Global Cyber Bi-Weekly Report by INSS February 15, 2017
ISRAEL
NTU Singapore, BGU Israel team up on cyber project
Nanyang Technological University (NTU Singapore) and Ben-Gurion University of the Negev (BGU) are teaming up to find new ways to fight advanced cyberthreats, using the human body’s fight against bacteria as a model. The aim of this joint research project, called the Bio-Inspired Agile Cyber Security Assurance Framework (BICSAF), is to develop innovative technologies for tackling Advanced Persistent Threats (APTs)
IAI earmarks cybersecurity as key growth engine
Israel Aerospace Industries Ltd. (IAI), the country’s largest aerospace and defense company, said it has set up a special division to deal with the cyber business of its subsidiary ELTA Systems Ltd., a defense electronics company. The IAI has appointed Esti Peshin as the general manager of the division. The government-owned company, which manufactures military and civilian aircraft and products, said it ended 2016 with contracts totaling over $100 million in the fields of cyber intelligence, cyber forensics and analysis, and cyber defense centers. “We consider cyber to be a strategic field of activity and a growth engine at IAI, and expect it to continue to expand significantly in the coming years,” said Joseph Weiss, IAI’s president and CEO.
UNITED STATES
United States sentences Turkish hacker to eight years in prison for cyber heists
The hacker, Ercan Findikoglu, was a leading member of a gang responsible for stealing $55 million from ATMs globally in one of the most advanced bank heists in history.
United States eases restrictions on cybersecurity sales to Russian spy agency
The US Treasury Department has eased economic sanctions on Russia, allowing some cybersecurity transactions with the Russian Federal Security Service. The move by Treasury makes changes to sanctions initially imposed in reaction to alleged “malicious cyber-enabled activities” by Russia's security service in the US electoral process.
Head of NSA to brief senators on cyber threats
Senators on the Armed Services Committee will be briefed on cyber threats. The closed hearing will feature testimony from Adm. Michael Rogers, who holds the dual-leadership role at US Cyber Command and the National Security Agency (NSA). Sen. John McCain, who chairs the committee, has set up a new subcommittee on cybersecurity to oversee the Defense Department’s cyber capabilities.
EUROPE
UK government launches cyber security unit
The British government officially launched its National Cyber Security (NCS) Center designed to protect the authorities and companies against cyberattacks. On February 14, Her Majesty, The Queen opened the NCS Center in central London. The unit, which has been operating since late last year but was only officially launched now, is part of GCHQ, the United Kingdom’s security and intelligence agency. Its job is to discover vulnerabilities in public sector websites, help government departments better protect their email, and take down phishing sites that could harm users. It has already taken down “tens of thousands” of such sites, a government statement said. “Business has to sharpen its approach as the scale of the threat from cyber increases and intensifies. And this center stands ready to help them in doing that,” Chancellor of the Exchequer Philip Hammond said at the opening.
Fallon: Russian hacks ‘aim to destabilize the West
UK defense secretary Michael Fallon has accused the Russian government of “weaponizing misinformation” in an effort to destabilize the West. Speaking at the University of St Andrews, Fallon laid the blame for the “post-truth age” squarely at the Kremlin’s door. He also alluded to recent attacks on Bulgaria, Ukraine, and the Democratic Party’s servers, citing “the use of cyber weaponry to disrupt critical infrastructure and disable democratic machinery Russia is clearly testing NATO and the West. It is seeking to expand its sphere of influence, destabilize countries, and weaken the alliance. We’ve seen a persistent pattern of behavior that is becoming more pronounced,” said Fallon.
