as well as helping to protect their critical infrastructures.

RUSSIA

Limitation on foreign services in Ulyanovsk

The authorities of the Ulyanovsk region of the Russian Federation have banned the use of Google, Skype, WhatsApp and other foreign services for employees of financial and social organizations. In addition, the list of organizations includes educational, health care and other public institutions, said the news source Rossiyskaya Gazeta. The Regional Commission for Information Security was tasked with monitoring the implementation of the ban. This is only the first case, and the ban is to be enforced in the other regions. Last October, the State Duma deputy made a proposal to ban Google's online services, Yahoo!, and WhatsApp for business purposes among Russian state employees.

ARAB COUNTRIES

Anonymous attack Saudi regime websites

A few weeks ago, after the execution of the Shi’ite Sheikh, Nimr al-Nimr, the Anonymous cyber group threatened the International Olympic Committee that it will attack the Committee unless it bans the Saudis from attending the next Olympics. The threat resulted from what the group sees as constant violations of human rights by the Saudi regime. Now, as it seems, Anonymous has decided to conduct its cyber threat not against the Olympic Committee but rather against the Saudi regime. The group lately has attacked some Saudi government websites, including the Saudi Ministry of Finances, the Ombudsman’s Office and the General Passports Service. Although all the websites had already been restored, this cyberattack shows some of Anonymous’ capabilities and should be considered proof that the group “means business.”

CHINA and ASIA PACIFIC

API vulnerability allowed remote access to some Nissan onboard computers

Security researcher Troy Hunt discovered an API vulnerability that allowed remote access to onboard computers of 200,000 Nissan Leaf and eNV200 electric automobiles. Hunt stated that the hack of the vulnerable NissanConnect EV app was so easy that any smartphone could control the targeted cars, no matter where the cars or the smartphones were located. The app, which was developed to give car owners the possibility to remotely access climate controls and check the battery status of their cars, was thereupon deactivated by Nissan. A new secure app has already been announced, but without mention of when it will be released.

Operation Dust Storm targets Japan’s critical infrastructures

Cylance SPEAR, the research division of the cybersecurity firm Cylance Inc. has uncovered a five-year campaign, led by hackers dubbed “Operation Dust Storm,” targeting Japan’s critical infrastructures. Officials with SPEAR believe the hackers have the long-term goal of spying on Japan by extracting information from its oil, gas, and electric sectors. While the attacks are still ongoing, Cylance is working together with the Japanese Computer Emergency Response Team (JP-CERT) to further investigate the attackers.

South Korea worrying about alleged plan of terrorist attacks by North Korea

South Korean President Park Geun-hye warned that North Korea is preparing to launch terrorist attacks in South Korea. She stated that North Korea’s leader Kim Jong-un allegedly decreed to develop capabilities to conduct terrorist and cyberattacks against the South. Kim Sung-woo, a senior official in the president’s office, further added that the threat by the North was “increasing more than ever.”

The gap in APAC’s cyber vulnerability

The consultancy Deloitte observed a rapidly widening gap in cyber vulnerability between those countries in the APAC region with the most and those with the least internet dependencies. The “Asia-Pacific Defense Outlook 2016” report categorized Japan, Australia, Singapore, South Korea, and New Zealand as the most vulnerable to attacks, since their economies are strongly dependent on cyber-based interactions. China and India, however, were identified as less vulnerable due to the fact that their economies have fewer systems connected to the internet.

AFRICA

Increase in cyberattacks in South Africa due to video-on-demand and e-commerce

Check Point Software Technologies has revealed that a rising number of people using video-on-demand services, as well as an increase in e-commerce over the festive season, could be why South Africa moved up on the list of countries most attacked by cybercriminals in January 2016. “We’ve seen an increase in phishing attacks targeting video-on-demand users, who are tricked into handing over their passwords under the guise that their accounts need to be updated,” said Doros Hadjizenonos, country manager of Check Point South Africa, and added that, “A rise in e-commerce and online shopping over the festive season is another reason for the increase in cyberattacks.”

LATIN AMERICA

Mexico lost US$5.5bn to cybercrime in 2015

Cybercrime in Mexico has cost companies billions of dollars in 2015, according to cybersecurity provider Symantec. The company estimated that cybercrime cost businesses around 101bn pesos (US$5.5bn) last year, it revealed during a press conference in Mexico City. Five out of six large corporations and 60 percent of SMEs in the country were victims of online attacks in 2015, according to Symantec’s VP for Latin America and the Caribbean, Alejandro Raposo. Raposo also noted that 40 percent of the 54 million Mexicans connected to the internet were victims of an attack last year, representing an average of 30,000 Mexican internet users attacked daily.