Global Cyber Bi-Weekly Report by INSS March 1, 2017
ISRAEL
Investors bet on Israel tech stock windfall under Trump
Investors are betting heavily that Israeli defense and cyber security firms will reap a windfall from President Donald Trump’s big US spending plans, although likely benefits for the wider economy remain—like the man himself—hard to predict. Israeli technology companies are likewise well placed to pick up contracts on other planned presidential projects, such as the hugely expensive wall along the US border with Mexico. Economists, however, have yet to factor any positive “Trump effect” into their Israeli growth forecasts and analysts say some of his ideas, such as moving the US embassy to Jerusalem, could backfire due to negative security and economic consequences.
UNITED STATES
Study finds gaps in cyber security readiness in US oil and gas industry
Although cyberattacks in the oil and gas industry can have potentially devastating consequences for the economy and national security and only 35 percent of 377 executives in the United States who are responsible for securing or overseeing cyber risk, rate the cyber readiness of their company’s operational technology (OT) as high. It is important to know that 68 percent of the oil and gas companies faced at least one security compromise in the past year.
US Homeland Security employees locked out of computer networks
Some US Department of Homeland Security employees in Washington DC and Philadelphia were unable to access some agency computer networks on Tuesday. This was due to a problem related to domain controllers, or servers that process authentication requests, which could not validate the personal identity verification (PIV) cards used by federal workers and contractors to access certain information systems. There was no evidence of foul play.
US inquiries into Russian election hacking include three FBI probes
The US Federal Bureau of Investigation is pursuing at least three separate probes relating to alleged Russian hacking of the US presidential elections. The FBI’s Pittsburgh field office, which runs many cyber security investigations, is trying to identify the people behind the breaches of the Democratic National Committee’s computer systems. Those breaches, in 2015 and the first half of 2016, exposed the internal communications of party officials as the Democratic nominating convention got underway and helped undermine support for Hillary Clinton.
Trump officials skip cyber security conference in a break with the past
More than 42,000 attendees attended the RSA Conference, one of the nation’s largest computer security conferences. However, officials from the Trump administration did not attend. While there were forty-one government speakers at RSA this year, there were no senior level speakers from the Trump administration. The lack of Trump representatives comes as tensions increase between the president and others over findings by the US intelligence community that Russia actively worked to meddle in November’s presidential election via material gained through cyberattacks. This year the highest government representative was from the legislative branch, the House Committee on Homeland Security Chairman Michael McCaul (R-Texas), who gave an opening day keynote talk. “I’m going to be brutally honest. We are in the fight of our digital lives and we are not winning,” McCaul said. “Our laws have not kept up with this new digital age,” he said. “Today the United States government is fighting 21st-century threats with 20th-century technology and a 19th-century bureaucracy.”
Three men sentenced in New Jersey for hacking and spamming scheme
Three men have been sentenced for their roles in a wide-ranging hacking and spamming scheme that targeted personal information of 60 million people. One of the men owned a spam company called A Whole Lot of Nothing LLC and hired another member of the group to write computer programs, which send spam in a manner that conceals their origin and bypasses spam filters. The group hacked into email accounts and seized control of corporate mail servers to further their spam campaigns and created software that exploited vulnerabilities in several corporate websites. The group also worked together to steal databases containing the personal information of millions of Americans for use in spam campaigns, prosecutors said.
EUROPE
Security awareness training will reach $10 billion by 2027
Security awareness training is the most underspent sector of the cybersecurity market, but it is poised to become a multi-billion-dollar industry in 2017, according to a report from Cybersecurity Ventures. According to Steve Morgan, founder and editor-in-chief at Cybersecurity Ventures, Fortune 500 and Global 2000 corporations will consider security awareness training as fundamental to their cyber-defense strategies by 2021, with small businesses following shortly thereafter. As the number of online users increases—one estimate indicates that four billion people will be online by 2020—and the need to train those folks in security awareness grows with them, Morgan sees the possibility of the overall market reaching $10 billion by 2027.
