Global Cyber Bi-Weekly Report by INSS June 15, 2017
ISRAEL
Report: Israeli intel from ISIS hack was allegedly leaked by United States to Russia
Classified intelligence, which US president, Donald Trump, controversially leaked to Russia last month, was the result in part of an Israeli cyber hack of ISIS, the New York Times reported. According to the report, months ago, Israel had hacked a cell of extremists making bombs in Syria. The report did not specify whether the Mossad or the IDF’s military intelligence was involved in the hacking. Intelligence gathered from those Israeli breaches reportedly led to the US claim that ISIS was working to develop explosive devices resembling laptop computer batteries and capable of easily evading airport screening methods. The report cited two US officials who were familiar with the operation as saying that the intelligence allowed the United States to understand the mechanisms and the processes for detonating them.
Microsoft buys Israeli cybersecurity firm Hexadite for reported $100M
Microsoft said it is acquiring US-Israeli cybersecurity startup Hexadite, whose technology uses Artificial Intelligence to identify and protect against cyberattacks, for an undisclosed amount.
“Our vision is to deliver a new generation of security capabilities that helps our customers protect, detect and respond to the constantly evolving and ever-changing cyberthreat landscape,” said Terry Myerson, executive vice president of Windows and Devices Group, Microsoft. Myerson added, “Hexadite’s technology and talent will augment our existing capabilities and enable our ability to add new tools and services to Microsoft’s robust enterprise security offerings.”
UNITED STATES
United States blames North Korea for hacking spree, says more attacks likely
The US government on Tuesday issued a rare alert squarely blaming the North Korean government for a rash of cyberattacks stretching back to 2009 and warning that more were likely. The joint warning from the US Department of Homeland Security and the Federal Bureau of Investigation said that “cyber actors of the North Korean government,” referred to in the report as “Hidden Cobra,” had targeted the media, aerospace, and financial sectors, as well as critical infrastructure, in the United States and globally. North Korea has routinely denied involvement in cyberattacks against other countries.
US cyberweapons, used against Iran and North Korea, are a disappointment against ISIS
In recent years, America’s fast-growing ranks of secret cyberwarriors have blown up nuclear centrifuges in Iran and turned to computer code and electronic warfare to sabotage North Korea’s missile launches, with mixed results. But since they began training their arsenal of cyberweapons on a more elusive target, internet use by the Islamic State, the results have been a consistent disappointment, American officials say. The effectiveness of the nation’s arsenal of cyberweapons has reached its limits against an enemy that exploits the internet largely to recruit, spread propaganda, and use encrypted communications, all of which quickly can be reconstituted after American “mission teams” freeze their computers or manipulate their data.
Russian agents hacked voting system manufacturer before US election
Russian intelligence agents hacked a US voting systems manufacturer in the weeks leading up to last year’s presidential election, according to the Intercept, citing what it said was a highly classified National Security Agency (NSA) report. The revelation coincided with the arrest of Reality Leigh Winner, 25, a federal contractor from Augusta, Georgia, who was charged with removing classified material from a government facility and mailing it to a news outlet. The hacking of senior Democrats’ email accounts during the campaign has been well chronicled, but vote-counting was thought to have been unaffected, despite concerted Russian efforts to penetrate it.
EUROPE
Europe faces shortage of 350,000 cybersecurity professionals by 2022
Nearly 40 percent of European firms want to expand their cybersecurity teams by at least 15 percent in the next year, according to the latest report based on the 2017 Global Information Security Workforce Study. The study, commissioned by information security certification body (ISC)2, is based on a survey of 19,000 cyber security professionals around the world, including nearly 3,700 respondents in Europe.
Phishing email that knows your address
A new type of phishing email that includes the recipient’s home address has been received by thousands of people, the BBC has learned. Members of the BBC Radio 4’s “You and Yours” team were among those who received the scam emails, claiming they owed hundreds of pounds to UK firms. The firms involved have been inundated with phone calls from worried members of the public. One security expert warned that clicking on the link would install malware.
RUSSIA
Opinion: Russia has almost reached level of Western military cyberattack capabilities
The American Center for Strategic and International Studies held a discussion on the weapons Russia creates and purchases. Political scientist Tomas Malmlöf took part in the panel discussion and noted that Russia is actively investing in electronic warfare. Russia is not inferior and almost has reached the level of Western countries in military cyberattack capabilities. The specialists predict, that somewhere in the time interval from 2026 to 2035, Russia will probably make the Armada T-14 tank fully robotic, and Arbalet-DM (the Russian automated combat module with remote control) will be used remotely.
