Global Cyber Bi-Weekly Report by INSS July 15, 2017
ISRAEL
Israel’s Cyber Authority traces for foreign involvement in elections
The National Cyber Authority is formulating a defense plan against cyberattacks on the Central Election Committee and the parties’ internet sites following recent attempts to meddle with elections in the West; the authority, however, will not act against psychological warfare campaigns. The plan was prompted by the American intelligence community’s accusations against Russia of meddling with the presidential election last November and similar complaints made in European states. The Israeli plan is not aimed at a specific foe and no external attempts have been detected so far to disrupt election procedures here.
Staying humble is key to staying safe, says Israel’s cyber chief
Israel’s cyber chief, Eviatar Matania, was not too concerned about the cyberattack that infiltrated computer systems in Israeli hospitals at the end of June. “We see attacks like this all the time,” Matania, who heads the National Cyber Bureau and who is in charge of setting out the nation’s cybersecurity policies and strategies, said in a wide-ranging interview on Thursday evening. “We mitigate [their damage] all the time, and this is one of them. It is not too difficult or dangerous.” Matania was speaking from the bureau’s headquarters in the Tel Aviv area, a nondescript building, without any markers at the entrance indicating that government activity was taking place inside. A directory of offices on each floor did not reveal the whereabouts of the bureau, which is also in charge of developing new cyber technologies for the so-called startup nation. For the interview, this reporter was asked to hand in her cellphone at the reception desk and bring only pen and paper along with a voice recorder. No tablets, laptop, or anything else digital was allowed. There was also a request for the ink to be blue, but that apparently was just a joke.
UNITED STATES
US Energy Department helping power firms defend against cyberattacks
The US Department of Energy said on Friday it is helping American firms defend against a hacking campaign targeting power companies, including at least one nuclear plant, although the attacks have not impacted electricity generation or the grid. News of the attacks surfaced when Reuters reported that the US Department of Homeland Security and Federal Bureau of Investigation issued a June 28 alert to industrial firms, warning them of hackers targeting critical infrastructure, including nuclear and electrical power sectors.
Information leaked of six million Verizon customers
Chris Vickery, director of cyber risk research at the security firm UpGuard, discovered a cloud-based server on June 8 open to public access that contained not only names, addresses, and phone numbers of Verizon customers, but also specific account information ranging from personal identification numbers to Fios accounts. A third-party vendor exposed the personal account information of millions of Verizon customers, a technology security firm announced.
EUROPE
German military aviation command launches cyber threat initiative
The German military’s aviation safety chief has launched a new initiative against cyber threats, citing research that he said shows hackers can commandeer military airplanes with the help of equipment that costs about 5,000 euros ($5,700). A defense ministry spokesman told Reuters that development of new “aviation cyber expertise” would cover everything from raising consciousness about cyber threats to technical research projects and equipping aircraft with protective systems.
More than half of former employees still have access to corporate networks
A new study by OneLogin has revealed that a large proportion of businesses fail to adequately protect their networks from the potential threat posed by former employees. The firm surveyed more than 600 IT decision-makers in the United Kingdom and found respondents were aware that over half (58%) of former employees are still able to access corporate networks even after they had left the company. This is particularly concerning given that OneLogin also discovered that almost a quarter (24%) of UK companies have suffered data breaches by former members of staff. The study highlighted flaws in the security processes implemented by organizations when an employee leaves too.
Bupa employee steals data of 108,000 customers
The data of more than 100,000 Bupa customers has been released to the public after an employee “copied and removed” their information from the health insurer’s systems. No medical or financial information is at risk, but people’s names, email addresses, phone numbers, dates of birth, nationalities, and some admin details of beneficiaries is out there, Bupa confirmed.
Swedish security executive “declared bankrupt” after his identity was stolen by hackers
Everyone is at risk of cybercrime, but it must really sting if you are hacked while running the biggest security firm in the country. That is what happened to Alf Göransson, chief of Swedish company Securitas, who was declared bankrupt this week after his identity was hijacked.
Reports indicate an unidentified culprit used the CEO’s stolen details in March 2017 to take out a loan before filing a bankruptcy application in his name. Göransson was not aware of the incident until this week when the Stockholm District Court accepted the application.
RUSSIA
Russia presented its soldier of the future
The outfit of the Russian soldier of the future was presented at the military exhibition in Moscow. Russia is working hard to increase the robotization of the army, the author of the material in Daily Mail states. Moscow intends to replace live soldiers with robots that can participate in combat operations on land, air, water and even in space. The soldier’s boots are mounted with sensors of mines and system of radio signals suppression.
Putin at G20: Trump was persistent regarding Russian cyberattacks on Democrats
According to President Putin, Trump paid much attention to the topic of Russia’s interference in the US elections and cyberattack on the Democrats. Putin said that he has “no reason to believe that Russia interfered in the US elections. This issue has a direct bearing on cyber space security. A joint Russian-American working group will be created that will develop rules of conduct and security in cyberspace.”
