Global Cyber Bi-Weekly Report by INSS April 15, 2017
ISRAEL
Police cyber unit combats ransomware
The cyber unit of the Israel Police has opened a secure website, www.nomoreransom.gov.il, which will upgrade its intelligence and investigative capabilities in gathering information about cybercriminals and cybercrime through infected software. Israel Police have joined the international initiative established through the website www.nomoreransom.org, which operates today in fourteen languages, including Hebrew, where keys can be found to extract files that have been locked by the same software, without the need to pay ransom.
German, Israeli companies to cooperate in cybersecurity
The Cyber-Security Council Germany said on Wednesday that it has opened its first international chapter with security firm Checkmarx in Israel, establishing a bridge between German and Israeli cybersecurity communities. “Cyber threats are not bound to national borders, so that transnational cooperation and networking is inevitable for the exchange of know-how and best practices,” said Philipp von Saldern, president of the council, whose members include companies, experts, and policymakers in cybersecurity. Checkmarx, which provides application security testing products to customers such as Samsung and SAP, will operate the local chapter from its offices in Israel.
UNITED STATES
US cyberattacks may be bringing down North Korean missiles
Experts have suggested the in-flight failure and crash of the missile launched by North Korea on Wednesday could have been the result of a “left-of-launch” attack by the United States. Left-of-launch strategies involve electromagnetic propagation or cyber attacks against missiles immediately after launch, including through infected electronics aboard the weapon that confuse its command and control or targeting systems. And while these failures—and others— may have been the result of poor engineering on the part of the North Koreans, they may also have been deliberately brought down by the United States, experts have told the Telegraph. In 2014, then-President Barack Obama authorized additional research into left-of-launch efforts to neutralize North Korean missiles.
United States targets spam botnet after Russian arrested in Spain
The US Justice Department said this past Monday it had launched an effort to take down the Kelihos botnet, a global network of tens of thousands of infected computers purportedly operated by a Russian national who was arrested in Spain over the previous weekend. Peter Yuryevich Levashov operated the Kelihos botnet that infected computers running Microsoft Windows operating system since approximately 2010, the Justice Department said. A criminal case against Levashov by the Justice Department remains sealed, but on Monday the department announced a civil complaint intended to block spam from the botnet. The botnet at times grew larger than 100,000 simultaneously infected devices to carry out various spam attacks, including pump-and-dump stock schemes, password thefts, and injecting various forms of malware, including ransomware, into target devices, the official said. Botnets are often rented out for multiple criminal uses as well.
Few Americans understand cybersecurity, study finds
According to a Pew study, 75 percent of Americans could pick the most secure password out of a list of four options, but 73 percent were not sure what a botnet was. “A botnet is essentially thousands or hundreds of thousands of zombie computers: computers that have been taken over by an attacker,” said Jeremy Johnson, director of Offensive Security Services. He says the hacker basically takes control of a computer to help do his dirty work. The Pew study showed 73 percent of those surveyed understood that using public wifi, even if password protected, is not always safe for sensitive activities, like banking. Only 48 percent, however, knew what Ransomware was. Johnson says that is when a hacker encrypts all files of a computer with a password or key that the computer owner does not know.
EUROPE
EU referendum may have been targeted by foreign hackers intent on influencing result
The EU referendum may have been targeted by foreign hackers trying to influence the outcome of the historic vote, MPs have warned. An official website which enabled people to register to vote in the referendum collapsed just hours before the official deadline, forcing it to be extended. The Public Administration and Constitutional Affairs Committee said there were “indications” that the website had been brought down by a massive cyberattack.
Over three quarters of UK public unaware that Snooper’s Charter passed
As per the recent Investigatory Powers Act, otherwise known as the “Snooper's Charter,” UK intelligence agencies have been given the green light to access personal data from browsing histories. Not only does the Act strengthen measures that had previously existed, but companies must now hand over customer data to UK intelligence agencies. New research conducted by Rahman Ravelli, corporate crime defense specialists, revealed that more than 75 percent of people in the United Kingdom are unaware that the Act has passed.
Nation-state-supported hackers targeted UK Foreign Office
According to the research firm, F-Secure, Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists, especially in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in Eastern Europe and the Southern Caucasus, and this, combined with infrastructure footprint links to known state actors, suggests a nation-state benefactor, the firm said.
RUSSIA
FSB to receive provision to shut down social network accounts
After recent terrorist attacks in Saint Petersburg’s metro stations on April 3, the authority to monitor, block, or shutdown social network groups and accounts might be delegated from the Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications, to the Federal Security Service (FSB), as a means of dealing with recruitment and dissemination of terrorist activities.
Russian hacker, purportedly linked to Democratic party’s hacking, arrested in Barcelona
As was previously reported, a Russian citizen, 36-year-old computer programmer Peter Levashov, was arrested in Barcelona last week. Since the arrest was carried out on a warrant issued by the US authorities, some media linked the arrest to alleged attempts by Russian hackers to interfere in the US presidential election.
