Global Cyber Bi-Weekly Report by INSS May 15, 2017
ISRAEL
Israel, Japan increase cyber, economic cooperation
Following a meeting this month between Israel’s Minister of Economy and Industry Eli Cohen and Japan’s Minister of Economy, Trade, and Industry Hiroshige Seko, the two signed agreements to promote economic cooperation between Israel and Japan. The first is a joint statement calling for increased cooperation between Israeli governmental bodies, economic organizations, and companies with Japanese companies in a variety of fields. In addition, the ministers signed an agreement of cooperation in the field of cybersecurity. The agreement calls for increased investments and joint activity in this field, establishes joint training programs and work seminars, and calls on Israeli experts to contribute to a new cybersecurity center being established in Japan.
Netanyahu: Israel unharmed by cyberattack
Prime Minister Benjamin Netanyahu, at Sunday’s weekly cabinet meeting, addressed the global cyberattack that has affected nearly 100 countries across the world. Netanyahu stated that Israeli critical infrastructure remained entirely unharmed but warned that “everything could change.” The prime minister highlighted recent Israeli efforts to combat the “new threat” of cyberattacks, including the establishment of Israel’s National Cyber Security Authority, and stressed the importance of investing “further resources in order to protect the State of Israel” from this new form of attack.
UNITED STATES
Trump signs order aimed at upgrading government cyber defenses
US President Donald Trump signed an executive order on Thursday to bolster the government’s cybersecurity and protect critical infrastructure from cyberattacks. The order seeks to improve the often maligned network security of US government agencies, from which foreign governments and other hackers have pilfered millions of personal records and other forms of sensitive data in recent years. The White House said the order also aimed to enhance protection of infrastructure such as the energy grid and financial sector from sophisticated attacks that officials have warned could pose a national security threat or cripple parts of the economy. The directive, which drew largely favorable reviews from cyber experts and industry groups, also specifies goals for developing a more robust cyber deterrence strategy, in part by forging strong cooperation with American allies in cyberspace.
Global cyberattack: How roots can be traced to the United States
The huge cyberattack affecting organizations around the world, including some UK hospitals, can be traced back to the United States’ National Security Agency (NSA). Elements of the malicious software used in Friday’s attacks were part of a treasure trove of cyberattack tools leaked by hacking group the Shadow Brokers in April. One of the tools contained in the Shadow Brokers leak, codenamed EternalBlue, proved to be “the most significant factor” in the spread of Friday’s global attack, according to the cybersecurity firm Kaspersky Lab. The tool was said to have been created by the NSA, although, as is typical, the agency has neither confirmed nor denied this. EternalBlue was made public on April 14, and while Microsoft had fixed the problem a month prior to its leak, it appeared that many high-profile targets had not updated their systems to stay secure.
Officials fear Russia could try to target US through popular software firm under FBI scrutiny
Products from the company Kaspersky Lab, based in Moscow, are widely used in homes, businesses, and government agencies throughout the United States, including the Bureau of Prisons. Kaspersky Lab’s products are stocked on the shelves of Target and Best Buy, which also sells laptops loaded by manufacturers with the firm’s anti-virus software. In a secret memorandum sent last month to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions, the Senate Intelligence Committee raised possible red flags about Kaspersky Lab and urged the intelligence community to address potential risks posed by the company’s powerful market position. In February, the Department of Homeland Security issued a secret report on the matter to other government agencies. The FBI is investigating the nature of Kaspersky Lab’s relationship to the Russian government, sources with knowledge of the probe told ABC News. The company has repeatedly insisted it poses no threat to US customers and would never be used as a government tool. Current and former US officials, however, point to company executives who previously worked for Russian intelligence and military agencies. They worry that Kaspersky Lab’s software could allow state-sponsored hackers to steal users’ files, read private emails, or attack critical infrastructure in the United States. Kaspersky Lab’s possible relationship with Russian intelligence services “makes a lot of people in the national security community uncomfortable,” said Eric Rosenbach, a cybersecurity veteran who until January was the Defense Department’s chief of staff.