Cooperative development speeds NATO cyber-intelligence sharing
NATO and partner countries are sharing R&D in the development of cybersecurity tools to achieve economies of scale, including the CIICS (Cyber Information and Incident Coordination System) which has just been deployed in NATO’s 24/7 cyber operations center. CIICS was developed by NATO Communications and Information Agency (NCI Agency), NATO’s IT and cyber arm, as part of the Multi National Defence Capability Development (MN CD2) project to share intelligence and to detect and thwart cyberthreats at a faster pace and across multiple countries, with Finland set to join the coalition within weeks. CIICS is currently used by Canada, the Netherlands, and Romania and will be deployed later this year to Norway, as well as partner nations Finland and Ireland, which have all already started trying the tool.
United Kingdom: Possible interference by Russia in Stoke-on-Trent Central by-election
Russia has been accused of interfering in a crucial Stoke-on-Trent Central by-election. A network of pro-Russian Twitter accounts has been identified as attempting to swing the election in favor of the Labour party and against Paul Nuttall and the UK Independence Party (UKIP), according to the BBC. The multiple accounts were first identified by researcher Alex King as posting pro-Russia, anti-Ukraine propaganda. However, in recent weeks they have switched to pumping out memes and hashtags that target UKIP leader Paul Nuttall in an apparent attempt to shift the vote in favor of the Labour party. A report last year by the Atlantic Council think tank suggested that Russia is actively trying to gain a foothold in British politics. It identified both Labour and UKIP parties as targets for Russian influence.
UK crime agency arrests suspect in Deutsche Telekom cyberattack
British authorities have arrested a suspect in connection with a cyber attack that infected nearly one million routers used to access Deutsche Telekom’s (DTEGn.DE) internet service, German federal police said on February 23. Britain’s National Crime Agency detained the twenty-nine-year-old Briton at one of London’s airports. The attack on Germany’s largest telecom company took place in late November. Internet outages disrupted services to as many as 900,000 people, around 4.5 percent of its fixed-line customers.
Malware attack on Polish banks uses Russian as false flag, linked to Lazarus
Hackers involved in the attack on Polish banks seem to have faked some of the code lines, making it seem as if they were Russians. The team behind the attack seems to have intentionally inserted Russian words and commands into the malware in an attempt to throw investigators off the track, claim researchers from the cybersecurity firm BAE Systems. According to them, multiple commands and strings in the malware may have been translated into Russian using online tools. “In some cases, the inaccurate translations have transformed the meaning of the words entirely. This strongly implies that that authors of this attack are not native Russian speakers and, as such, the use of Russian words appears to be a ‘false flag,’” they said. The investigation points to Lazarus, a group well-known in the security industry. In the past, they have led attacks against government and private organizations from numerous countries, including the United States.
German intelligence spied on foreign media including BBC and Reuters for years
Germany’s Federal Intelligence Service (BND) reportedly spied on journalists across the globe, including those with BBC, Reuters, and the New York Times. The spy agency reportedly spied on nearly fifty phone and fax numbers, as well as email addresses of journalists and editors around the world since 1999, according to documents related to the German parliament’s commission investigation into Germany’s role in the NSA’s surveillance. According to the documents, the BND’s surveillance targets reportedly included over a dozen connections of the BBC in Afghanistan, as well as the BBC headquarters in London, and the editors of the BBC World Service. Phone numbers of Reuters journalists and offices in Afghanistan, Pakistan, and Nigeria were also monitored, along with the phone number of a contact of the New York Times in Afghanistan, Der Spiegel reported.
RUSSIA
Medvedev elevates civil IT and local cyber industry to national security level
Russian Vice President Dmitry Medvedev recently announced at an annual meeting of the Government Commission of the Russian Ministry of Information that Russian micro-electronics and IT spheres must not have any foreign components and this would be the main goal of the Russian IT and cyber industry. The vice president underlined that Russia already has implemented biometrical passports and ID cards, based on local technologies. Furthermore, Russia will similarly issue credit cards, pension certificates, and social security insurance cards, therefore making identification an issue of national security, Medvedev stressed.
https://www.youtube.com/watch?v=qxlTEOO9lhE (12:32 min)
Facebook blocked Russian president’s internet advisor’s page
The social network Facebook blocked the page of the Russian president’s internet advisor Herman Klimenko for three days due to a copyrights violation.
MIDDLE EAST
Experts anticipate Iran will double down on hacking US targets
While most of Iran’s targets over the past few months have been from Saudi Arabia, security experts warn that the United States indeed could be in the line of fire given the geopolitical climate between the nation in the post US elections era. Experts argue that the Iranians are showing much more “mature” offensive capabilities in cyberspace—acting like a “big business” rather than a small group—but the likely attack vector is still the traditional spear-phishing campaigns.
