Global Cyber Bi-Weekly Report by INSS December 15, 2016
ISRAEL
Israeli experts heading to Japan to provide much needed cybersecurity
Local cybersecurity company Cybereason announced on Tuesday that it is partially relocating to Japan, following a $59 million investment by Japanese Internet giant Soft-Bank. The move is part of a larger trend in Japan, which is seeking international corporations and foreign experts in its fight against an increasing wave of cyberattacks against its institutions.
PayPal, Ben-Gurion University to partner on new cybersecurity research
Online payments company. PayPal is deepening its involvement in Israel by establishing a new collaboration with Ben-Gurion University of the Negev (BGU). They will conduct joint R&D in the fields of big data, machine learning, and cybersecurity. It is the first such collaboration between PayPal and an Israeli university, BGU said in a statement.
UNITED STATES
Intelligence officials refuse to brief House panel on Russian hacking
House Intelligence Committee Chairman Devin Nunes blasted as “unacceptable” the refusal of the FBI, CIA, and National Intelligence directors to brief his panel on the Russian cyberattacks that occurred during the presidential campaign. Nunes had requested that National Intelligence Director James Clapper, with participation from FBI Director James Comey and CIA Director John Brennan, brief committee members in a closed session. The briefing has now been cancelled. In a letter sent to Clapper on Monday, the California Republican, said he wanted clarification about why the CIA is now saying that Russian hacks of political campaign committees earlier this year appeared to be aimed at helping President-elect Donald Trump and hurting Democrat Hillary Clinton. Nunes pointed to testimony from Clapper in a public hearing in November that the Intelligence Community lacked the evidence to draw such a conclusion.
http://usat.ly/2h2LIMh
Yahoo admits one billion accounts compromised in newly discovered data breach
Yahoo has reported that a massive data breach occurred in August 2013, disclosing personal details of more than one billion user accounts, in what is believed to be the largest data breach in history. And it is a different breach from the one disclosed by Yahoo! in September, in which hackers compromised as many as 500 Million user accounts in late 2014. What is troubling is that the company has not been able to discovered how “an unauthorized third party” could steal the data associated with more than one billion users.
http://bit.ly/2gNG5UM
EUROPE
Germany observed an increase of Russian cyberattacks and cyber propaganda
Recently, the Federal Office for the Protection of the Constitution—the German internal security agency—reported a significant increase of Russian propaganda and disinformation against German society as well as targeted cyberattacks against political parties. Indeed, Hans-Georg Maassen, the head of the BfV intelligence agency, said that, “We see aggressive and increased cyber spying and cyber operations that could potentially endanger German government officials, members of parliament and employees of democratic parties.” The German agency added that they observed different Russian propaganda tools and a large amount of financial resources used to launch disinformation campaigns aimed to strengthen extremist movement and parties as well as to destabilize the country. Furthermore, there has been an increase of spear-phishing attacks attributed to the Russian hacking group APT 28. In recent weeks, Russia has been suspected and sometimes even accused of many cyberattacks as well as cyber propaganda operations against several countries having national election including the United States, Germany, and France. Russia seems to be using cyber propaganda as a political weapon for influencing foreign election results.
France strengthen its offensive cyber capabilities
On December 12, Minister of Defense Jean-Yves Le Drian unveiled France’s doctrine for fighting in cyberspace, including an offensive strategy. One of the measures of this doctrine is the creation of a head of cyber command position. The minister declared, “The cyber weapon is a weapon in its own right, one of the way available to the military command.” The aim of this doctrine is clearly to strengthen the offensive cyber capabilities of the country. France wants to develop cyber weapons and capabilities that will allow them to thwart and disrupt its enemies’ capabilities. Le Drian added that “Our cyber-offensive capabilities must allow us to introduce ourselves into the systems or networks of our enemies, in order to cause damage, interruptions of service or temporary or permanent neutralization.” The offensive pillar remained secret for a while and now appears to be fully assumed by the Ministry of Defense. The offensive doctrine adopted by France covers two aspects, including retaliation and neutralization. Thus, when facing a cyberattack, the French government will be ready to use a wide range of possible solutions, including cyber weapons. Like the United States or the United Kingdom, France now has openly expressed its desire to engage in cyber offensive operations if needed. This new doctrine also openly demonstrates to those who would like to target France that the country is prepared to respond to a significant cyberattack against its infrastructure.