All users in Russia to provide personal ID number when logging in to social networks
A draft of a new federal law was introduced to the State Duma of the Russian Federation regarding legal regulations about social networks usage. The law will obligate all users to provide their passport or other identification number when logging into social networks.
MIDDLE EAST
ISIS recruitment techniques of tech-savvy terrorists are exposed
The FBI has tracked down one of the main recruiters from the Islamic State. Many of the recruiters work from Western countries and can easily approach their targets. They are looking for vulnerable people through social media tools. After tracking direct tweets of possible suspects, the FBI worked with an insider who uncovered encrypted messages as well.
Cyberarms dealers offer surveillance weapons to undercover Al Jazeera reporters in Iran
EU and Chinese companies have offered cyber offensive weapons to undercover Al Jazeera reporters in Iran. Such weapons would allow their users to target political dissidents for arbitrary detention, torture, and murder. The vendors promised to strip all logo marks off their products to make it impossible to trace them back and offered ways to circumvent sanctions by selling those products through a Turkish partner.
Hackers are fighting back against ISIS
White-hat hackers are attacking anyone who attempts to view ISIS propaganda with a malicious software that pretends to be an update. By creating “back doors” in their devices, the hackers can activate cameras, log key strokes, steal files, read phone messages, take screenshots, detect GPS locations, and collect contacts from unsuspected jihadists, Hackers from all over the world are launching sophisticated attacks against ISIS’ websites and communications with hashtags #OpIsis or #OplecIsis on Twitter.
CHINA and APAC
Vietnam, Japan to strengthen ties on security cooperation
Senior Lieutenant General To Lam, minister of Public Security of Vietnam, and Kunio Umeda, Japan’s ambassador to Vietnam, have met in Hanoi. In the meeting, the Vietnamese public security minister expressed a wish that Japan would support Vietnam’s Ministry of Public Security in accessing modern and advanced equipment for cyber and information security; and in training its cyber and information security specialists and cybercriminal police force.
China drafts cyber law mandating security assessment for outbound data
China’s top cyber authority released a draft law that would require firms exporting data to undergo an annual security assessment, in the latest of several recent safeguards against threats such as hacking and terrorism. Any business transferring data of over 1000 gigabytes or affecting over 500,000 users will be assessed on its security measures and on the potential of the data to harm national interests, showed the draft from the Cyberspace Administration of China (CAC). The law would ban the export of any economic, technological, or scientific data whose transfer would pose a threat to security or public interests. It would also require firms to obtain the consent of users before transmitting data abroad.
Cisco to train 250,000 students in India in cyber security, IoT
Cisco will train 250,000 students in India in order to help create startups and build successful technology careers. Dinesh Malkani, president of Cisco India and SAARC, said that “We have done a lot of work in education and there are campuses that use our technology. We will skill 250,000 students in the country around networking, security and IoT areas over a period of time.”
Prasad: India has better international cooperation in cybersecurity
The Indian IT Minister Ravi Shankar Prasad said that India supports better international cooperation in cybersecurity to fight against growing cybercrime and cyberterrorism. Attending bilateral meetings in Germany during the G20 Digital Ministers meeting on digital economy, he said India also believes that a multi-stakeholders model is the best option for the spread of digitization and that a border should not impede mobility of professionals and information. The G20 ministers expressed their warm appreciation for the accomplishments of the Digital India program. They noted how Digital India is providing a unique digital identity—cheaply, securely, and with privacy—to 1.1 billion citizens through Aadhaar. Minister Prasad also said that “Digital technologies and the internet, which represents some of the finest creations of the human mind are today a ‘global common good’; which we can harness for bridging the digital divide, empowering and improving the quality of life for our citizens.”
AFRICA
Kenya’s computer and cybercrimes bill 2016 is approved
On April 6, 2017, the cabinet, chaired by President Kenyatta, approved the Computer and Cybercrime Bill 2016. This law is a major step towards fighting cybercrime in Kenya. It criminalizes cyber offences such as computer fraud, cyber bullying, child pornography, and illegal breach of systems and networks. The law spells out astringent penalties for the crimes with fines ranging from KES 5M for unauthorized access of computer systems to 20M fines and up to twenty-five years of imprisonment for child pornography.
.
Nigeria’s Central Bank asks financial institutions to report cybercrimes
Cyber security firm Kaspersky claimed on April 6 that North Korea hacked Nigerian Banks, as well as those of seventeen other countries, including Ethiopia, Gabon, and Kenya. Nigeria’s Central Bank director of the Banking and Payment Systems Department, Mr. Dipo Fatokun, stated that no Nigerian banks reported any case of hacking to the CBN, but he urged them and all financial institutions under the CBN’s regulation to report such incidents.