Turkish hacker gets eight years in US jail for cybercrimes
A Turkish hacker was sentenced to eight years in US prison for his role behind three cyber attacks that enabled the theft of $55 million. The criminals targeted databases of pre-paid debit card companies and removed the withdrawal limits in order to conduct thousands of fraudulent ATM withdrawals.
Saudi-Iran cyberattack escalation
The never-ending cyber war between Saudi-Arabia and Iran has reached a new height. The Iranians are now using an improved version of the Shamoon malware. This malware was successfully used in 2012. The Saudis underwent cyber training with the US government to address its consequences, and now a new and improved malware of the same type has resurfaced.
CHINA and APAC
ASIA DEFENSE Japan-ASEAN cyber cooperation
Japan’s NEC Corporation announced that it has secured a contract from Japan International Cooperation Agency (JICA) to help boost Southeast Asian cyber capabilities. The move is a part of a series that highlights Tokyo’s ongoing efforts to expand its security role in the sub-region, including in the cyber domain. The training will take place in Japan over a three-year- period, with the aim of improving incident response as well as the implementation of countermeasures. The NEC Corporation has been charged with providing cyberattack defense for officials from governmental institutions responsible for cyber security in six members of the Association of Southeast Asian Nations (ASEAN): Indonesia, Vietnam, the Philippines, Myanmar, Laos, and Cambodia.
The National University of Singapore launched a new cybersecurity lab
The National University of Singapore (NUS) launched a national laboratory that provides a realistic environment for cybersecurity research and test-bedding of solutions against cyber threats. The National Cybersecurity Research and Development (R&D) Laboratory is capable of simulating the performance of over a thousand computers to perform tasks like emulating large-scale malicious cyberattacks. It costs S$8.4 million, which was funded by the National Research Foundation (NRF).
China calls to increase the cyber security of the industrial internet
Ensuring cyber security should be a high priority as China steps up efforts to promote the development of the industrial internet. The industrial internet is a network that combines advanced machines with internet-connected sensors and big data analytics. It is designed to boost productivity, efficiency, and reliability of industrial production. The industrial internet is highlighted in the country’s Made in China 2025 strategy, which is designed to promote high-end manufacturing. Qi Xiangdong, president of Qihoo 360 Technology Co. Ltd, China’s largest internet security company, said that compared with consumer internet applications such as e-commerce, the industrial internet is far more complex and more vulnerable to sophisticated cyber attacks. Liu Duo, head of the China Academy of Information and Communications Technology, a government think tank, said that Chinese enterprises vary significantly when it comes to their automation level. “Some factories are smart and fully automated, while others are at an initial stage,” Liu said. “But all of them need to raise awareness of the cyber security at production lines,” she added.
Government of India launches a new mobile and desktop security solution
The government of India’s Computer Emergency Response Team (CERT-in) has launched “Cyber Swachhta Kendra”—a new desktop and mobile security solution for a more secure cyberspace. The new solution will notify, enable cleaning, and secure systems of end-users to prevent further infections. Union IT and Electronics Minister Ravi Shankar Prasad tweeted that it is an “an imp milestone in various initiatives taken on Cyber Security.”
AFRICA
Efforts to fight rising cybercrime and radicalization in Africa
Several African countries have recently disclosed efforts to increase the fight against cybercrime. In Rwanda, Minister for Youth and ICT (MYICT) Jean Philbert Nsengimana announced that a bill in parliament has been tabled to create a National Anti-cybercrimes unit. The Guardian, an important Nigerian paper hosted its first cyber security conference in Lagos on February 23, in which Vice President Yemi Osinbajo said that the Rwandan government has set up a 31-member cybercrime advisory council whose purpose is, in coordination with the private sector, to fight cybercrime. The French interior minister announced that one of its cyber security experts will be dispatched to the Senegalese interior minister to help increase cyber security efforts to fight cybercrime and radicalization. In addition, during a two-day workshop, Ethiopia’s Information Network Security Agency (INSA) launched the “Critical Mass Cyber Security Requirement Standard,” which, according to its director general, is supposed to ensure the security of government organizations and key private institutions.
New continent domain
After years of legal battles, the africa domain will finally be available, according to the Internet Corporation for Assigned Names and Numbers (ICANN).