RUSSIA
Russian Federal Security Service: we revealed a massive planned cyber offense
A special commission of the Russian Federal Security Service (FSB) concluded that foreign intelligence services were preparing large-scale cyberattacks in order to destabilize the Russian financial system. The attacks were to begin on December 5, according to the website of the FSB. “Cyberattacks were planned to accompany mass sending of provocative SMS-messages and publications on social networks (blogs) in relation to the crisis of credit and the financial system in Russia, business failure, and revocation of licenses of a number of leading banks at the federal and regional level. The campaign was aimed at several dozen Russian cities,” the agency said.
Putin approved new information security doctrine
President Vladimir Putin has approved a new Russian doctrine of information security. One of its directions is strategic deterrence and prevention of military conflicts that may arise from the use of information technology. One of the main goals of the doctrine, according to President Putin, is to improve the information security of the Russian Armed Forces.
Russia: Pentagon’s new strategy of electronic warfare intended to block S-300 and S-400
Russian cybersecurity specialists have concluded that one of the main components of the Pentagon’s new strategy of electronic warfare, which it is about to be published, is to allow US aircraft to “escape” from the Russian missile defense systems, or at least “turn off” missile defense tools that can detect enemy targets on different frequencies and bands. Russia refers to it as focused on S-300 and S-400 systems, RIA Novosti News Agency said. The document is designed for departments of contractors and military officials, and provides guidance on the amount of investment in electronic warfare (EW) equipment and defines the principles of the relevant units.
Russian military to protect its communications with a new system
The Russian Ministry of Defense will protect its military staff, field headquarters, and sensitive sites with the unique ABBAT system, which will suppress the wireless data transmission network (BSPI) of the enemy, prevent cyber penetration from outside, and make the Russian communication channels invisible, according to Denis Skoritsky, a representative of the developer, MASCOM Group.
MIDDLE EAST
Iran is likely behind Saudi Arabia attacks
A malware disabled thousands of computers across multiple government ministries in Saudi Arabia. Several US cybersecurity firms claim that Iran’s fingerprints are all over the attack.
NATO trains Iraqi experts on cyber defense
The course took place in Ankara, Turkey to address Iraq’s cyber defense needs.
CHINA and ASIA PACIFIC
China’s Great Firewall incorporated into Russian cybersecurity
Russian and Chinese authorities have joined forces to bring the internet and its users under greater state control. Russia has been working to incorporate elements of China’s Great Firewall into the “Red Web,” its system of internet filtering and control, marking unprecedented cyber collaboration between the countries. The decision to block the networking site LinkedIn in Russia is the most visible in a series of measures to bring the internet under greater state control. Legislation was announced this month that gives the Kremlin primacy over cyberspace, the exchange points, domain names, and cross-border fiber-optic cables that make up the architecture of the internet. Earlier this year, Security Council Secretary Nikolai Patrushev held two meetings with Chinese politburo members on information security, and in June, Putin went to Beijing to sign a joint communique about cyberspace. What the Russians want most from China is technology. Russia has no means of handling the vast amounts of data required by Yarovaya’s law, and it cannot rely on western technologies because of sanctions; thus, the Chinese are willing to lend a hand. The Russian telecoms equipment manufacturer was in talks with Huawei, the Chinese telecom company, to buy technologies for data storage and produce servers to implement the law. Chinese officials also ensured that senior Huawei staff were present at key information security conferences in Russia, and the company was the major sponsor of the Russian information security forum held in Beijing in October. On November 7, China adopted a controversial cybersecurity law that revived international concerns about censorship in the country. In a sign that collaboration between the countries is mutually beneficial, the legislation echoes Russia’s rules on data localization and requires “critical information infrastructure operators” to be stored domestically, which was the problem with LinkedIn. It seems that the exchange of ideas has already borne fruit.
China, United States hold third cyber security ministerial talks
The third China-US ministerial dialogue on fighting cybercrimes was held in Washington on December 7, 2016. The dialogue was co-chaired by China’s State Councilor and Minister of Public Security Guo Shengkun with US Attorney General Loretta Lynch and Secretary of Homeland Security Jeh Johnson. At the meeting, Guo noted that under the auspices of Chinese President Xi Jinping and his US counterpart Barack Obama, China-US cooperation in safeguarding of cybersecurity was a priority and had yielded positive outcomes by means of cracking down on cybercrimes and related matters. Guo urged the two sides to act strategically and with a long-term perspective, maintain high-level contacts, respect the each other's interests and concerns, properly manage differences, enhance cooperation in areas such as the fight against transnational crimes, terrorism, and criminal chasing and anti-drug campaigns, and establish sustainable cooperation in law enforcement. Guo noted that the leaders of both countries highly value the cooperation in law enforcement and reached crucial agreements regarding cybersecurity and additional cooperation in law enforcement. He urged the two sides to maintain ministerial-level dialogues and ensure a smooth transition in China-US cooperation with the new US government. The two sides agreed to convene the next cybersecurity ministerial dialogue in China in 2017.
