Global Cyber Bi-Weekly Report - Oct 1, 2016
ISRAEL
Israel’s CyberArk report finds poor cybersecurity habits persist worldwide
Israel’s CyberArk published the results of a survey it conducted with 750 IT and IT security decision-makers from around the world, showing that the threat awareness has increased among IT professionals, but that does not mean better defensive practices. The report shows rising confidence in cybersecurity strategies and, at the same time, poor IT security habits continue across the industry in critical areas such as privileged account security, third-party vendor access, and cloud usage. According to the report, 79 percent of respondents said their organization has taken appropriate action to improve security while 55 percent of respondents said they have changed processes for managing privileged accounts. 40 percent of interviewees store privileged and/or administrative passwords in Word documents or spreadsheets on a company computer, making this information easy for a hacker to discover. Another finding showed that nearly half of the organizations commonly allow third-party vendors (such as supply chain and IT management firms) remote access to their internal networks, making them an additional pathway for cyberattack. According to the report, “Many global organizations are taking positive steps toward better protecting against the damaging effects of a cyberattack, including implementing measurable security programs to benchmark progress. However, there is still a gap between ‘awareness’ and ‘preparedness’ in protecting against attacks.”
Massachusetts governor plans first overseas trade mission to Israel and focuses on pitching the state as potential business hub for Israeli cybersecurity firms
Administration officials say the focus of six-day trip to Israel will be to pitch Massachusetts as a potential business hub to Israeli cybersecurity and digital health firms looking to expand into the United States. According to officials, the trip also reflects the longstanding economic and cultural ties between Israel and Massachusetts. About 16 percent of all immigrant founders of technology companies in Massachusetts came from Israel. Cybersecurity can also be critical to the development of other kinds of new technology connected to the internet, from self-driving cars to heavy industrial machinery. They said the best way to make the pitch for Massachusetts is face-to-face in Israel.
http://www.timesofisrael.com/massachusetts-governor-planning-first-overseas-trade-mission-to-israel/
UNITED STATES
FBI probes hacks targeting phones of Democratic Party officials
The FBI is investigating suspected attempts to hack mobile phones used by Democratic Party officials. The revelation underscores the widening scope of the US criminal inquiry into cyber attacks on Democratic Party organizations, including the presidential campaign of the Democratic candidate, the former US secretary of state, Hillary Clinton.
Probe of leaked NSA hacking tools examines operative’s ‘mistake’
An American investigation into a leak of hacking tools used by the National Security Agency (NSA) is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them. The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet were dumped onto public websites last month by a group calling itself Shadow Brokers.
EUROPE
UK National Cyber Security Center set to launch
The National Cyber Security Center (NCSC) is set to launch officially on October 1, and will be open for business from October 3. The NCSC will be led by CEO Ciaran Martin, former director general of government and industry cyber security at the intelligence agency GCHQ. The technical director will be Ian Levy, former technical director of cyber security at GCHQ. The NCSC will be run from new offices in London as well as from offices near Cheltenham, Gloucestershire. The NCSC began preparatory work and conducted trials and pilot studies over the summer. It has four main goals. These are to reduce cyber security risk in the United Kingdom; to respond effectively to cyber incidents and reduce the harm they cause to the United Kingdom; to understand the cyber security environment, share knowledge and address systemic vulnerabilities; and to build the cyber security capability of the United Kingdom, providing leadership on key national cyber security issues. The organization will also help to develop the country’s pool of cyber security skills. The NCSC has five areas of focus: engagement, strategy and communications, incident management, operations, and technical research and innovation.
GCHQ to help start-ups at Cheltenham Cyber Innovation Center
The UK government has announced a new partnership between Wayra UK, the Department for Media Culture and Sport and the Cheltenham-based intelligence and security agency (GCHQ) to run a new program. The new initiative, known as an “accelerator,” will help new high tech companies produce groundbreaking technologies to keep Britain safe from cyberattacks. The accelerator will be based at the new Cheltenham Innovation Center, as part of the government's £1.9 billion national Cyber Security Programme.
