Global Cyber Bi-Weekly Report - Mar 15, 2016

ISRAEL

Hackers Stole Money from Israeli Bank Accounts via ATMs as reported by Kaspersky Lab

Israeli bank clients lost hundreds of thousands of dollars in a sophisticated computer hacking operation, combined with the simple tactic of employing local teenagers to physically take cash out of automated teller machines. The theft was revealed in a blog post by the Russian cyber security firm Kaspersky Lab. The technique, which researchers refer to as the ATMZombie Trojan, allowed the attackers to stay anonymous and supervise the entire campaign remotely, as well as commit a new type of attack in which the attackers hire residents of a country to operate as insiders and provide basic services.

NATO is developing cyber defense measures and turning to Israel

NATO is implementing a coordinated approach to cyber defense, which encompasses planning and capability development in addition to response mechanisms in the event of a cyberattack. To achieve this, NATO is incorporating and integrating cyber defense measures across all NATO missions. NATO member Turkey is reeling under a two-week long massive cyberattack purportedly carried out by the hacker group, Anonymous. The targets of the attacks include websites of governments and banks. As the world is increasingly turning to Israel’s expertise to ward off computer threats and keep information secure, NATO is now set to reassess the format and structure of its relations with Israel. In this respect, Israel is assessing its goals with regard to future relations with NATO members, Turkey among them.

Hamas interrupted Channel 2 broadcast for viewers who own private satellite dish

Suspected Palestinian hackers interrupted Israeli Channel 2 TV broadcast with ominous messages. On Friday night, while airing the popular TV show “The Big Brother” on Channel 2, the broadcast was briefly interrupted by a clip showing images of terror attacks and threatening messages in Hebrew. Earlier in the day, the Shin Bet (Israel Security Agency), together with the IDF and Israel Police, shut down an Islamic Jihad media channel in Ramallah, according to security forces.

UNITED STATES

Hack the Pentagon: experts invited to test US cyber-security

On March 2, the Pentagon invited cyber experts to participate to the program “Hack the Pentagon.” The aim of this program is to find and identify problems in the cyber security of public websites of the US Defense Department, in order to save money and time in the event of damaging network breaches by malicious hackers. The pilot project will start next month. Modeled after similar competitions known as “bug bounties,” which are conducted by large American companies, for the first time ever such a program is being offered by the federal government and led by the Pentagon’s Defense Digital Service (DDS). Participants must be US citizens and will have to register and submit to a background check before being turned loose on a predetermined computer system, the Pentagon said. It is a new and innovative way to challenge cyber-security.

Ash Carter: US National Guard may join cyber offense against Islamic State

US Defense Secretary Ash Carter said the National Guard’s cyber squadrons will play an increasingly important role in assessing the vulnerabilities of US industrial infrastructure and could be asked to join the fight against Islamic State. The National Guard - a reserve military force that resides within the United States, but can be mobilized for national needs - is a key part of the military’s effort to set up over 120 cyber squadrons to respond to cyberattacks and prevent them. Using National Guard units for such work makes sense because it allows the military to benefit from private sector cyber experts, Carter said.

iPhone unlocking case: US government files appeal

The US government has appealed against a ruling by a New York magistrate who ordered that it cannot force Apple to unlock one of its iPhones as part of a drug investigation in the city. That clash will come to a head in southern California this month when Apple and the FBI meet in federal court to debate whether Apple should be required to unlock the security settings on the iPhone of one of the San Bernardino shooters. In its filing on March 7, the government points to several cases, including one in 2008 – during the iPhone’s second year on the market – in which Apple guided federal investigators on the type of language to use in its court order if it wanted the company to pull data from a locked phone. Apple technicians, with federal investigators at their side, complied, the filing said.

EUROPE

France: The tenth international France-Israel Cyber Security Forum 2016

As part of economic and technological exchanges between France and Israel which began in 2000, the tenth cyber security forum be held in Paris on March 16 and will strengthen the cooperation between the two countries. Indeed, as cyber security has become a top priority for most of developed nations, this international forum is an excellent way for both countries to cooperate as well as conduct business. Many Israeli companies will attend the forum among them Check Point, CyberArk or Radware, as well as new start-ups such as Cynet, which is an expert in fighting against advanced persistent threats and targeted attacks.

On the French side, most of the CAC 40 companies have already participated in the event as part of 1,200 targeted business meetings, organized since 2006, which have led to several technology partnerships agreements or integration between companies of both countries. This international cooperation is an excellent way of strengthening the relation between both countries. Moreover, as of the most advanced country in the world in terms of cyber security, Israel will give the French an opportunity to discover new advanced technologies that will help them improve their national cyber defense as well as protect their companies’ assets.

RUSSIA

United States and Russia soon to negotiate on cyber security

In a few weeks, Russian-American negotiations on the issues of cyber security will take place. It is the first set of negotiations on this scale between the two countries since the beginning of the Ukrainian crisis. According to the publication, Kommersant, referring to Russian and American sources, a meeting is expected to be held in the second half of April in one of the European sites. On behalf of Russia, the negotiations will be attended by representatives of the Security Council, the Ministry of Defense, Ministry of Foreign Affairs, and possibly other agencies. The United States will be represented by officials from the National Security Council, the Pentagon, and the State Department.

