Global Cyber Bi-Weekly Report - Sep 15, 2016
ISRAEL
Volkswagen sets up cyber security firm with ex-Israeli spy chief
Volkswagen is forming a company with the former head of Israel’s Shin Bet intelligence agency to develop cybersecurity systems for Internet-connected cars and self-driving vehicles. The new company, CyMotive Technologies, will be 40 percent owned by the German automaker and 60 percent by Yuval Diskin and two former colleagues who also had senior posts in the Shin Bet. “To enable us to tackle the enormous challenges of the next decade, we need to expand our know-how in cybersecurity in order to systematically advance vehicle cybersecurity for our customers,” said Volkmar Tanneberger, head of Electrical and Electronic Development at Volkswagen.
Israeli head of the National Cyber Directorate: US-backed cyber norms are too broad
Eviatar Matania, the head of the Israeli National Cyber Directorate, criticized the State Department’s strategy for developing international cybersecurity norms, calling the plans overly broad. “The norm of ‘do not attack critical infrastructure’ sounds great, but can you define for me what critical infrastructures are?” asked Eviatar Matania at the Billington Cybersecurity Summit in Washington. “The definition in every nation is different. Some will define everything as critical.” Matania asked whether the United States’ definition was unique. US lawmakers and observers have recently begun debating whether elections count as critical infrastructure. Matania stressed that increasing international cooperation was a still critical component of developing any one nation’s security and said he was taking steps to increase connections between London and Washington.
UNITED STATES
New DNC documents released by hacker
The hacker persona Guccifer 2.0 has released a new trove of documents that allegedly reveal more information about the Democratic National Committee’s finances and personal information on Democratic donors, as well as details about the DNC’s network infrastructure. The cache also includes purported memos on tech initiatives by Democratic vice presidential nominee Tim Kaine while governor of Virginia, and some years-old missives on redistricting efforts and DNC donor outreach strategy. In total, the latest dump contains more than 600 megabytes of documents.
Threat Analysis Team to study national security threats of internet-linked devices
For the past six months, a US Justice Department group has been studying potential national security challenges posed by self-driving cars, medical devices and other internet-connected tools, a senior official said. The new group’s goal is to secure the so-called “internet of things” from exploitation by “terrorist threats” and by others who might try to hack devices to cause loss of life or achieve political or economic gain, according to Assistant Attorney General John Carlin, head of the Justice Department’s national security division. The group is being led by Adam Hickey, acting deputy assistant attorney general of the national security division, and will include industry experts and partnerships with other federal agencies, a Justice Department spokesman said.
Google preventing plan to stop Isis’ proliferation
Google has invested in a half-trillion-dollar business to understand what people want, based on a few words they type into a search field. In the process, it has stumbled on a powerful tool for penetrating the minds of some of the least understood and most dangerous people on the internet: potential ISIS recruits. Now one subsidiary of Google is trying not just to understand the intentions of those would-be jihadis, but also to change them.
Gregory J. Touhill is the First Federal Chief Information Security Officer
On September 8, Brigadier General (retired) Gregory J. Touhill was appointed the first Federal Chief Information Security Officer (CISO). He will drive cybersecurity policy, planning, and implementation across the US government. This position is indispensable for the application of the Cybersecurity National Action Plan (CNAP), which takes a series of short-term and long-term actions to improve our cybersecurity posture within the federal government and across the country.
EUROPE
A new offensive and defensive cyber agreement between the United States and the United Kingdom
In August 2016, US Defense Secretary Ash Carter and his British counterpart Michael Fallon signed a new agreement – the first of its kind – to advance offensive and defensive cyber capabilities. Carter announced this new cyber agreement during a joint press conference in London while visiting the United Kingdom. According to Carter this new agreement will strengthen the cooperation between the two nations by sharing more information and performing joint cyber research and development. Furthermore, the goal of this cooperation is to prepare both nations for a potential cyber war and to be ready to counter their common enemies. Indeed, Carter declared, “This agreement sends a clear message to our adversaries that the two nations who partnered together at Bletchley Park decades ago to crack German codes are going to be doing more together in yet another arena – namely cyberspace.” For several years, the United Kingdom cooperated with the United States on several cyber issues through the international cooperation of their electronic intelligence agencies, NSA and GCHQ. Together they can achieve many things as their cyber capabilities are already very impressive. Both countries have enough technical and human resources to create strong offensive cyber capabilities such as APTs.