The Accelerator team is hoping to hear from start-ups with good ideas and said “We are looking for companies who are using novel techniques to solve real, existing cyber security problems and digital companies whose products could be applied in a cyber security context. In addition, we would be interested in next generation solutions that are faster, better and cheaper than that which already exists and which lower the bar to entry. But they must solve a known problem – we are not looking for research proposals via this process.” The Cheltenham Innovation Center is expected to begin working near the end of the year, and the one in London in 2017. The government has promised £250 million funding over five years for both centers.
German military carried out first foreign cyberattack in Afghan hostage operation
The Bundeswehr’s (German Armed Forces) special cyber unit has conducted the nation’s first known “offensive” cyber operation in 2015, when it hacked into the network of an Afghan mobile network provider. The secretive cyber operation was reportedly conducted to uncover the location of a kidnapped aid worker. According to unspecified sources, the Bundeswehr’s Computer Network Operations Unit (CNO) carried out the hack after a German national identified as Kaethe B., working for the German Association for International Cooperation (GIZ) was kidnapped in Kabul on 17 August, 2015.
The cyber unit was reportedly tasked with providing support and information to the German Special Forces Commando (KSK) on site, which was prepared to carry out an operation to retrieve the hostage in the event that negotiations failed. The CNO, however, hacked into the Afghan mobile operator’s network and managed to access the geo-location of the kidnappers to set up real-time surveillance. After having been kept hostage for two months, Kaethe B. was released in October 2015, following payment of ransom.
The German Defence Ministry has yet to comment on the operation. According to experts, however, the operation is considered to be an “offensive penetration” instead of a full-blown cyberattack, given that it did no damage to the targeted Afghan firm. The ministry stressed the CNO is exclusively a research unit, established to advance the Bundeswehr’s defensive capabilities against cyberthreats. The ministry has also said that the special unit only simulates cyberattacks within the lab. The CNO, which has been active for over a decade, is believed to currently employ 80 IT specialists. In April 2016, German Defense Minister Ursula von der Leyen launched a new special cyber division called the Cyber and Information Field, which will employ over 13,000 experts. The unit is slated to be “combat ready” by 2021.
RUSSIA
US released an official warning to Russia about Democrats
On Thursday, September 22, the US Democratic Party leadership accused Russia of trying to influence the presidential election by hacking its computer systems. “Based on our data, we concluded that the Russian intelligence services are making serious and concerted attempts to influence the US elections,” said Senator Dianne Feinstein and Congressman Adam Schiff in a joint statement. The administration of US President Barack Obama concluded that the attack on the Democratic Party of the United States was executed by Russia. “We call on President Putin to order the immediate cessation of such actions,” the administration said in a statement.
Still no proof of Russian link to Yahoo attack
Yahoo executives detected hackers in their systems in the Fall 2014 whom they believed were linked to Russia and who sought data on thirty to forty specific users of the company’s online services. The attack led to the theft of information from 500 million user accounts, which Yahoo disclosed Thursday. In that disclosure, Yahoo said the information was stolen from its network in late 2014 by a “state-sponsored actor.” At the time of the 2014 attack, Yahoo executives concluded that it was linked to Russia because the attack was launched from computers in Russia.
MIDDLE EAST
Suspicion of hacking of Iran's oil industry is on the rise
A series of fires at Iranian petrochemical plants and facilities have raised suspicions about hacking potentially playing a role, with authorities saying that “viruses had contaminated” equipment at several of the affected complexes.
NSA chief secretly arrives in Israel to discuss Iran and Hezbollah cyber warfare
The director of the US National Security Agency, Admiral Michael Rogers, paid a secret visit to Israel last week to discuss cooperation in cyber defense, in particular to counter attacks by Iran and its Lebanon-based proxy Hezbollah.
Cybercrime on the spot in Abu Dhabi in Cisco’s sponsorship
Cisco recently participated in the eighth e-Crime Congress in Abu Dhabi, which highlighted latest trends, techniques, and regulations in electronic data protection, cyber security, fraud, and privacy. The congress also addressed a critical shortcoming in the war against cybercrime – the lack of skilled security professionals.
