Global Cyber Bi-Weekly Report by INSS May 1, 2017
ISRAEL
Cyberattack aimed at over 120 Israeli targets thwarted
The attack behaved in the same manner as a previous cyberattack carried out by OILRIG, one of the most active hacking organizations sponsored by the Iranian government. The attacks, which ran between April 19 and April 23, came in the form of malicious emails originating from both the servers of an academic institution as well as a private commercial company and targeted various companies, government ministries, public institutions, and private individuals in academia and research.
Israeli security agencies: New cyber authority could “seriously harm” our activities
The heads of Israel’s security agencies are asking Prime Minister Netanyahu to halt legislation that would give broad powers to the Cyber Defense Authority, saying it could cause serious damage to the security community’s cyber defense activities. “The draft bill seeks to grant extensive powers to the Cyber Authority, whose purpose has not been clearly defined, and it could seriously harm the core security activity of the security community in the cyber field,” said the letter, signed by Shin Bet Security Service Head Nadav Argaman, Mossad Chief Yossi Cohen, Deputy Chief of General Staff Maj. Gen. Yair Golan (who is responsible for cyber defense issues in the army), and Defense Ministry Director General Udi Adam.
UNITED STATES
Russian lawmaker’s son accused of cyber fraud in United States asks for help in Russia
On Friday, April 21, a court in the United States sentenced Roman Seleznev, the son of the deputy of the State Duma from the LDPR, Valery Seleznev, to twenty-seven years’ imprisonment. As it said in the court materials, Roman Seleznev was found guilty on the case of cyber fraud for $170 million. According to the investigators, the son of the Russian parliamentarian engaged in stealing and the subsequent resale of credit card information.
Could the United States have taken out North Korea’s missiles before launch?
A failed missile launch in North Korea has brought renewed attention to reports that the United States is trying to degrade North Korea’s missile capabilities via hacking. It is unclear if the United States interfered with this specific test, but according to public statements and Congressional testimony by current and former members of the armed forces, the tactic is actively being pursued by the US military. “There is a very strong belief that the US—through cyber methods—has been successful on several occasions in interrupting these sorts of tests and making them fail,” former British Foreign Secretary Malcolm Rifkind told the BBC.
United States charges Russian arrested in Spain with operating spam botnet
A Russian national, who was arrested earlier this month in Spain, has been charged with criminal hacking offenses in relation to operating the Kelihos botnet in an eight-count indictment handed down by a federal grand jury in Connecticut, the US Justice Department said on Friday. Peter Yuryevich Levashov, aged 36, was indicted by a grand jury in Bridgeport and charged with causing intentional damage to a protected computer and wire fraud, among other counts, the Justice Department said in a statement. Last week the Justice Department announced it had launched an effort to take down the Kelihos botnet, which has infected computers that ran Microsoft’s Windows operating system, after Spanish authorities arrested Levashov while he was on vacation with his family in Barcelona. The Kelihos botnet is a global network of tens of thousands of infected computers. Levashov used Kelihos for years to distribute during any given twenty-four-hour period more than 2,500 spam emails for various criminal schemes, including pump-and-dump stock fraud, password thefts, and distribution of malware, including ransomware, the indictment alleges.
EUROPE
Europe’s first cybersecurity research center has been launched in Cardiff
A cyber security research center, which is the first of its kind in Europe, will be located at Cardiff University. The Center of Excellence in Cyber Security Analytics, which will provide world-leading research into the problem of cybersecurity, will be at the university’s School of Computer Science and Informatics. In partnership with experts from Airbus, researchers at Cardiff University will carry out leading studies into machine learning, data analytics, and artificial intelligence for cyberattack detection. This research will aim to protect corporate IT networks, intellectual property, and critical national infrastructure. The center will also develop academic programs in cybersecurity, in an attempt “to fill the skills gap that currently exists in the field.”
Nearly three-quarters of universities in the United Kingdom are phishing victims
Some 70 percent of universities (51 out of 70) in the United Kingdom have fallen victim to phishing attacks, according to new data from Duo Security. Some 72 percent said they had fallen victim to a phishing email over the past twelve months. Even more worrisome, twelve universities said they had been hit by such attacks over ten times in the period, and seven claimed they had been struck more than fifty times. These included universities running GCHQ-certified degree courses, such as Oxford.