India's IT minister orders measures to strengthen India's cybersecurity
Due to several hacking incidents by the hacker group Legion, the Ministry of Electronics and IT has ordered a series of measures, including auditing the financial sector, starting immediately with the National Payment Corporation of India (NPCI), review of the IT Act to make it stronger, and setting up a team to be ready to respond to unusual incidents on a war footing. Twitter has also been asked to strengthen its network and all stakeholders of the financial industry have been asked to immediately report any incidents. Minister of Electronics and IT Ravi Shankar Prasad said that he has ordered a review of the “entire IT infrastructure” of India and the need is "hardening" for stronger security. “There is huge traffic flowing through the IT platforms, if there is any mishap, the systems have to be resilient and we have to take appropriate measures. India is going towards digital payments and we need to reinforce the entire architecture,” said Prasad. He added that all ministries have also been asked to appoint central information security officers, in addition to creating awareness among people regarding cyber security. Two major initiatives to curb cybercrime—the BotNet Center and the National Cyber Coordination Center—will also be expedited and are expected before the end of this financial year.
IBM launches cyber security center for India
The head of security services in IBM India, Sandeep Sinha Roy, indicated that cybersecurity concerns are not misplaced. “We deal with an average of 140 million incidents in India a month,” he said. IBM has launched a state-of-art cybersecurity command center in Bengaluru to offer customized security solutions to its Indian clients. The company says it had planned this center long before the extra push to digitalize in India came from demonetization. Security concerns are becoming imperative as the Modi government aggressively pushes digital payments. The new center offers tailor-made solutions for clients, provides alerts and advisories based on global events, gives around-the-clock emergency response services for security breaches, and manages the security of devices being used by employees. It can ensure that data resides within the country and never leaves, a compliance requirement that some enterprises in India need to follow. IBM will provide the power of its Watson cognitive computing system, and thus provide a whole new level of analytics and instant response. Mathew Newfield, director of managed security services in IBM, said Watson is being beta tested with forty global clients. “We will start training Watson in the Indian environment shortly,” he said. Apart from local centers like the new one in India, IBM also has ten global security service centers, including one in Bengaluru, which have recently been rebranded as X-Force Command Centers that work as a single entity to service clients globally.
AFRICA
Kenya records an estimated 3,000 successful or failed attacks every month
Kenya faces a potentially huge cybersecurity problem. Cyberattacks are on the rise according to recent trends. Kenya currently records an estimated 3,000 successful or failed attacks every month according to the ISACA (Information Systems Audit and Control Association), the ICT governance organization.
eTranzact moves to curb cybercrime in Nigeria
“Fighting cybercrime requires the collaboration of the entire ecosystem from the banks, switching companies, to the regulatory bodies,” said Valentine Obi, CEO of eTranzact. At the Information Systems Audit and Control Association Conference, which took place in Lagos, eTranzact announced that it has started to implement Applock on its platforms. Applock is a technology that ties mobile financial service apps with mobile phones to help banks, mobile money operators, and other partners reduce cyber fraud and safeguard the financial information of customers. In the first half of 2016, cyber fraud attempts in Nigeria reportedly increased by at least 1,000 times compared to the previous year. Nigeria loses 127 billion naira to cybercrime yearly, and Nigeria’s National Information Technology Development Agency (NITDA) estimated that the local population lost $450 million to digital fraud in 2015. The rate of cybercrime has grown more rapidly in Lagos and other major African cities such as Cairo, Johannesburg, and Nairobi than in any other area of the world. Internet services have become more readily available and usage has grown in Nigeria from 23.9 million in 2008 to 82.1 million in 2015. The country arguably bears the greatest risk on the continent for cyber-related offences, including fraudulent financial transactions. Due to the growing threat of cyber-related crimes, eTranzact has been heavily focused on building the infrastructural backbone of what is required to take this industry to new heights.