USA Today asks FBI to fight Facebook bots
The Facebook page of the American newspaper USA Today has been swamped with fake users, its parent company has said. Gannett Co has now asked the FBI to investigate, after it estimated that half of the newspaper’s Facebook following was automated. Facebook has removed millions of the fake accounts, but it has detected more suspicious activity since. And the number of “likes” on the page has fallen from 15.2 million to 8.2 million due to the deletion of accounts. The bots were observed commenting on stories, replying to each other and “liking” posts - as well as “liking” the USA Today page itself.
EUROPE
Europol says cyberattack was unprecedented in scale
A cyberattack that hit organizations worldwide on May 12, including the United Kingdom’s National Health Service, was “unprecedented,” Europe’s police agency said. Europol also warned a “complex international investigation” was required “to identify the culprits.” Ransomware encrypted data on at least 75,000 computers in ninety-nine countries. European countries, including Russia, were among the worst hit. Although the spread of the malware— known as WannaCry and variants of that name—appears to have slowed, the threat is not yet over. Europol said its cybercrime team, EC3, was working closely with affected countries to “mitigate the threat and assist victims.” In the United Kingdom, the head of the cyber security agency said experts were “working around the clock” to restore the systems of some forty-five NHS organizations that were hit by the attack.
UK businesses concerned about cyber risks linked to smart energy tech
The latest PwC B2B Energy Survey found that 65 percent of UK businesses are significantly concerned about the issue of cyber risks and over half (51 percent) are worried that their client data is not handled with enough security by their energy supplier. The research included responses from more than 500 UK businesses. If their energy supplier fell victim to a cyberbreach, 57 percent of businesses and almost 70 percent of industrials would switch their supplier. “Against a backdrop of technology innovation, privacy regulation, and the growing adoption of the Internet of Things, it’s perhaps not surprising that UK businesses are concerned about cyberthreats,” said Steve Jennings, power and utilities leader at PwC. “With cybercriminals able to turn off the supply tap as well as monetize data from energy firms’ customers and employee digital records, the risk is clear and cannot be ignored.”
Europol’s EC3 agreed to unified format for aggregating digital data from forensic tools
At a meeting hosted by Europol’s European Cybercrime Center (EC3) in The Hague this week, several of the leading digital forensic experts joined together to call for adoption of the Cyberinvestigation Analysis Standard Expression (CASE) as a standard digital forensic format. Cyberinvestigation Analysis Standard Expression (CASE) is intended to enable standardized aggregation of results from different digital forensic software tools used to extract, parse, and analyze information on a hard drive or a mobile phone. In a press release, EC3’s forensic lab explains that it convinced the majority of the market leaders to adopt this open-source data format for forensics, a move it describes as “a game changer in the specialized field of forensic analysis.” CASE is a community-developed standard format, defined as a profile of the Unified Cyber Ontology (UCO).
Macron’s digital director reveals campaign of guerilla cyber defense
The New York Times has revealed that the Macron campaign used fake information to confuse and waylay would-be attackers. In an interview with the newspaper, Mounir Mahjoubi, Macron’s digital director explained that in dealing with powerful cyberattacks and presiding over an IT team that did not have time to track hackers, the campaign employed a kind of guerilla warfare against its would be assailants. “We created false accounts, with false content, as traps,” Mahjoubi said. The placement of false information around a network in order to dupe attackers is more commonly known as “honeypotting.” The Macron campaign apparently filled itself with fake documents and information, thereby hamstringing the attackers.
RUSSIA
Russian military recognizes electronic warfare as future battlefield
In the near future, Russian Defense Enterprises are planning to significantly increase the production of military equipment for the needs of electronic warfare, by 20–30 percent on average, according to Vladimir Mikheev, advisor to the first deputy general director of Concern “Radio-electronic technology” (KRET). According to Mikheev, Russian military will have the opportunity to simultaneously work on an array of technical means for the needs of all types and branches of the Armed Forces. According to many experts, this area of military affairs may become a key direction in Russia’s strategy in preparing to protect the country from aggression of technically well-equipped enemies.
