Global Cyber Bi-Weekly Report by INSS April 1, 2017
ISRAEL
Hackers use Jerusalem Post website to attack German parliament
At least ten German politicians were affected by the hack, the local media reported. The Jerusalem Post stated that, “Israeli cyber authorities successfully neutralized the threat.” The German parliament was the target of fresh cyberattacks in January, which attempted to piggy-back on an Israeli newspaper site to target politicians in Germany, Berlin’s cybersecurity watchdog said.
Israeli cyber company Waterfall teams with insurance specialists
Insurance specialists THB and CNA Hardy and Israeli cybersecurity specialist Waterfall Security Solutions have entered a partnership together and will provide a new cybersecurity protection package for industrial businesses around the globe
Annual Anonymous cyberattack against Israel on April 7
This year, too, the hacker organization Anonymous has prepared for its annual OpIsrael attack, or its new name, OpIsrahell, scheduled for Friday, April 7, for the fifth consecutive year. In a series of videos distributed on social networks and on YouTube in English, Arabic, and German, hacker groups associated with Anonymous threaten Israel with “attacking government sites, servers and databases, and disconnecting from the global internet.” The videos also call upon “activists and other subgroups of Anonymous to join.” Despite meager achievements of the offensive in previous years, Anonymous is taking into account that this year’s attack will take place on a weekend.
UNITED STATES
A scramble at Cisco exposes uncomfortable truths about US cyber defense
When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by US companies, security engineers at Cisco Systems swung into action. The WikiLeaks documents described how the CIA had learned over a year ago how to exploit flaws in Cisco’s widely used internet switches—which direct electronic traffic—to enable eavesdropping. Senior Cisco managers immediately reassigned staff from other projects to figure out how the CIA hacking tricks worked, so they could help customers patch their systems and prevent criminal hackers or spies from using the same methods, three employees told Reuters on condition of anonymity.
Karim Baratov, Canadian charged in Yahoo email hack, will fight extradition to United States
Lawyers for the Canadian man charged in a massive hack of Yahoo emails hope to get their client released on bail and said they plans to fight his extradition to the United States. Karim Baratov, 22, of Ancaster, Ontario, faces charges laid by the US Justice Department related to computer hacking, economic espionage, and several other offences. The case involves a data breach that impacted at least a half billion user accounts. Officials said the hack targeted email accounts of Russian and US officials, Russian journalists, and employees of financial services and other businesses. Baratov is charged with conspiring to commit computer fraud and abuse, conspiring to commit access device fraud, conspiring to commit wire fraud, and eight counts of aggravated identity theft.
EUROPE
Bundestag Defenses foil malvertising campaign
The German parliament repelled a malvertising campaign in January, which affected at least ten lawmakers, it has been revealed. The attackers are said to have used malicious ads on the website of the Jerusalem Post to infect innocent visitors to the site. German federal cybersecurity agency made the following statement: “The technical analysis has been completed. The website of the Jerusalem Post was manipulated and linked to a harmful third party. Within the scope of the analysis, however, the BSI has not discovered any malicious software; infections are also not known to the BSI.” It’s unlikely that the malvertising campaign was created specifically to lure German lawmakers to a malware-laden website, but the news comes at a time of heightened tensions in Europe ahead of major national elections, with many fearing Russian state hackers may seek to undermine the democratic process as they did in the United States.
Police arrest man potentially linked to group threatening to wipe millions of iPhones
The United Kingdom’s National Crime Agency (NCA) have arrested a twenty-year-old man from London who is possibly a member of a cybercriminal gang called the “Turkish Crime Family.” The cybercriminal gang threatened Apple last week that it would remotely wipe data from millions of iOS devices unless Apple pays a ransom of $75,000. The hacking group claimed to have access to over 300 million iCloud accounts and threatened Apple to remotely wipe data from those millions of Apple devices unless Apple pays it $75,000 in Bitcoin or Ethereum, or $100,000 worth of iTunes gift cards.
SMEs in the United Kingdom failing on cyber training
Over a quarter (27 percent) of micro, small and medium-sized enterprises (SMEs) in the United Kingdom still do not train their staff in cyber awareness, leaving their organizations exposed to online threats, according to new data from CFC Underwriting. The insurer polled over 250 UK small- and medium-sized businesses this month and found that many are “not sure where to start” with training and awareness raising. This is despite a 78 percent rise in cyber-related claims from 2015 to 2016. The vast majority (90 percent) of those claims came from organizations with less than £50m in revenue, suggesting that many are SMEs.
RUSSIA
Natalia Kasperskaya: all foreign-made electronic devices can be used for surveillance by western intelligence
In response to the ongoing accusations of the Russian footprints in the hacking of the Democratic party during the presidential elections and WikiLeaks revelation’s linking to Russia, Natalia Kasperskaya, co-founder of Kaspersky Labs internet security company, denied the accusations and stated that all western-made software devices are of dual-use.
