Global Cyber Bi-Weekly Report by INSS June 1, 2017
ISRAEL
India and Israel to increase ties, institutionalize cybersecurity dialogue
As Dr. Gulshan Rai, the national cyber security coordinator in India’s Prime Minister’s Office, is headed for Tel Aviv this week, India and Israel are all set to institutionalize cybersecurity cooperation in the run-up to Prime Minister Narendra Modi’s first visit to Jerusalem in July.
The two sides are preparing to set up a dialogue or a joint working group where cyber experts from both sides can exchange information or technologies for mutual benefit.
Israel police unable to handle growing cybercrime, says state watchdog
Israel Police are unable to properly handle complex cybercrimes due to funding and structural deficiencies, according to the State Comptroller report. The report, which examined the police’s handling of sophisticated cybercrime from March to August 2016, criticized the police cybercrime units for lacking manpower, funding, and capabilities, as well as for improper decentralization.
UNITED STATES
Ransomware hits small number of US critical infrastructure operators
A small number of US critical infrastructure operators has been affected by the global ransomware worm, but there has been no significant disruption in their work, a Department of Homeland Security official told Reuters on Monday. There have not been any victims of the cyberattack within the US federal government so far, the official said.
US official defends National Security Agency over WannaCry cyberattack
“This was not a tool developed by the NSA to hold ransom data,” said Tom Bossert, advisor on homeland security to President Trump. “This was a vulnerability exploited as one part of a much larger tool that was put together by the culpable parties and not by the US government,” he told reporters. Mr. Bossert was responding to criticism by Microsoft and Russia’s President Putin that WannaCry was an example of how easily tools kept by intelligence agencies could leak into the hands of cybercriminals.
US cyber bill would shift power away from spy agency
A bill proposed in Congress on Wednesday would require the US National Security Agency to inform representatives of other government agencies about security holes it finds in software like the one that allowed last week’s “ransomware” attacks. The new bill would mandate a review when a government agency discovers a security hole in a computer product and does not want to alert the manufacturer because it hopes to use the flaw to spy on rivals. It also calls for the review process to be chaired by the defense-oriented Department of Homeland Security rather than the NSA, which spends 90 percent of its budget on offensive capabilities and spying.
EUROPE
Netherlands nearly up to speed in cybersecurity, says readiness report
The Netherlands has made great strides in implementing its cybersecurity strategy, says latest CRI report, but still needs to address issues with funding and decision making. An assessment of the Netherlands’ preparations for cybercrime and cyberwarfare has found the country is prepared on several fronts, but there is still room for improvement. Published by the Potomac Institute for Policy Studies in the United States, the report is the eighth in a series of reports, which have also analyzed the United States, France, Japan, Germany, UK, India, and Italy.
The NATO Cooperative Cyber Defense Center of Excellence is expanding
NATO’s Cooperative Cyber Defense Center of Excellence (CCD COE), which is based in Estonia, has added two new members, Belgium and Sweden, while Bulgaria and Portugal will soon follow. “International cooperation of like-minded nations in cyber-defense is becoming inevitable. We are witnessing a growing interest towards our applied research, trainings and exercises, but the preparedness of nations to contribute themselves reflects more than just recognition to the work that has been done,” said Sven Sakkov, director of the multinational and interdisciplinary hub for cyber defense expertise. “It proves that we offer needed support for member nations and the international community in building their cyber defense.”
New report examines the creation of a cybercriminal
The United Kingdom’s National Crime Agency has published research into how and why some young people become involved in cybercrime. The report, which is based on debriefs with offenders and those on the fringes of criminality, emphasizes that financial gain is not necessarily a priority for young offenders. Instead, the sense of accomplishment at completing a challenge, and proving oneself to peers in order to increase online reputations are the main motivations for those involved in cyber criminality. During his debrief, Subject 7, who was jailed for violating the Computer Misuse Act and committing fraud offenses, told officers that “it made me popular, I enjoyed the feeling . . . I looked up to those users with the best reputations.”
