Global Cyber Bi-Weekly Report by INSS July 1, 2017
ISRAEL
Netanyahu: Israel hit by dozens of cyberattacks each month
“Every month, Israel experiences dozens of cyberattacks,” Prime Minister Netanyahu told a Tel Aviv University cyber conference this past Monday. He then confided to the crowd that “probably there are three to five going on right now” perpetrated by “the usual suspects and a few others.” Continuing to describe the issue as a “threat which is everywhere,” Netanyahu said the distinction between hi-tech and low-tech was “disappearing,” creating more cyber vulnerability. As a result of the threat, he said, “the need for cybersecurity is growing exponentially” and it is “a problem for all governments” to protect both the public and private sectors. This means that Israel must “try to work with as many” other countries as it can in combating cyberattacks. To further address the threat, Netanyahu explained how he created the National Cyber Authority to provide more comprehensive and coordinated national cyber defense.
SoftBank adds $100 million to US-Israel cyber firm Cybereason
Israeli cybersecurity firm Cybereason, which uses behavioral analytics to discover threats, has raised an additional $100 million from Japanese giant SoftBank Corp. SoftBank is Cybereason’s biggest investor and one of its biggest customers and distribution partners, the Boston-based startup said in a statement. Following the latest financing round, Cybereason has raised a total of $189 million in capital from SoftBank, CRV, Spark Capital, and Lockheed Martin since being founded in 2012.
UNITED STATES
Russians targeted 21 election systems, US official says
Russian hackers targeted 21 US state election systems in the 2016 presidential race, and a small number were breached, but there was no evidence any votes were manipulated, a Homeland Security Department official told Congress on Wednesday. US intelligence agencies have concluded the Kremlin orchestrated a wide-ranging, influential operation that included email hacking and online propaganda to discredit Democratic presidential candidate Hillary Clinton and help Donald Trump, a Republican, win the White House in November. Russia has repeatedly denied responsibility for any cyberattacks during the election. Trump has variously said Russia may or may not have been responsible for hacking but has dismissed allegations that his associates colluded with Moscow as “fake news.”
United States to work with Israel, seek other ties to combat cyberattacks
The US government will seek to collaborate with Israel and other countries to develop new ways to thwart computer hacks and other cyber attacks. An American-Israeli working group will meet this week on cybersecurity issues, such as protecting critical infrastructure. The US team will include representatives of the State Department, Homeland Security, and FBI and work with their Israeli counterparts. “These high-level meetings represent the first step in strengthening bilateral ties on cyber issues following President Trump’s visit to Israel” last month, Homeland Security Advisor Thomas P. Bossert told a cybersecurity conference in Tel Aviv. “The agility Israel has in developing solutions will innovate cyber defenses that we can test here and bring back to America. Perfect security may not be achievable, but we have within our reach a safer and more secure internet.” He said the group will work on developing “a different operational conscript” that will be focused on finding and stopping attacks before they reach networks and critical infrastructure, while identifying ways to punish attackers.
EUROPE
Britain’s largest warship is vulnerable to cyberattacks
Britain’s biggest warship, HMS Queen Elizabeth, is vulnerable to cyberattacks despite the British navy claiming NASA standard security in the vessel. HMS Queen Elizabeth vulnerability comes from the fact that it has Windows XP-loaded computers in its control room. That, in turn, exposes the entire computer network of the vessel extremely vulnerable to cyberattacks, such as ransomware. UK Defense Secretary Sir Michael Cashel Fallon has quashed all media reports, which stated that HMS Queen Elizabeth was extremely vulnerable to cyberattacks. Fallon said that the ship has a team of cyber warfare experts deployed with the carrier. He added that the team will serve the ship until 2020, when the ship will become fully operational. Fallon stated that a destroyer and other escorts assisting the ship operations will also help ward off any attempt made by enemy nations to hack the carrier’s systems by using jamming equipment.