Pentagon to ban Kaspersky Lab Software
The Senate Armed Services Committee has proposed banning the Pentagon “from using software platforms developed by Kaspersky Lab due to reports that the Moscow-based company might be vulnerable to Russian government influence.” Kaspersky Lab said it does not cooperate with any government in cyberespionage, the Interfax news service reported Thursday. FBI agents interviewed at least a dozen employees of Kaspersky Lab in the United States this week as part of a counterintelligence probe, according to NBC News. Russia may retaliate, according to Russia’s communications minister, Nikolay Nikiforov.
Putin at G20: the future of labor is at risk due to cyber developments
According to Russia’s president, Vladimir Putin, the future of the liberated labor force due to the development of the cybersphere is the most acute global problem. An approach to counter the issue needs to be worked out between all the G20 members.
Putin: Russia needs a breakthrough in cyber technologies to avoid dependence
The introduction of digital technologies is a serious resource for Russia’s development. Moscow intends to cooperate in this area with Japan, Germany and many other countries, President Putin said. Previously, Putin called for a breakthrough in the development of the digital economy, since the “stone age is over,” and Russia may be dependent on leaders who successfully develop this direction.
MIDDLE EAST
Egyptian policymakers call to prevent social media relationship between men and women
Egyptian Parliament members have introduced the idea of preventing men and women to communicate over social media. They argue that online communications between male and females is forbidden by Islam’s Sharia law. For male users, communications with a woman other than a mother, sister, or wife is considered a sin. These efforts couple with a broader plan by the Egyptian government to monitor social media in order to increase state control and prevent cybercrime.
UK defense giant involved in selling surveillance technologies across the Middle East
A year-long investigation by the BBC and a Danish newspaper has uncovered evidence that the UK defense giant, BAE, has made large-scale sales across the Middle East of sophisticated surveillance technologies. This includes decryption software, which could be used against the UK and its allies, along with voice recognition techniques.
CHINA and APAC
MCMC probing cyberattacks on online trading platforms
The Malaysian Communications and Multimedia Commission (MCMC) is investigating reports of suspected cyberattacks disrupting online trading at several local brokerages. The regulator said it was assisting the stock exchange in investigating the disruption, a report by Nikkei Markets said on Friday. This comes after several brokerages alerted clients that their online broking services had been disrupted by the suspected cyberattacks once again after a similar disruption on Wednesday. Jupiter Securities Sdn Bhd was among the brokerage companies affected, and sent out an email to clients to update them of the situation. An earlier notice from N2N Connect Bhd, which provides core trading solutions to local stock broker firms alerted brokers of a DDoS Cyberattack threat.
India and Bangladesh sign MoU for cyber security cooperation
The Indian Computer Emergency Response Team (CERT-In) and its Bangladeshi counterpart Bangladesh Government Computer Incident Response Team (BGD e-Gov CIRT) have signed a Memorandum of Understanding (MoU) on cyber security cooperation. The MoU was originally signed in April 2017, and will be implemented through a Joint Committee on Cyber Security, which has yet to be set up.
AFRICA
ITU’s Global Cybersecurity Index 2017 places Mauritius, Rwanda, and Kenya as the top three countries in Africa
In its Global Cybersecurity Index, the International Telecommunications Union (ITU) ranked Mauritius, Rwanda and Kenya as the top three countries in Africa that have a sustainable framework for cybercrime fighting. Mauritius ranks sixth globally, with a score of 0.83. Rwanda, which is ranked second in Africa, has a score of 0.6. Kenya, which is perceived as the ICT leader in the region, only scored 0.57, making it third in Africa. Member states were ranked by their commitment to cybersecurity. This was based on an analysis of five key areas: legislation; technical capacity of institutions; organizational and capacity-building efforts, and cooperation with other countries. Their scores were especially good compared to Africa, who on average, ranks low across the five areas (legal: 0.29; technical: 0.18; cooperation: 0.25; organizational: 0.16; capacity building: 0.17).
Ghana signs African Union Convention on Cyber Security and Personal Data Protection
During this year’s African Union Summit in Addis Ababa, the president of Ghana, Nana Akufo-Addo, signed eight treaties, protocols, and charters of the African Union, including the Convention on Cyber Security and Personal Data Protection. Moreover, three days later, on July 7, Ursula Owusu-Ekuful, the minister of communications, inaugurated the new board of the National Communications Authority (NCA) and announced the NCA would play a prominent role in the implementation of the National Cyber Security Policy and Strategy, and disclosed that a cyber security advisor had been appointed.
Kenyan elections
On July 7, Privacy International published a report accusing the Kenyan government of using two recent cyber security projects to spy and increase surveillance on opposition groups ahead of next month’s elections. Cyber security in Kenya is overseen by the country’s National Intelligence Service (NIS), which recently developed two “traffic monitoring” projects: the Network Early Warning System (NEWS) meant to “detect[s] at the earliest instance, cyber threats targeting Kenya’s Internet infrastructure” and the National Intrusion Detection and Prevention System (NIPDS) whose goal is to “provide[s] a cyber-early warning on any possible attacks on critical government Internet infrastructure.” However, Privacy International suggests in its report that the NIPDS threat analysis center is also monitoring content “as one of its components is specifically designed to monitor social media content.” Both Privacy International and the main opposition party, the National Super Alliance, argue that the monitoring capabilities of these programs make online surveillance on a mass scale possible; moreover, they lack a clear legal framework.
