Global Cyber Bi-Weekly Report - July 1, 2016
ISRAEL
Israel and United States to build shared cyber defense infrastructure, promote private sector research, and jointly develop technology
On June 22, Israel and the United States signed an agreement aimed at increasing bilateral cooperation in the field of cyber defense. The Cyber Defense Cooperation Agreement seeks to build joint infrastructure in cyber defense, create partnerships in the private sector, fund research, and develop new technologies. The agreement seeks to improve the existing mechanisms for sharing of operative information between US Department of Homeland Security (DHS) and its Israeli counterpart, the, National Cyber Security Authority. Today, around 20 percent of all technology companies in Israel are working in cyber security, making it the biggest technology-related sector in the country.
Israeli cybersecurity researches discovered Google Chrome vulnerability
Researchers from the Cyber Security Research Center (CSRC) at Ben-Gurion University of the Negev, in collaboration with a security researcher from Telekom Innovation Laboratories in Berlin, Germany, have discovered a significant security vulnerability in Google technology that is supposed to protect videos streamed via Google Chrome. The demonstration video shows how easily content can be stolen from a protected video. The vulnerability in the encryption technology, Widevine EME/CDM, enables the attackers to hijack protected content delivered via different popular streaming services, making the unprotected content available for illegal distribution. Researchers at the CSRC have developed an attack-proof concept, which has been tested successfully. It is able to save a decrypted version of any streamed content protected by Google Widevine DRM and played via Google Chrome on a computer’s disk drive.
UNITED STATES
Defeating the Islamic State on the digital battlefield
A public-private partnership is needed to destroy the virtual state of Islamic State terrorists, according to Mr. Woolse, chairman of the Foundation for Defense of Democracies’ Leadership Council and a former director of the CIA, and Mr. Register, CEO of Sapient Consulting. They said that, “This virtual phase of the war is going to require a massive intelligence effort based on a deep capability to look into real-time human behavior in the digital world: what people are saying on social media, what people are browsing on the web, where people go, what they buy, who they chat with. Only through a significant investment in monitoring the digital fingerprints of all of us will we be able to identify patterns of behavior in real time that identify threats before they materialize.”
House Democrats’ website hacked
More than a dozen official websites of Democratic congressional representatives have been down for days. Hackers are to blame. The websites were hit shortly after Democrats ended an overnight sit-in to press for a vote on gun control legislation. With one exception, all of the affected lawmakers have contracts with a company called DCS to manage their websites.
EUROPE
UK Defense Ministry developing cyber test for military service
The UK Defense Ministry recently announced at the IBM HR Summit 2016 the creation of its new cyber aptitude test service for the military. According to the Ministry of Defense, this new cyber test aims to evaluate the ability of a soldier to work in a cyber-related job in the army and then continue as a professional. Such as the United States or Israel, the United Kingdom is trying to invest in its military cyber defense, which also means investing in people who will train and lead the next generation of cyber soldiers. The cyber field is likely the fastest growing field and the need for technical people is essential for armies. The human factor is just as important, if not more in developing defense systems and understanding the thinking and cyber strategy of cyber terrorist groups and rogue states.
Impact of Brexit on UK cyber policy
Since the vote of the United Kingdom to exit from the European Union, several questions have been raised, including about the cyber security policy. Generally, the impact of Brexit on cyber policy will be defined by the United Kingdom’s approach to data protection and privacy as well as digital trade, which, until now fell under EU policy. This means that Brexit raises questions about self-governance, in terms of cyber security as well as cyberspace’s future. Regarding data protection and privacy, the exit of the United Kingdom from the European Union implies that the country will be no longer subject to EU law. Moreover, Brexit will also exclude the United Kingdom from the European Union’s Digital Market, created as a unique space for digital trade between countries within the European Union. Additionally, the United Kingdom and the European Union need to figure out what they will do with British citizens who are working on cyber issues for European agencies, such as the Network and Information Security Agency and Europol.
RUSSIA
Russian government to store personal data, sent via network, for years
On June 24, the Russian Parliament – the State Duma – in the third and final hearing adopted a series of laws, known as the “anti-terrorism package” As was published by the Russian “News” agency, network operators are obliged to keep records of conversations, correspondence, and forwarded user’s files for six months. Calls and sent messages data will be stored for three years.
ARAB COUNTRIES
Researchers at Palo Alto Networks were able to disrupt Iranian-linked cyberespionage
Researches have stopped a malware that since 2007 has been used for highly targeted attacks.
Palo Alto Networks reached out to hosts of the C&C servers to take over their domains and disrupt the work of the malware. Over 450 malware agents were installed on 326 systems across thirty-five countries. Many of the victims were Iranian citizens.
An escalation of Saudi Arabia-Iran cyber conflict
In the past few weeks it has become increasingly obvious that a cyber war is taking place between the Shi'ite Islamic Republic of Iran and the Sunni Kingdom of Saudi Arabia, whether it is a direct confrontation or by proxies. The last incident occurred on June 20, when a group of hackers, who according to their IP address were located in Saudi Arabia, broke into the Saudi Supreme Council for Youth and Sport (SCYS). The attack, as reported in Fars News Agency, was most likely in retaliation to recent cyberattacks conducted against the Iranian regime in the past couple of months. Iranians officials claimed than no harm was done to their country's critical infrastructure and that the attack was just so the Saudis could “show off.” It may be, however, considered an escalation since the SCYS is run by Abdullah Bin Mus‘ad Bin Abdul Aziz, a member of the Saudi royal family.
CHINA and ASIA PACIFIC
Reduced malicious activities by Chinese hacker groups
Over the past two years, Chinese threat groups have allegedly reduced their malicious activities. Since the beginning of 2013, FireEye, the US based security company, identified 262 attacks in twenty-six countries that are attributed to seventy-two China-based hacker groups. In their report, FireEye further stated that since mid-2014, there has been a substantial decline in malicious activities from the observed groups. Despite this decrease and a series of bilateral and multilateral treaties to stop cyber economic espionage that China agreed to in 2015, there are still Chinese groups targeting organizations in Europe, the United States, and Japan.
Cyberattacks on central banks in Indonesia and South Korea
Indonesia and South Korea have detected cyberattacks on the public websites of their central bank websites. The hacktivist group Anonymous allegedly used DDoS attacks to flood the servers of the Bank Indonesia and the Bank of Korea. According to Deputy Governor of the Bank Indonesia, Ronald Waas, his bank thereupon shared IP addresses used by the hackers with other banks, as a warning so they can take appropriate measures to protect themselves.
South Korea trains cyberwarriors to protect from North Korea
South Korea is training a new cyber army to deal with the threats coming from their neighbors in the North. As part of the country’s cyber defense curriculum, the Korea University in Seoul is training its brightest students and arming them with the ability to combat cyberthreats from North Korea. The courses offered to the students are known only by number, and the students keep their identities secret to the outside world. The education is free of charge; in exchange, the newly qualified cyber warriors have to commit to seven years of military service as officers in South Korea’s cyber warfare unit.