French presidential candidate Macron accuses Kremlin of discrediting him; Russia denies
The Kremlin denied on February 14 that it was behind media and internet attacks on the campaign of French presidential frontrunner Emmanuel Macron although his camp renewed the charges against Russian media and a group of hackers operating in Ukraine. Kremlin spokesman Dmitry Peskov said charges made by Macron’s party chief, Richard Ferrand, were absurd. On February 13, Ferrand said that the French centrist politician had become a “fake news” target of Russian media, which is spreading “the most defamatory” rumors about Macron, including about his private life, the financing of his campaign, and that his campaign was facing thousands of internet attacks. On February 14, Ferrand renewed those charges saying that the databases and email boxes of Macron’s En Marche! (Onwards) party were under attack. He said about half of these thousands of attacks came mainly from Ukraine and had been organized and coordinated by a “structured group” and not by lone hackers.
Dutch government helps political parties boost cybersecurity
The Dutch government is working with political parties on security measures to prevent cyberattacks and other interferences prior to the general elections in March. The plans were outlined in a letter by the Minister of Interior Affairs Ronald Plasterk and Minister of Security Ard van der Steur to the Dutch parliament in January. The government is analyzing vulnerabilities in organizations connected to the elections, the digital security of politicians, and the threat of fake news, the letter read. The interior minister’s cabinet is “is aware of the risk” of election hacking and the government has to be “very alert.”
RUSSIA
More than one billion rubles stolen in hacker attack
As was announced by the spokesman of the Russian Ministry of Interior on February 8, a Russian hacker group committed a major hacking theft in Russia. Nine suspects were detained in five Russian regions, who were part of a large group of hackers from seventeen regions throughout the country, and who stole from bank accounts more than one billion rubles.
Russian forces to receive new gear with electronic cyber elements
The chairman of the Russian military-scientific committee of the Ground Forces Alexander Romanuta announced that by the 2020 all the soldiers of the Russian Ground Forces will be provided with the “future” combat gear called “Ratnik.” The “Ratnik” equipment complex will be equipped with special cyber-secure communication devices, a computer with a special waterproof processor, a scope which transmits an image on command, and control screens, a sensor system which transmits the status of the fighter, his location, amount of ammunition, body temperature, and blood pressure.
Russia to integrate all civil security and emergency information systems into one
Deputy Prime Minister Dmitry Rogozin announced that a federal automatic emergency system “Era GLONASS,” which is based on the Russian satellite navigation platform “GLONASS,” urban surveillance and control system “Secure-City,” and a single civil emergency call system “112” will be integrated into one national global security information system.
MIDDLE EAST
An ongoing cyber war between Iran and Saudi Arabia
Since 2012, both countries have been engaged in a digital conflict shooting cyber artillery at each other. The conflict began when Iranian hackers destroyed more than 30,000 computers of the Saudi energy company Aramco, the biggest energy company in the world. Since then, and as recently as last week, new cyberattacks have unfolded. Just last week, the Saudi Computer Emergency Response Team (CERT) issued a warning about an Iranian malicious code that seeks to cripple entire information systems of Saudi organizations. A Saudi counter attack is now expected.
British National Health Service websites were hacked by cyber group linked to ISIS
National Health Services in Britain were hacked by a cyber group linked to ISIS. The hack was a defacement attack, replacing legitimate web pages with graphic photos of the war in Syria. The hack came after a government report warned ministers to make more efforts to protect the country from cyber terrorism. It is also believed that the attacks may have exposed patient data.
Egypt uses cyberattacks to target NGOs
Egyptian human rights groups are being targeted by a wide-scale phishing campaign headed by Egypt’s intelligence agency. The sophistication of the campaign was in its deception rather than in its technology. The emails used in the campaign referred to recent news events in Egypt that happened just hours before the phishing emails were sent.
http://bit.ly/2kATpKP
CHINA and APAC
China to introduce review commission on cyber security
According to a document on the security of internet products and services released by the Cyberspace Administration of China (CAC), a commission will be established to deliberate important policies on cybersecurity and organize reviews. The document proposed that internet products and services related to national security and the public interests should undergo a security review. According to the CAC, reviews will focus on whether the products or services are secure and sufficiently managed, and whether they have risks of illegal control, disruption or interruption. The reviews will also evaluate risks of providers who use their products or services to illegally gather, store, process or utilize user information.