Czech court: Russian hacker suspect could be extradited to United States or Russia
A Czech court ruled on May 30 that a Russian citizen can be extradited to either the United States, where he is accused of hacking social networks, including LinkedIn, or to Russia where he faces a lesser charge of cyber theft. Czech police arrested Yevgeniy Nikulin in Prague on October 5 in cooperation with the US Federal Bureau of Investigation. Both the United States and Russia had requested his extradition, leaving him in a tug-of-war between Washington and Moscow.
RUSSIA
Russia launched multi-node quantum network testing project
The first multi-node quantum network was launched in Kazan, Russia, within the framework of a national testing project, directed by St. Petersburg University, ITMO University, and Kazan National Research Technical University. The project is aimed to construct a totally protected net from interception of information using quantum methods, said Arthur Gleim, one of the founders of quantum networks in Russia, an employee of the University of ITMO and the Kazan Quantum Center, and a candidate of technical sciences.
Ukraine blocked all Russian-made IT and software services
President Petro Poroshenko of Ukraine signed a decree blocking all Russian IT companies that are active in the Ukrainian territory. The list includes all Russian social networks, Russian hosting providers, and even the branch of the Russian IT security software giant, Kaspersky Lab.
Russia switches software and hardware in government services, agencies, and public services
All Russian government services, agencies, and public services—including the traffic police and the Directorate for Road Traffic Safety of the Ministry of Internal Affairs of Russia (GBDD)—are to be equipped with workstations based on the Russian processor Baikal, while simultaneously switching to a domestic-made security operating system.
Russian security agencies actively investigate WannaCry attacks
Russia does not have any information about any state involvement in the recent large-scale attacks using the crypto-hijacker WannaCry. Investigation of hacker attacks continues, the Secretary of the Security Council of the Russian Federation Nikolai Patrushev stated. Patrushev noted that it is known that high-level specialists participated in preparing the cyberattack. According to Patrushev, Russian structures connected to the state system of detection and prevention of hacker attacks were not harmed, and those that were not connected suffered minor damage.
MIDDLE EAST
Egypt blocks 21 websites for “terrorism” and “fake news”
Internet censorship in Egypt is on the rise, as the government blocks 21 websites, including the main website of the Qatar-based Al Jazeera and local independent news sites, accusing them of supporting terrorism and spreading false news. This is the first time an internet censorship action is publicly recognized by the Egyptian government. This move follows similar actions in Saudi Arabia and the UAE, which blocked Al Jazeera after a dispute with Qatar.
Iran is recognized as a powerful cyber-espionage force by US director for national intelligence
Recently, Director of National Intelligence (DNI) Daniel Coats presented to the US Senate the World Wide National Threat Assessment. Iran was recognized as a global cyber-intelligence force that is significantly threatening the United States. According to the DNI, Iran uses cyber-espionage capabilities directly against US targets. In 2016, the US Department of Justice (DOJ) charged seven Iranians with cyberattacks against the US financial sector and the SCADA systems of the Bowman Dam in New York. Therefore, the United States expects Iran to develop further capabilities to disrupt military communications and navigation. Iran is also expected to target US companies and research institutes. Overall, Iran’s agenda go well beyond simple extraction of data, and they are using their resources for lethal actions as well.
Turkey to form a new “cyber army”
Turkish Transportation, Maritime Affairs, and Communications Minister Ahmet Arslan declared that Turkey will establish a new cyber army against possibly cyberthreats. The minister also said that the recent ransomware attach did not harm Turkey, thanks to a warning sent to all institutions and organizations to keep their main databases extra protected. He stated that about 13,000 white hat hackers work in the public sector and will be part of the new cyber army to protect the country against ongoing cyberattacks.