Germany gears up to defend against possible G20 cyberattack
Arne Schönbohm, president of Germany’s Federal Office for Information Security (BSI), said authorities had set up a 24/7 special command center to defend next week’s G20 summit in Hamburg against possible cyberattacks by hacker groups or cells linked to foreign governments. “As the national cyber security agency . . . we’re concerned about everything from (persistent threats) to groups like Anonymous and Lulzsec that could be planning political protests using cyber attacks,” said Schönbohm. The leaders of the twenty major economies meet on July 7–8. BSI has been working closely with German political parties and lawmakers to raise their security awareness and bolster security, but risks remain, Schönbohm said. He said he had just learned that Germany’s “Vote-Meter,” a government-generated computer program that allows voters to compare their views with party programs, was not secure. “We will be looking at that carefully in coming weeks,” Schönbohm said.
Cyberattack hits property subsidiary of French bank BNP Paribas
A global cyberattack has hit the property subsidiary of France’s biggest bank BNP Paribas, one of the largest financial institutions known to be affected by an extortion campaign that had originated in Russia and Ukraine. The attack hit BNP’s real estate subsidiary, after a person familiar with the matter had said that some staff computers were blocked due to the incident. “The necessary measures have been taken to rapidly contain the attack.” BNP Paribas Real Estate provides advisory, property, and investment management and development services mostly in Europe. It employed 3,472 staff at the end of last year, with operations in 16 countries, and had 24 billion euros ($27.26 billion) in assets under management. Many of the companies affected globally by the cyberattack had links to Ukraine, although there is no indication that this was the case for BNP. PRUDENCE, France’s ANSSI cyber security agency, urged caution on Wednesday about speculating the identity and number of victims of the attack in France.
RUSSIA
Qatar refutes Russian trace in cyberattack
Allegations of the involvement of Russian hackers in the attack on the Qatar News Agency did not come from official sources in Doha, the Qatar Embassy in Russia said. Information about the involvement of Russian hackers in the crackdown of the website of the Qatari news agency, transmitted by the American CNN television channel, did not come from any official Qatari source, the document states.
Russia’s State Duma equates blocking bypass as criminal
The State Duma of the Russian Federation (the lower house of the Federal Assembly) introduced a bill banning the use of software to bypass the blocking of internet sites in order to gain access to banned information, according to the Duma’s June announcement database. It is noted that the goal of the project is to increase the effectiveness of restricting access to information resources banned on legal grounds.
British security suspect Kremlin behind cyberattack
Britain suspects that the Russian government is behind a cyberattack on parliament that breached dozens of email accounts belonging to the prime minister and other officials. The British security services believe that responsibility for the attack is more likely to lie with another state rather than a small group of individual hackers.
MIDDLE EAST
UAE suffers Skype disconnections due to cyberattacks
Last Sunday, Skype users in the UAE were blocked in what seems to be a dedicated DDoS attack on Skype servers. The hacking group “CyberTeam” took credit for the blocking and claimed responsibility via Twitter. This occurred towards the Eid al-Fitr holiday, blocking the main option for long distance calls for many UAE residents.
Oman placed in top five globally in cybersecurity
Oman ranks fourth in the world in its commitment to cybersecurity, according ITU’s Global Cybersecurity Index. The ranking is based on legal, technical, organizational, and capacity building and cooperation in the field of cybersecurity. Singapore is ranked top in the world, followed by the United States, Malaysia, Oman, and Estonia. Oman is the only Middle Eastern country to be ranked in the top ten of the chart, which included 134 countries. Oman’s ranking in the Middle East is followed by Egypt in fourteenth place, Qatar – 25th, Tunisia – 40th, Saudi Arabia – 46th, UAE – 47th. The report also highlights Oman’s advanced e-governance system.