Russian cyberattack on Democrats is the main reason for the FBI head’s dismissal
Suspicions are mounting that the head of the FBI, James Comey, was dismissed from his position by President Tramp due to his agency’s investigation into Russian meddling in the US presidential election and possible Russian ties to the Trump campaign.
Cyberattack on Macron’s headquarters linked to Russian armed forces
An unofficial investigation of the hacker attack on Macron’s headquarters during the elections has concluded that the hacker group “ART 28” was behind it, New York’s Flashpoint IT company specialist Vitali Kremez said to Reuters. Earlier reports connected this group with the head office of the General Staff of the Russian armed forces.
Refusal to provide user info results in blocking by Russian authorities
The Russian Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor) blocked the “BlackBerry,” “Imo” and “Line” messengers, as well as audiovisual chat “V-chat,” Press-Secretary Vadim Ampelonsky told RIA Novosti. The reason for blocking, Ampelonsky said, was refusal of the messengers to provide the Russian authorities with data about their users.
MIDDLE EAST
Alerting allies in cyberattack against ISIS
A secret global operation by the Pentagon against ISIS sparked a debate inside the US government whether it is necessary to notify countries that provide computer hosting services used by ISIS, including US allies in Europe. The CIA, State Department, and the FBI have acknowledged the importance of raising the level of cyberattacks against ISIS, but were also concerned that the campaign would undermine cooperation with those countries on law enforcement, intelligence, and counter-terrorism. Still, when notice is given, the word of the operation could leak, tip off the target, and enable other adversaries to discover the command’s cyber capabilities.
Draft law would require Egyptian social media users to register with the government
Sixty Egyptian members of parliament recently approved a draft law on the “regulations of using and exploiting social media networks.” If adopted, the law would require social media users in Egypt to register with a government authority in order to use social media websites, including Facebook and Twitter. A designated department in the government would grant citizens the permission to use social media. Failure to register with the government could result in punishment of up to six months in jail and a fine.
CHINA and APAC
Foreign business groups push for delay in controversial China cyber law
Overseas business groups are pushing Chinese regulators to delay the June 1 implementation of a controversial cyber law that mandates strict data surveillance and storage for firms working in China, claiming that the rules would severely hurt business. The European Union Chamber of Commerce in China and US-based Business Software Alliance say the law, passed by China’s largely rubber-stamp parliament in November, as well as rules for implementing it, need further review before being rolled out. The new regulation requires data to be stored locally in addition to contentious security reviews, which critics say could unfairly target foreign firms. In a letter to the government’s Cyberspace Administration of China, dated May 11 and seen by Reuters, the EU Chamber said the new rules were “fraught with weaknesses,” would lead to “great uncertainties and compliance risks,” and hinder China’s booming information technology market for both foreign and domestic companies. It recommended delaying the law to “allow sufficient discussion.” Several foreign business sources have said dozens of leading business associations from Japan, Australia, the United States, and Europe are preparing a separate joint letter to Chinese cyber authorities ahead of June 1, asking the government to delay the implementation date.
AFRICA
CEN-SAD ministers of defense call for establishment of cyber defense center
A key proposition to come out of the sixth annual meeting of the defense ministers of the Community of Sahel-Saharan States (CEN-SAD), that took place in Abidjan from May 1–5, was the establishment of a CEN-SAD cyber defense center. Moreover, the ministers also called for cyberspace to be taken more seriously into account in the fight against terrorism.
Chinese hackers suspected of targeting Ghanaian news websites
Over the past weeks, four Ghanaian news websites (ghanaweb.com, peacefmonline.com, myjoyononline.com, and adomonline.com) have been the target of DDoS attacks. These come in the wake of an intense media campaign for the ban of illegal mining in Ghana. The campaign has singled out Chinese miners, accused of introducing technology said to be compromising the country’s river bodies. Chinese hackers are suspected of being the perpetrators as several news agencies have reported that the attacks originated in China.