India saw more than 50,300 cybersecurity incidents in 2016
The Indian Parliament was informed that over 50,300 cybersecurity incidents including phishing, website intrusions, defacements, viruses, and denial of service attacks were observed in the country during 2016. “As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total number of 44,679, 49,455 and 50,362 cyber security incidents were observed during the year 2014, 2015 and 2016, respectively,” stated the Minister of State for Electronics and IT.
South Korea, Japan, and China to discuss North Korea’s cyber threats in Tokyo
South Korea, Japan, and China will hold a trilateral meeting to coordinate their policies on cybersecurity in Tokyo, including their joint response to North Korea’s evolving cyber threats, the South Korean foreign ministry said Thursday. Special attention will be paid to joint response measures to North Korea cyberattacks, which evolve as an advanced persistent threat. Cyber threats to key national facilities and Internet of Things networks are also on the agenda. The latest session is expected to bring the level of the three countries’ trust-building one step higher through discussions in trilateral judiciary cooperation, joint responses to cybercrimes, and preparation for hosting the Olympics. The three-way cyber policy talks were launched in October 2014 and their foreign ministers agreed in March 2015 to hold the meeting on a regular basis.
Cyber Security Agency of Singapore to launch “Live Savvy with Cybersecurity” campaign
The Cyber Security Agency of Singapore (CSA) has informed that it is organizing the “Live Savvy with Cybersecurity” campaign, its first national cybersecurity awareness campaign. The campaign will show that cybersecurity is not technical nor difficult to apply, and it can be simplified into easy-to-adopt steps for everyone. CSA encourage a mind-set to secure one’s digital assets, similar to people automatically locking their door and windows before leaving their home.
Vietnam among the most vulnerable to cyber threats
Microsoft Asia, the Asian branch of the American computer giant, released regional findings in the Security Intelligence Report (SIR), a biannual report that provides unique insights into the cyber threat landscape. The new edition of the Microsoft Security Intelligence Report covers threat data from the first half of 2016, based on analysis of threat information from over a billion systems worldwide. Also included are long-term trend data and detailed threat profiles for over one hundred individual markets and regions. According to the report, Vietnam faces the second-highest level of cybersecurity risk in Asia Pacific markets. The latest report identified Asia Pacific markets—especially emerging markets—among those facing the highest risk of cybersecurity threats. Of the top five locations across the globe most at risk of infection, two are located in Southeast Asia: Vietnam and Indonesia. Both locations had a malware encounter rate of more than 45 percent in the second quarter of 2016, which is more than double the worldwide average of over 21 percent during the same period.
AFRICA
Nigeria suffered over 2000 cyberattacks in 2015
The Nigerian Information Technology Development Agency stated that Nigeria suffered 2,175 cyberattacks in 2015. The agency disclosed that a total of 585 government-owned websites were among the 2,175 Nigeria websites hacked in 2015. About 14 percent of Nigeria’s 97 million internet users suffered cyberattacks, which necessitated the setting up of the Cyber Security Committee. A threat intelligence assessment by Check Point Software Technologies for the global payment company, PayPal, showed that Nigeria ranked as the seventeenth most attacked nation in the world in 2015.
Uganda has signed a MOU with Malawi aimed at boosting cybersecurity capacity
The Government of Uganda has signed a memorandum of understanding (MOU) with the government of Malawi aimed at boosting cybersecurity capacity and electronic governance of the two nations. The function, which took place at the Ministry of ICT headquarters in Kampala, was presided over by Frank Tumwebaze, Uganda’s Minister for ICT, while the Malawian delegation was led by ICT Minister, Nicholas Dausi. In his remarks, Minister Tumwebaze noted that Uganda’s ICT industry is still evolving and that partnerships like this will further strengthen it. A recent report by the Global Cyber Security Capacity Center (GCSCC) indicated that Uganda’s cybersecurity capacity was still in the embryonic state and that no concrete action has been taken to help the situation. The partnership also comes amidst panic as some government websites, including the Ministry of Finance, have been hacked and attacked by unknown entities.