ARAB COUNTRIES

India and UAE’s new cyber deal

The United Arab Emirates (UAE) and India have recently signed an agreement to cooperate in combating cyber terrorism. The two countries have faced some cyberattacks lately and the UAE especially is dealing with numerous cyberattacks by criminal hackers and affiliates of the Islamic State (IS). The mutual agreement will help both India and the UAE to have better defensive capabilities so they will be able to better protect themselves from any cyber threats. As for the UAE, the agreement is most importance since IS followers consider it an infidel state. Hence, it is likely to face more cyberattacks from the Islamic terror group.

Elite Islamic State hackers claim to have hacked Google, but hacked the wrong website

A group of elite IS cyber activists claimed to have fulfilled a promise to “take down Google,” by replacing the site with IS related photos and slogans related to suicide bombers. As it turned out, the Cyber Caliphate Army hacked Add Google Online, which is not related to Google at all, but is actually a local search engine optimization business, based in India.

Saudi cyber security market is growing dramatically

According to experts, the Saudi Arabian cyber security market, which is about half of the region’s cyber security market, is set to grow in about 57 percent more. Four years ago, the Saudi IT market was forecasted to be worth $12 billion by 2016. However, last year, this was adjusted rather dramatically and the Saudi IT market is now predicted to reach $35.9 billion by the end of 2016, a 3.8 percent year-on-year growth rate. Cyberattacks targeting key installations cost an estimated $1 billion annually to the Gulf Arab states, and these do not take into account losses from hacker groups that target businesses. In the wake of these losses, resources to overcome the current and emerging risks and threats of cyberattacks are being increased.

IS hackers released New Jersey police officers’ home addresses, phone numbers and work locations

IS hackers have threatened a number of New Jersey police officers by releasing online their names, addresses, telephone numbers, and work locations. The Caliphate Cyber Army released an Excel spreadsheet containing the details of fifty-five New Jersey Transit Authority police. Many of the addresses associated with the officers are station houses and headquarters, but many others show residential homes. Telephone numbers include officers’ cellphones. Other data released comprises officers’ ranks, employee numbers, and work locations.

In a statement, the New Jersey Transit Authority said, “The NJ Transit Information System was not compromised, however some information was breached from an outside vendor.”

CHINA and ASIA PACIFIC

Report states South Korea and India to be the most vulnerable countries in the world

The Global Cyber-Vulnerability Report identified South Korea and India as the most vulnerable countries in the world, whereas the Scandinavian countries are amongst the most cyber secure nations. The lead author of the report, V.S. Subrahmanian who is a professor of computer science, shared this research in a panel discussion earlier this month. “Our goal was to characterize how vulnerable different countries were, identify their current cybersecurity policies and determine how those policies might need to change in response to this new information,” said Subrahmanian. For the report, the authors conducted a two-year study where they analyzed more than 20 billion automatically generated reports that were collected from 4 million machines per year worldwide. Their rankings were based, among other criteria, on the number of machines attacked in a given country and the number of times each machine was attacked.

Hackers steal $80 million dollar from Bangladesh’s central bank

Hackers carried off $80 million from Bangladesh’s central bank before an alarm was raised and prevented another $20 million more from being stolen. It is still not clear how the bank’s system was breached, but the cyber criminals somehow managed to get access. Once inside, they stole credentials which allowed them to make a series of payment transfers with the New York Federal Reserve Bank, and transfer the money into accounts in the Philippines. US authorities have offered to help the Bangladesh Bank to investigate and recover the stolen funds. Also, the security company FireEye is helping to investigate in this case with their computer forensics expertise.

APT targeting Indian diplomatic and military resources

Evidence of an advanced persistent threat (APT) against Indian diplomatic and military resources has been recently uncovered by researchers from Proofpoint Inc., a US-based security company. At the beginning, the campaign, which is known as Operation Transparent Tribe, seemed to be relatively small, containing malicious emails that were directed to Indian embassies in Saudi Arabia and Kazakhstan. But it soon turned out that malware with a variety of data extraction functions specifically targeted Indian military personal. According to Proofpoint, the exact nature and attribution of the APT are still under investigation.

Al-Qaeda allegedly hacked website of Indian Railway

On 2nd March, al-Qaeda allegedly hacked the webpage for the Bhusawal division of the Personnel Department of the Central Railway and posted a message by Maulana Aasim Umar, Al Qaeda’s chief in South Asia. Umar’s message was intended for Indian Muslims. encouraging them to join the jihad.

AFRICA

Cybersecurity Bill, which was published in August 2015, is set to be released during 2016

South Africa’s government is taking cybercrime seriously. The revised version of its Cybercrimes and Cybersecurity Bill, which was published in August 2015, is set to be released during 2016. The bill defines various offences that relate to data, messages, computers, and networks. It makes it criminal for anyone to acquire, possess, provide or use personal or financial information to commit an offence. Unlawfully acquiring, possessing, providing, receiving or using passwords, access codes or similar data also constitutes an offence. It also provides the ministers of police, defense, telecommunications, and postal services to set up various new structures and positions to improve computer security.

LATIN AMERICA

Kaspersky warns of Brazilian banking Trojan

The Russian cyber security company Kaspersky Lab has detected a new malware campaign originating in Brazil that downloads a “banloader,” a form of Trojan software that opens a back door to steal information and download malicious files. Victims have already been detected in banking software in Argentina, Brazil, and Mexico, as well as in United States, Portugal, and Spain. The attacks are distributed via social engineering – psychological manipulating people to divulge information hidden in messages with subject lines referencing licenses files and properties. The banloader is in JAR format (java), which means the Trojan has the potential to be executed on different platforms, including Linux, OSX, Windows, and mobile devices.