Global Cyber Bi-Weekly Report - July 15, 2016
ISRAEL
US Representatives Ratcliffe and Langevin introduced bills to form US-Israel cybersecurity partnerships
“Our recent discussions with Prime Minister [Benjamin] Netanyahu confirmed just how important it is that we unite forces to formulate ongoing, effective strategies to best address the rapidly evolving cyber threats faced by both of our nations,” said US Representative John Ratcliffe in a press release. The United States-Israel Cybersecurity Cooperation Enhancement Act and United States-Israel Advanced Research Partnership Act both expand incentives and guidance to extend joint research and development with Israel.
IAI Expands its cyber business in Asia
Israel Aerospace Industries (IAI) announced that it has signed significant cyber deals, worth more than $40 million, with customers in Asia. The deals include establishing an advanced nationwide system for monitoring and analyzing of cyber events and advanced cyber protection suite for mission critical systems.
UNITED STATES
Islamic State’s Twitter traffic drops
US officials cite the drop in Twitter traffic as a sign of progress toward eliminating propaganda that they blame for inspiring attacks around the world. Although the US government has no formal arrangement with Twitter, its information campaign has dovetailed with new approaches by the company to identify and eliminate tweets supporting terrorism.
Chinese businessman sentenced to prison for hacking US contractors
Businessman Su Bin, 51, was charged with taking part in a scheme of Chinese military officers to obtain sensitive US military information over several years. In addition to the forty-six-month prison term, a judge in the United States District Court in Los Angeles also ordered Mr. Su to pay a fine of $10,000.
EUROPE
UK suffered from multiple cyberattacks on its national rail network
According to a recent report released by the security company Darktrace, the United Kingdom’s national rail network suffered from four cyberattacks. The company has been responsible for protecting the UK’s railway networks. While details of the four breaches have not been released, hackers seem to have managed to infiltrate the network rather than perform disruptive attacks. According to Darktrace CTO Dave Palmer, “there is no such thing as perfect security - attacks are inevitable so companies should be ready to detect them and respond.” Indeed, today hackers have greater capabilities and can gain access to much more than the authorities assume. With specific search IoT engines, cyber reconnaissance tools, as well as exploits and zero day vulnerabilities, it is easy for a cyber terrorist group or a rogue state to target national infrastructure such as a power plant, rail network or an airport. These four breaches could be the indication of an impending cyberattack on the United Kingdom’s rail network. This modus operandi is well known and is usually performed in three steps. First, the hackers use cyber reconnaissance tools to collect information about the infrastructure itself and the different systems used to manage it. In the second breach, the hackers study the collected information in order to exploit vulnerabilities and plan the attack. In the final step, they undertake the attack. National infrastructures are more easily targeted because they have become increasingly connected to the internet. In order to protect its national infrastructure, the United Kingdom may have to review its security procedures and systems and make some changes.
RUSSIA
Putin gave security services deadline to develop hacking keys
On Thursday, July 7, Russian President Vladimir Putin signed the “anti-terrorism package,” requiring telecommunications companies to store and deliver all data of telephone conversations and user messages to the FSB services upon demand. Since many communication platforms are encrypted, in order to access the contents of a conversation or correspondence, the Secret Service needs cryptographic keys. As instructed by the president to the Federal Security Service, a two-week deadline was given to the Secret Service to develop the cryptographic keys. How Special Services should develop and obtain them was not specified.
MIDDLE EAST
Iran’s second largest mobile operator hacked
‘Irancell,’ Iran’s second largest mobile carrier, faced the biggest known breach in the country’s cyber history as twenty million records have been stolen. A few days later, a nineteen-year-old computer science student was arrested and accused of being responsible.
A new documentary on Stuxnet moves cyber warfare out of the shadows and into the light
A new documentary has been released in the United States about the cyber efforts that tackled Iran’s nuclear capabilities. Western intelligence agencies admit on camera for the first time that such efforts took place and discuss controlling cyber warfare capabilities.
New APT targeted Romanian institutions and several other countries, including Iran
Bitdefender has uncovered evidence of attacks using various types of malware on different targets from 2014 onwards. The malware was spread through spear-phishing emails that contained macro-laced Word files, which downloaded a Trojan that infected browser processes. The attackers were also able to install a Firefox extension with an even more advanced Trojan. In May 2016, the group moved to the popular JavaScript delivery method of ransomware.
CHINA and ASIA PACIFIC
Shortage of cybersecurity professionals in Australia
According to ESG Research, 46 percent of organizations claim they have a “problematic shortage” of cybersecurity skills; last year only 28 percent declared the same deficit. The lack of skilled IT security professionals has emerged as a key area of demand, and it is argued that the response of Australia’s academic and business institutions is decades behind those of comparable countries, and that the skills acquired do not match the needs of the century. By now, the market has become so competitive that even recent university graduates struggle to find work in the security sector.
New cyberattack simulation platform launched in Japan
Cyberattack simulations have emerged as a growing industry in Japan. IT firms are selling systems and services that enable simulated drills to test the readiness of organizations against cyberattacks. Japan’s Nippon Electric Company will now market a new platform that replicates hackers and a client’s security system, based on real-life scenarios. Within the simulation, attackers will try to infiltrate the client’s system while the cybersecurity team will try to detect the attacks and protect the system.
Dropping Elephant - another sophisticated threat actor in Asia
Kaspersky has discovered another sophisticated threat actor, known as Dropping Elephant. The threat actor has allegedly launched a massive cyber-espionage campaign attacking a variety of diplomatic and economic targets in Asia. Kaspersky’s investigations found Dropping Elephant operating from India and relying heavily on social engineering and low-budget malware tools and exploits.
AFRICA
South African arms procurement agency breached
Hackers affiliated with Anonymous have breached a South African arms procurement agency and have leaked data, including details on the firm’s financial, trade, and client records. The Pretoria-based Armscor is the latest victim of Anonymous’ OpAfrica campaign. Occurring early on July 11, Anonymous leaked 64 MB data, including invoice and order numbers and invoice amounts of firms such as Airbus, Thales Group, Rolls Royce, EADS (European Aeronautic Defence and Space), Denel, and others. 19,938 IDs of suppliers, names, and plaintext passwords were accessed. The hackers claimed that “it was a simple SQL injection” that allowed them to breach the site. This is not the first time Anonymous has targeted South African organizations.