CHINA and APAC
North Korea’s secret cyber warfare cell Unit 180 “likely” to have been behind ransomware attacks
North Korea's main spy agency has a special cell called Unit 180 that is likely to have launched some of its most daring and successful cyberattacks, according to defectors, officials, and internet security experts. North Korea has been blamed in recent years for a series of online attacks, mostly on financial networks, in the United States, South Korea, and over a dozen other countries. Cybersecurity researchers have also said they have found technical evidence that could link North Korea with the global WannaCry ransomware cyberattack that infected more than 300,000 computers in 150 countries this month. Pyongyang has called the allegation “ridiculous.”
Cyber security law to protect foreign business operations
The forthcoming Cyber Security Law will not affect the operations of overseas companies in China, with Chinese experts cautioning some governments and organizations against obstructing cooperation between the Chinese government and foreign companies. China’s first Cyber Security Law, which is scheduled to take effect on June 1, states that operators of key information infrastructure should store in China important business data and personal data they collect from their operations in the country. “Some overseas companies, especially multinational corporations from developed countries, have been accustomed to their privilege and special treatment in China. So when they are required to be regulated the same way as Chinese companies, they feel uncomfortable and resist,” Shen Yi, director of the Research Center for the Governance of Global Cyberspace at Fudan University, told the Global Times. “However, many foreign firms have already saved their data in China or have been inspected by the government, and no untoward consequences have happened. We should maintain vigilance against some organizations or governments which have forced their companies to stir trouble. We will never tolerate any disruption to the practical cooperation between the Chinese government and overseas companies,” said Shen.
Japan wakes up to global ransomware cyberattack
Although the global ransomware cyberattacks hit computers at 600 locations in Japan, it appeared to not cause any major problems as Japan started the workday on Monday even as the attack caused chaos elsewhere. The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far, citing an affiliate foreign security organization that it cannot identify. At least one hospital was affected, according to police.
AFRICA
Nigerian Senate acknowledges loss of around $450M to cybercrime
On May 23, the Nigerian Senate said the country has lost around $450 million to 3,500 cyberattacks on its ICT space, which amounts to a 70 percent success rate of hacking attempts (numbers “arrived at by revelations from studies”). The Senate then proceeded to ask National Security Adviser Major-General Mohammed Babagana Monguno (retd.) to urgently alert security agencies and financial institutions in the country to the serious cyberthreat, as well as direct its Committee on ICT and Cybercrime to convoke a national stakeholders’ conference on cyber security. On another note, a statement issued by the US Embassy quoted Ambassador Stuart Symington as saying at the Second Annual Conference on Combatting Financial Fraud, Cybercrime, and Cross-Border Crimes that the United States pledges to support Nigeria in the fight against cybercrime and financial fraud.
Hit by global cyberattack, experts in South Africa and Kenya call for more cybersecurity
In South Africa, several experts called for more cybersecurity efforts in the wake of the recent global cyberattack that targeted the country. Prof. Basie von Solms, director of the Center for Cyber Security at the University of Johannesburg, called attention to the lack of capacity in South Africa for “effective cyber security” while Gerhard Conradie, managing director of Evolv Networks, challenged cybersecurity players to “stand together and raise awareness against cybercrime.” In Kenya, the KE-CIRT reported nineteen firms hit by the cyberattack. During the Cyber-Security and Banking Forum organized by Citibank and the ICT Authority, Ministry of ICT Cabinet Secretary Joe Mucheru called on the financial services sector to “improve information sharing and reporting” on cybersecurity incidents. This was cemented by statements from Michael Mutiga, managing director of Corporate and Investment Banking at Citibank, who suggested the next step in Kenyan cybersecurity awareness was the creation of a common industry reporting structure.
South Africa
Kenya
Ethiopian Agency reports 256 major cyberattacks in the first half of 2017
Ethiopia’s Information Network Security Agency’s communication head Mohammed Edris announced the country was hit by 256 major cyberattacks in the first six months of this fiscal year (2016/17). Furthermore, he disclosed that an agreement was reached with Mekele University and Addis Ababa University Institute of Technology to launch cyber education in second degree programs next academic year.