Russia to launch national virtual currency
The Central Bank of Russia plans to create a national virtual currency. This was reported by the deputy chairman of the Central Bank, Olga Skorobogatova, during the St. Petersburg International Economic Forum. At the end, Russia will have a virtual national currency, the official said.
Russian cyber trace in Qatar vis-à-vis Saudi tension
Russian presidential press secretary, Dmitry Peskov, denied reports of a “Russian trace” in breaking into the servers of the Qatar News Agency. On May 23, a message appeared on the portal of the Qatar News Agency, announcing the plans of the Emir of Qatar to recall the ambassador from Saudi Arabia and normalize relations with Iran. The United States suspected Russian hackers in breaking into the servers of the news agency in Qatar, which provoked a scandal in the region.
United States attacks Russia every day, official said
Hacker attacks on Russia from US territory are recorded daily, claimed Dmitry Peskov, the Russian president’s press secretary. According to Peskov, the website of the Russian president is also frequently targeted. Earlier, the Russian Foreign Ministry stated that 28 percent of attacks on Russian electronic infrastructure are launched from the American territory.
Opinion: Russian Ukrainian cyber scenario could be repeated with United States
A cyberweapon, which was used by Russian cyber special forces during the crisis in Ukraine and the seizure of Crimea, could be used to attack strategic US electricity facilities, a specialist said. The malware, which researchers have dubbed CrashOverride—if modified—could have a devastating effect on US critical infrastructure, said Sergio Caltagirone, director of a cyber threat intelligence company.
http://wapo.st/2sYyp6a
MIDDLE EAST
Suspected Saudi “robot army” enlisted in Qatar attack
The current Saudi-led operation against Qatar, which was triggered by the hacking of the Qatar News Agency, is most significant in its scale so far. Analysts argue that this campaign was planned to justify the current blockade on Qatar and force a major policy change in the more independently-minded Doha. Saudi Arabia, UAE, Bahrain, and Egypt are trying to influence Qatar and are attacking its media and services. The deployment of cyber assets to assist this war is significant. Twitter hashtags and bots seem to be a key weapon in the cyberwar. For instance, a Twitter bot was used to contain and direct narratives expressing solidarity with Qatar. These bots aim to create a misleading representation of popular opinions and influence people’s perception of the issue.
Almost 24 percent of Egyptian internet users affected by online threats, experts call for increased IoT security
According to data from Kaspersky Labs, almost 24 percent of internet users in Egypt have been affected by online threats in the first quarter of 2017. Despite major efforts from three main telecom providers in Egypt, Egypt has the highest numbers of cyberthreat incidents in the Middle East, Turkey, and Africa (META) region. Analysts emphasize the importance of investing in IoT security, which affects manufacturing, transportation, and energy. It seems that industries move to IoT at a pace that is far greater than the ability to secure it. Organizations need to consider the real cost of IoT security, which includes buying hardware from manufacturers that can ensure connectivity is not allowed unless it is secured.
Turkey demands all public bodies to adopt a national security framework
With the facing of an increased global threat to cybersecurity, Turkey is requiring all public bodies to adopt connectivity to the KamuNet digital network by the end of 2017. This includes a range of new regulations for working with the Turkish CERT and cyber incidents centers, with sanctions and incentives coupled together to fuel the process. The KamuNet framework would allow the government to inspect everyone regularly and “bring them into line.” The KamuNet will have its own domain name server (DNS), and its data traffic will flow through a national encryption service to limit wiretapping by foreign agents.
CHINA and APAC
Singapore and Australia agree to boost cybersecurity cooperation
Australia and Singapore have agreed to strengthen cybersecurity cooperation, with a two-year Memorandum of Understanding (MOU) signed on Friday, June 2. Key areas of collaboration include regularly exchanging information on cybersecurity incidents and threats, sharing best practices to promote innovation in cybersecurity, training in cybersecurity skillsets, and conducting joint exercises that focus on the protection of critical information infrastructure.