CHINA and ASIA PACIFIC
Canada attempts to get cyber promise from China
In 2015 the United States and China signed an agreement neither to direct nor support cyber attacks that steal corporate data for economic benefit. Now Canada wants to do the same. A spokesman for the public safety minister told the Globe and Mail that Canada will try to procure a similar agreement, which has also been negotiated between China and the United Kingdom. Curtis Levinson, a cyber security consultant and the US cyber defense advisor to NATO is dismissive. “Such agreements have value only in a political and/or media sense. China has no intent to stop hacking the United States and most likely has no intent to cease hacking at China. The cyber ‘bad actor’ in China is the ‘Peoples Liberation Army’ (PLA), which is largely disconnected from the Central Communist Party.”
Imran Amad, a member of the advisory board of the Canadian Advanced Technologies Alliance’s cyber security council doubts Canada will reach an agreement similar to the one it signed with the United States. “The United States has offensive cyber capabilities that it leveraged to get a deal. It’s also the largest economy in the world. It is unclear to me what Canada can leverage vis-à-vis China in order to get similar type of outcome.”
China cyber espionage continues
The US Cyber Command recently reported within secret government channels that China is continuing aggressive cyber espionage against American companies. An intelligence report disseminated earlier this month stated that one of China’s biggest cyber spying operations involved the theft of 1.65 terabytes of sensitive proprietary data from a major US software company (that was not identified by name), according to a defense official familiar with the report. The hacker group behind the data theft is part of the Ministry of State Security, China’s main police and intelligence service. The hacking operation was carried out from at least October 2015 and contradicts the US-China agreement on cyber espionage reached between President Obama and Chinese President Xi Jinping in September 2015.
Cyber attacks on the rise in Singapore
Cyber attacks in Singapore are on the rise, with 72 percent of CIOs detecting the attacks more now than twelve months ago, according to research commissioned by specialist recruiter Robert Half. Findings show that 85 percent of Singaporean CIOs expect their companies will be attacked more often because they lack skilled IT security talent – well above the 78 percent average of the eight countries surveyed. The only two countries with a higher percentage than Singapore are Brazil (93 percent) and Japan (87 percent). Singapore has the highest percentage of CIOs predicting “significantly more” cyberattacks in the next five years – 30 percent compared to the global average of 19 percent. IT leaders say the top three cyber security risks facing Singaporean organizations in the next five years are data abuse/data integrity (59 percent), spying/spyware/ransomware (54 percent), and cybercrime (53 percent). In response to the new wave of cyber attackers, almost a quarter (23 percent) of Singaporean CIOs plan to add new permanent IT security professionals to their team in the next twelve months. One in three (29 percent) say they are planning to hire IT professionals for newly added contract positions within their team.
PM Lee to launch Singapore's cyber security strategy
Prime Minister Lee Hsien Loong will launch Singapore’s new cyber security strategy at the inaugural three-day Singapore International Cyber Week (SICW), starting on October 10. SICW is organized by the Cyber Security Agency (CSA) of Singapore and over 3,000 political leaders, government and policy decision-makers, industry players and delegates are expected to attend, as well as a total of almost 200 sponsors and participating organizations represented. CSA chief executive David Koh said that cyber security threats are global and borderless. “It is imperative that governments and organizations come together to have frank and robust discussions to explore partnership opportunities and develop new capabilities,” he said.
AFRICA
Nigeria Summit to address billions lost to cybercriminals
Nigeria has lost an estimated N129 billion through cyber scams over the past decade. Therefore, Nigeria will host the CyberXchange Conference 2016 (CyberXchange.com) at the Landmark Event Center in Lekki Peninsula, on November 2-3. The conference seeks to identify the key trends and technologies in cybersecurity in a number of industries. Among these are finance, payments, e-commerce, banking, telecommunications, law enforcement, oil and gas, insurance, digital media, energy, and emerging start-up companies. Organizations that will be represented include powerhouses such as IBM, Interswitch, Ernst & Young, UBER, Belverdere, PAGA, Digital Encode, Central Bank of Nigeria, and Union Bank.