RUSSIA
Russia to replace 85 percent of its foreign software and hardware
By 2020, the networks of all Russian telecom operators and data centers must consist of 85 percent of Russian domestically produced telecommunications equipment. This proposal is part of the “road map” for the import replacement policy announced by Vladimir Putin and due to western sanctions. The proposal was prepared by a working group under the presidential administration. According to the Kommersant newspaper, the task is to be performed by increasing import taxes on foreign equipment, as well as by a ban on the use of foreign-made equipment in several fields of activity. By 2017, the Russian operators will be banned from using foreign equipment in operations such as for accumulating statistics, inspection, analysis, and filtering of network packets by their content (DPI) and also in all services provided to state structures.
MIDDLE EAST
Iran plans to take cyberattacks against its nuclear facilities to domestic and international courts
Iran plans to file cases against individuals and companies that were behind cyberattacks on its nuclear facilities, viewing them as criminal acts.
Middle East countries are the main targets for cyberattacks in the energy sector
Symantec and Honeywell have provided data on the common attacks on energy companies in the Middle East in 2015.
UAE companies are vulnerable due to lack of staff training
Research from Symantec and Deloitte has found that two-thirds of the companies are still incapable of protecting themselves from sophisticated attacks.
CHINA and ASIA PACIFIC
The Hong Kong Productivity Council has urged local businesses to improve cybersecurity
The Hong Kong Productivity Council (HKPC) has urged local businesses to improve the security of their websites and networked industrial systems from the rising threat of cyber attacks. “The proliferation of ransomware involves careful engineering and a detailed operational model devised by cybercrime syndicates. They even offer ‘ransomware-as-a-service’ to other criminals with no cyber know-how,” said Willy Lin Sun Mo, the chairman of the HKPC. During the first eight months of 2016, ransomware attacks grew at an alarming rate. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) recorded 236 ransomware-related cases. This is a 476 percent increase over the same period last year. According to Leung Siu-Cheong, a senior consultant of HKCERT, given the commercialization of ransomware, wrongdoers who are not even computer whizzes can commit cyber hijacking with ease.
Cybercrime rose 350 percent in India in three years
According to a joint study by Assocham and PwC, India has witnessed a 350 percent rise in cybercrime cases from 2011-2014. In the past, attacks have been mostly initiated from countries such as the United States, Turkey, China, Brazil, Pakistan, Algeria, Turkey, Europe, and the United Arab Emirates. With the growing adoption of internet and smartphones, India has emerged as one of the favorite countries among cybercriminals, said the study. “Not only individuals, but also businesses and governments are being targeted. The profile and motivation of cyber attackers are fast changing. The Indian CERT has also reported a surge in the number of incidents handled by it, with close to 50,000 security incidents in 2015,” noted the study.
Inside Singapore’s Cyber Security Agency
Singapore is a very attractive target for cybercriminals because of its role as a commercial hub. David Koh, head of Singapore’s Cyber Security Agency (CSA), said that “Part of the military career deals with managing challenges when the situation is still developing, and when you don’t have the full extent of information but you still need a decision. In the area of cyber security, we don’t have full information, and the landscape is changing very rapidly.” Koh said that there has been a rise in complex attacks like ransomware, which take control of a computer. He continued saying that, “80 to 90 percent of the attacks are not technically sophisticated,” with simple measures being able to prevent them. Singapore has divided the critical infrastructures into eleven sectors, with three industries topping the agency’s priority list: energy, telecommunications, and finance. If the energy and telco sector were attacked, it could have severe repercussions across the country. Power grids, are “an underlying layer which everything else depends on.” Traffic lights, factories, and businesses cannot run without electricity. The same is true of telecommunications. Each sector has different regulations, so Koh’s team works closely with industry regulators to set broad frameworks for cyber protection. Cybersecurity awareness is a key focus of Koh’s work.
AFRICA
Kenya: Companies and the state must act now to improve cybersecurity
A recent study on the state of cybersecurity in Kenya shows that 70 percent of Kenyan businesses is vulnerable to cybercrime, yet most are ignorant of this. The government is the most vulnerable to cybercriminals, according to the report. Banking is a close second due to its increasing reliance on technology and third parties to perform and enhance management and transfer of money. Financial services and mobile banking are ranked third in vulnerability. Kenyan companies conservatively lose 15 billion Kenyan shillings annually to cybercrime, but this figure could be significantly higher, considering that most victims are not even aware that they are vulnerable.