Former head of FSB: CIA disguising themselves as Russian hackers
General Nikolai Kovalyov who was Vladimir Putin’s predecessor as head of Russia’s Federal Security Service from 1996-1998, claims that “It’s clear that the CIA’s operatives have been conducting their own covert operations while disguising themselves as so-called Russian hackers.” He referred particularly to a hacker group called UMBRAGE, which performs hacking attacks covered with other foreign “fingerprints.”
Russian new Armata tanks to be equipped with new command-and-control software
Russian tanks and combat vehicles will soon be equipped with a state-of-the-art damage control and information systems called GALS-D4. The GALS-D4 ensures stable navigation and keeps in its hard disk a memory of all the information about the vehicle’s whereabouts and its condition over the past ten years. The system will consist of advanced microprocessor and computing and navigation modules.
MIDDLE EAST
Russia keen on cyber cooperation with Iran
Russia’s minister of Telecomm and Mass Communications said that his country is interested in cooperating with Iran in cyber security fields.
Turkish hackers are linked to ransomware attack on Dutch parliament
The ransomware attack on the Dutch parliament’s website has raised concerns that Turkish hackers are targeting the Netherlands. Turkey's relations with several EU countries are tense after Turkish ministers were banned from campaigning in Dutch cities before the April 16 referendum that would give Turkey’s President Erdoǧan sweeping powers. This attack came after Turkish hacking groups had attacked publicly funded websites used by Dutch voters.
Turkish hackers take over high-profile Twitter accounts
Dozens of high-profile Twitter accounts were taken over by hackers to spread their message in support of President Erdoǧan in the upcoming referendum.
Rise of cybersecurity insurance in the Middle East
Companies throughout the Middle East region are increasingly using insurance policies against cyberattacks. In the past, attacks focused on individuals and credit cards, but now they target the core of the organizations. This has created the need for robust insurance policies to control the damage.
CHINA and APAC
South Korea regulator warns of new type of cyber threats of financial networks
A top South Korean regulator has called for more efforts to protect the country's financial networks amid concerns about possible cyberattacks, especially by North Korea. “Recently, the government raised the cybersecurity alert level, as there's an increased need to beef up cybersecurity due to North Korea's military provocations, the issue of deploying the THAAD system and the Constitutional Court's impeachment decision,” Jeong Eun-bo, vice chairman of the Financial Services Commission, said. Jeong specifically pointed out the growth of “new kinds of cyber threats,” such as the spread of ransomware, smartphone hacking, and DDoS attacks using the Internet of Things. He stressed that the authorities should stand ready for a swift and thorough response.
South Korean foreign ministry target of several DDoS attacks from China
The website of South Korea’s Ministry of Foreign Affairs was the target of several cyberattacks originating in China, but little damage has been reported so far, said the ministry’s Spokesman Cho June-hyuck. In a press briefing, he said, “Several on-and-off DDoS attack attempts originating from China have taken place on websites including that of the Ministry of Foreign Affairs,” and stated that defensive measures were immediately taken against the cyberattacks and no damage was sustained. The attacks came as China stepped up its retaliatory actions over Seoul’s on-going deployment of the US missile interception system, Terminal High Altitude Area Defense. China vehemently protests the deployment, which it said would compromise its security interests. “Our government pays attention to the Chinese government’s (past) expression of its consistent stance that it opposes any kind of cyberattack,” the ministry spokesman noted. “The government is expecting that (China) will continuously take responsible steps in accordance with the stance.”
Presumably North Korea hackers target defectors, human rights activists
Presumably North Korean hackers sent emails containing malicious codes to defectors and human rights activists in what could be the latest in its series of cyberattacks, a local report said. Daily NK, an online media outlet covering the North, reported that the hackers, disguised as part of the publicity team of Seoul’s National Police Agency, sent emails, entitled “Rules to Prevent Damage from Hackings.” The emails carried malicious codes that were used to steal important documents stored in the victims’ computers, the media outlet reported. Police authorities said they had never sent any such emails. In recent years, Pyongyang has launched a host of cyberattacks on South Korean corporate and government websites by mobilizing its specially trained personnel, including those based in China and other foreign countries.
AFRICA
Man charged with hacking Kenyan Tax Authority and stealing Sh4 billion
Alex Mutungi Mutuku, a twenty-eight-year old IT expert, was charged with hacking into the Kenyan Tax Authority computer system for over two years and causing the loss of Sh4 billion, or about 38 billion US dollars. According to State Prosecutor Edwin Okello, the accused is part of an international cybercrime ring that has access to hi-tech equipment and software and seeks to orchestrate large scale electronic theft, targeting big corporations and states.
Ghana to take measures to fight growing cybercrime
During a GLACY+ (Global Action on Cybercrime Extended) international workshop held in Accra, Ghana, the Minister of Communications, Mrs. Ursula Owusu-Ekuful, announced that the Ghanaian Government would build a “comprehensive cybersecurity governance arrangement” including a National Cyber Security Council and a Cyber Security Center. The minister also announced that in tandem with the Ministry of Justice and Attorney General, the Ministry of Communications would engage the parliament to ratify the Budapest Convention.