Secretive Turkish organization is linked to hacks on Indian websites
A somewhat secretive Turkish organization, calling themselves “Ayyıldız Tim,” seems to have done some random hacking in India. They have hacked into the sites of a few lesser known news media organizations, such as India Press Agency –IPA, Newspack, and Commentwise. They left a logo and message on the sites, suggesting their action was part of an Islamist movement and chose websites with unreliable firewalls. According to an IPA report, the hackings were mechanical, probably just announcements, and the sites were down for a couple of hours before they got back and running. There was no Trojan placed, with the hacking being somewhat aimless, deleting all physical files.
CHINA and APAC
Exclusive: India presses Microsoft for Windows discount in wake of cyberattacks
India is pressing Microsoft to offer a sharply discounted one-time deal to the more than 50 million Windows users in the country so that they can upgrade to the latest Windows 10 operating system in the wake of ransomware attacks. Microsoft officials in India have “in principle agreed” to the request, Gulshan Rai, India’s cyber security coordinator, told Reuters over the phone on Friday. Rai said India began talks with Microsoft after the WannaCry ransomware attack last month, noting that both WannaCry and this week’s attack, dubbed by some cyber experts as “NotPetya,” exploited vulnerabilities in older versions of Windows operating systems. “The quantum of the price cut, we expect some detail in a couple of days,” Rai said, adding the Indian government expected the company to offer the software at “throw-away prices.”
New Australian military unit will specialize in cyber warfare
A new information warfare division will be created within the Australian Defence Force (ADF) to run both offensive and defensive cyber warfare operations, the Turnbull Government has announced. The government's cyber security minister, Dan Tehan, said the new unit would help the ADF keep pace with modern security threats, as foreign powers like the United States, Russia, and China escalate their investment in digital forms of war. “The division will have the responsibility for military cyber operations, military intelligence, joint electronic warfare, information operations and our military's space operations,” Mr Tehan said.
AFRICA
South Africa and Kenya hit by Petya malware
A month after the WannaCry ransomware spread across the world, a new global ransomware— called Petya, which originated in Ukraine and Russia—has reached Africa. The Nigerian National Information Technology Development Agency (NITDA) was one of the first to raise the alarm in Africa urging Nigerian citizens and stakeholders of the IT industry to follow best practices and be proactive. According to several sources, including reports on Radio 702 in South Africa, the main victims of the attack were port operators like Maersk and other multinational companies present in Africa.
SONATEL opens biggest Data center in Western and Central Africa
Sonatel—the principle telecommunications provider of Senegal—opened last week their datacenter, the biggest in Western and Central Africa. It is spread out over 350 acres, with the building itself spanning 2,224 square meters. The datacenter has been certified as a Tier3 Plus (out of 4) infrastructure by the expert international American firm Uptime Institute and is meant to cater to multinational companies and small and medium enterprises in the region, as well as administrations and Sonatel itself.
Check Point Global Threat Impact Index: five African nations in the top ten
Check Point Software Technologies released its most recent Global Threat Impact Index, in which five African nations are ranked in the top ten of “at-risk countries.” Zambia has the highest risk profile, followed by Nigeria in second position, while Uganda, Malawi, and South African are ranked seventh, eighth, and ninth respectively. South Africa rose thirteen positions from 22nd to 9th place in just one month. Head of Check Point South Africa Doros Hadjizenonos observed that one of the biggest threats organizations are facing in South Africa now is malware in various forms and their employees’ vulnerability.
Kenya andUnited States initiate discussions on cybercrime
The Secretary of State’s Coordinator for Cyber Issues, Christopher Painter and Acting US Coordinator for International Communications and Information Policy, Julie Zoller, travelled to Kenya to discuss cyber policy issues with government officials, the private sector, and civil society. These included cybersecurity and crime, legal cooperation as well as other cyber and internet policy questions, such as digital economy regulatory and commercial policies or cooperation at the International Telecommunication Union. The discussions were held under the US-Kenya Cyber and Digital Economy Dialogue in the capital of the East African country.