Honeywell to establish industrial cybersecurity center of excellence for APAC in Singapore
Honeywell Process Solutions (HPS), with the support of the Singapore Economic Development Board (EDB), will establish a new industrial cybersecurity center of excellence (COE) for Asia Pacific in Singapore. The COE will feature a state-of-the-art cybersecurity research and development lab, an advanced training facility and a security operations center that provides managed security services. The new facility in Singapore, which is the first for Asia Pacific, is a further expansion of Honeywell’s global network of innovation centers. The lab will be used for research and development of new cybersecurity technologies and products, hands-on training and certification, and testing and validation of industrial cybersecurity solutions. It will enable rapid development and introduction of innovative cybersecurity solutions to the regional and global markets.
In India, companies more prone to cyberattacks, 60 percent of software unregulated
More than 60 percent of the software used by companies in India is unregulated, which poses a threat of cyberattacks, according to EY, a business practices firm. “Many organizations secure their hardware. However, they do not pay attention to the software used, which could be unregulated,” said Maya Ramachandran, a partner in Advisory Services Practice, EY. As per data of Indian Computer Emergency Response Team (CERT-In), over 50,300 cyber security incidents like phishing, website intrusions and defacements, viruses, and denial of service attacks were observed in the country during 2016.
AFRICA
Africa Internet Summit: Launch of internet infrastructure security guidelines
The Africa Internet Summit was held in Nairobi, Kenya from May 21–June 2, where African governments pledged to fight back against cybercriminals. A major step in that direction was announced at the summit: The Internet Society and the African Union Commission (AUC) unveiled a new set of internet infrastructure security guidelines for Africa, as part of the “African Union convention on Cyber Security and Personal Data Protection,” adopted by member states in 2014. The Internet Society in partnership with African and global security experts, developed these new regulations. Moctar Yeday, the head of the Information Society Division at the AUC called it a “milestone given the new security challenges in cyberspace,” and further announced that “the African Union Commission will continue its partnership with the Internet Society on a second set of guidelines addressing personal data protection.”
Ethiopian authorities shut down the internet
Ethiopian authorities blocked internet access across the country between May 30 and June 8. The official reason, conveyed by Mohammed Seid, public relations director of Ethiopia’s Office for Government Communications Affairs, was to preserve the integrity of nationwide examinations that started on May 31 and ended on June 8, in the wake of a widespread leak of questions last year, which resulted in the cancellation of papers. Doubts, however, as to the real reasons for the shut-down remain. Indeed, on May 29, Human Rights Council (HRCO) Ethiopia, released a 49-page report, detailing widespread human right abuses committed by the security services under the current state of emergency, first declared on October 8, 2016, which went largely unnoticed due to the week-long nationwide internet blackout. Throughout the period, people could access internet only through diplomatic and international missions (as confirmed by the government), financial wherewithal and top technology. As Ethiopia re-activated cellphone data services, it also unexpectedly allowed access to social media sites that had been blocked since a wave of anti-government protests last year.
Kenyan Directorate of Criminal Investigations pledges to invest in cybersecurity
Directorate of Criminal Investigations (DCI) in Kenya launched a five-year strategic plan, which identifies rapid development of ICTs and persistent cyberthreats as main threats, just as Kenya is singled out as suffering the highest losses to cybercrime across East Africa ($171 million). DCI pledges to spend Sh38.5 billion in the next three years to ensure implementation of the plan, of which Sh4 billion (approx. USD39 million) is for acquisition of modern security equipment and ICT solutions, beyond a Sh22 million allocation for the development of the DCI website and internet, and Sh20 million for the implementation of a unified communications system, command, and control center at the inspectorate.
Nigeria Electronic Fraud Forum: financial sector lost N2.19 billion ($6,9 M) to cyber fraud in 2016
While unveiling the annual report of the Nigeria Electronic Fraud Forum, Deputy Governor of Operations of Central Bank of Nigeria (CBN), Adebayo Adelabu, speaking at the “Tackling Enforcement Challenges under the Cybercrime Act” workshop on cybercrime organized by the forum, announced that the Nigerian financial sector lost N2.19 billion ($6,9 M) to cyber fraud in 2016. The report, “A changing payments ecosystem: the security challenge,” said that “the industry recorded about an 82 percent increase in the reported fraud case, when compared to 2015 and over 1200 percent compared to 2014.” Indeed, the volume of fraud cases grew from 10,743 cases in 2015 to 19,53 in 2016. Despite the increase in the number of reported cases, the report noted the industry reduced fraud by 2.7 percent in absolute terms from 2015.