Improved cybersecurity for UK general election after Russian hacking scandal
British cyber security chiefs are to give fresh guidance to protect the general election in the United Kingdom from being disrupted by hackers. Just weeks ago, Ciaran Martin, chief executive of the British National Cyber Security Center (NCSC), briefed political party bosses on how they can defend their organizations from online attacks. They were given an overview of threats, case studies on recent cyber incidents, actions to take to reduce the risks, and advice on how to respond to successful and attempted intrusions. The NCSC said that the UK electoral system does not lend itself to electronic manipulation as voting and counting of ballots are manual processes conducted under the eye of observers. It will, however, issue guidance on protective measures for political parties, the Electoral Commission, and town halls carrying out the counting.
“Fancy Bear” hackers target French presidential candidate
A phishing campaign has been targeting the emails of French presidential candidate Emmanuel Macron’s campaign staff, and all fingers point towards Russia. According to the security firm Trend Micro, phishing sites have tried to trick the campaign staff to give their usernames and passwords before infecting their computers with malicious software. “Fancy Bear” has been linked to the attack. This is a Russian group of hackers that focuses on cyber espionage and has been linked to numerous attacks, including the famous DNC hack that exposed Clinton emails during the US election. Most recently, the Dutch Defense Ministry accused the same group of hacking into emails of employees in 2015 and 2016, stating, however, that no classified information was accessed.
Germany confirms cyberattacks on political party think tanks
Germany’s top cyber official confirmed on April 27 that his agency has been aware for some time of computer attacks on two foundations tied to Germany’s ruling coalition parties, and has been helping the think tanks analyze what happened. Arne Schoenbohm, president of the BSI federal cybersecurity agency, did not comment on security firm Trend Micro’s claim that the attacks were carried out by “Pawn Storm,” the same Russian hacking group linked to attacks on French presidential candidate Emmanuel Macron or the US election. Other experts have said the group, also known as “Fancy Bear” or “APT 28,” is linked to GRU, the Russian military intelligence directorate. German officials and lawmakers say the attacks are the latest in a series aimed at disrupting the German elections and damaging Chancellor Angela Merkel, who has pushed to maintain sanctions on Russia over its actions in eastern Ukraine. Germany’s intelligence agencies issued unusually frank warnings late last year about what they called Moscow’s “aggressive” cyber spying and disinformation campaigns.
RUSSIA
MIPT is considered Russia’s hacker’s forge
Moscow Institute of Physics and Technology (MIPT), which is considered by many experts as the acme of Russian hackers, recently held an international IT programming competition. The Institute’s goal is to mobilize gifted young programmers from all the Russian regions. According to the Institute’s policy, education is free of charge, except for $500 registration fee, said Alexey Maleev, director of the Center for the Development of IT Education of MIPT.
Russian president’s press secretary: all accusations are fake news
On April 25, in an interview to RIA Novosti Agency, Dmitry Peskov, the Russian president’s press secretary said that the new US accusations about Russian involvement in cyberattacks are impersonal fake news.
http://bit.ly/2p8Ev3U
MIDDLE EAST
Iran-linked hackers use Microsoft Word flaw to target Israelis
Hackers allegedly linked to the Iranian government launched a digital espionage operation against more than 250 Israeli targets using a recently disclosed MS Word vulnerability. Morphisec, an Israeli security team, has investigated the incident on behalf of multiple victims. The vulnerability was disclosed in March and was quickly exploited by nation states and cyber criminals.
A New McAfee report on cyberattacks on Saudi Arabia reveals similarities to previous attacks
McAfee has identified similarities between a 2012 cyberattack on the energy sector in Saudi Arabia and the latest espionage campaigns in the country. The company believes that it is the work of one coordinated force of attackers rather than multiple independent hacker groups.
Egypt blocks voice calls made over social media apps
Egypt has disrupted VoIP services this week for users who use messaging apps like Apple’s FaceTime, Viber, Skype, Facebook Messenger, and WhatsApp. The main reason is likely security concerns, but there is also a suspicion of economic incentives for local telecom companies who have complained to regulators about free calls via such apps.
CHINA and APAC
South Korea Defense Ministry to create cybersecurity tech team
South Korea’s Defense Ministry said last week it plans to create a cybersecurity technology team and a multilateral security department in an organizational change. It would abolish a culture policy department tasked with improving life in the barracks amid continued reports of bullying cases in the nation’s 625,000-strong military. The decision to launch an independent team to specialize in cybersecurity-related technology in addition to the cyber policy department came as concern has grown about North Korea’s cyberwarfare capability.
DHS chief: North Korea more likely to launch cyberattack than military strike
North Korea is more likely to wage a cyberattack against the United States than a military strike, according to Homeland Security Secretary John Kelly. As tensions build between Pyongyang and Washington in anticipation of possible military action from either, Mr. Kelly told NBC News this week that North Korean dictator Kim Jong Un is more inclined to direct hackers against American cyber targets in lieu of deploying a more traditional arsenal. “In the case of North Korea, you know, a kinetic threat against the United States right now I don’t think is likely, but certainly a cyber threat,” Mr. Kelly said in an interview slated to air Sunday on “Meet the Press.”
China tried to hack group linked to controversial missile defense system, US cybersecurity firm says
A cybersecurity firm in the United States believes state-sponsored Chinese hackers tried to infiltrate an organization with connections to a US-built missile system in South Korea that Beijing firmly opposes. “We have evidence that they targeted at least one party that has been associated with the missile placements,” John Hultquist, the director of cyber espionage analysis at FireEye, told CNN’s News Stream. When asked if the group could be North Koreans posing as Chinese hackers, Hultquist said his team has gathered plenty of evidence to prove the group’s origins, including their use of the Chinese language. “We’ve known these actors for several years now and we’ve watched their activities.” The spying on the Terminal High Altitude Area Defense (THAAD) system was likely done for intelligence purposes, and not to disrupt it, Hultquist said.
Australia and China in pact against cyber theft
Australia has agreed to a cyber security pact with China in which both countries have pledged not to conduct or support the theft of intellectual property or trade secrets from the other. The agreement follows a specific request made by Malcolm Turnbull, Australia’s prime minister, to Chinese Premier Li Keqiang during his state visit to Australia last month and reflects growing concern in the West about state-sponsored hacking and cybercrime. “Australia and China agreed that neither country would conduct or support cyber-enabled theft of intellectual property, trade secrets or confidential business information with the intent of obtaining competitive advantage,” the Australian government said in a statement on Monday. Canberra has stepped up its focus on cybercrime and espionage following its admission last year that government networks had in 2015 suffered a state-sponsored cyberattack that initially targeted the Australian Bureau of Meteorology.
AFRICA
Nigeria to host several cybersecurity conferences
KPMG Nigeria’s partner and head of Technology Advisory, Joseph Tegbe recently disclosed that they are organizing a Pan-Africa Cyber Security Conference, to be held on May 4 under the title, “Security and Resilience in a digital world” with speakers and participants from South Africa, Kenya, Ghana as well as Europe. Moreover, Remi Afon, CSEAN (Cyber Security Experts Association of Nigeria) president recently stated in Abuja that “corporate organizations and government establishments have refused to realize and prepare for imminent dangers of cyber threats.” In the wake of these comments, he announced the 2017 cyber security conference “Cyber Secure Nigeria 2017,” to be held in Abuja on May 16–18, which will “provide the platform for cyber security” of industry giants, government, academia, and information security professionals.
Rwandan parliament passes cybersecurity bill
The draft law establishing the National Cyber Security Authority (NCSA) as well as determining its responsibilities, organization, and functioning—which initially passed in parliament last October, but returned for revision at President Paul Kagame’s request—has finally been passed by members of the Lower Chamber of Parliament. This comes in the wake of major efforts by the Rwandan government to step up cybersecurity, as the government is currently seeking $1.5 million for the construction of a cybersecurity center to coordinate investigations in Eastern Africa of cybercrime.
