Global Cyber Bi-Weekly Report by INSS August 15, 2017
ISRAEL
Israel, Organization of American States to cooperate on innovation, cyber defense
Israel and the Organization of American States (OAS) signed a joint declaration Thursday for cooperation in the fields of innovation, cyber defense, water management, and crisis response. Israel has observer status at the organization, which includes Latin American, Central American and Caribbean countries as well as Canada and the United States. During his visit, OAS Secretary General Luis Almagro met with senior officials at the National Cyber Authority to examine the possibility that Israel provide training for cyber officials in a number of Latin American countries.
Two teens nabbed for cyberattacks that caused widespread damaged
Two Israeli youths were arrested Tuesday, following a year-and-a-half undercover investigation by the Israel Police’s Cyber Crimes Unit of ongoing international cyberattacks, which have targeted thousands of computers and caused millions of dollars in damages. According to the police, the unidentified suspects—both minors from the Sharon region—created a shell company in England to sell distributed denial of service (DDoS) “attack packages” used to prevent access to websites and internet servers worldwide. The Israel police worked with Europol after more than two million cyberattacks were carried out in the United States, England, the Netherlands, and Sweden, causing millions of dollars of financial damage to various organizations around the world and netting the suspects more than $613,000. The money was seized after the suspects’ bank accounts were identified and frozen.
American firm CYBERREADYUSA acquires practice arena from Israel’s Cybergym
A cyber defense training center, with Israeli expertise, will soon be opening its doors in the heart of Oklahoma City, following a partnership agreement between Israel’s CyberGym and the American company CyberReadyUSA. Aiming to ensure that the customers of the American company are most prepared for future cyberattacks at their facilities, the new practice arena will provide users with a platform for coping with cyberattacks in real time, the partners said. Originally established in Hadera in 2013, CyberGym is a joint venture between the Israel Electric Corporation (IEC) and CyberControl, an Israeli cybersecurity consultancy group. “The field of cyber is, without a doubt, the spearhead of our international business enterprises, and we are proud to receive the international recognition that has come with the purchase of Israeli developed practice arenas around the world,” said Ofer Bloch, CEO of the IEC.
UNITED STATES
US senators to introduce bill to secure internet of things
A bipartisan group of US senators plan to introduce legislation seeking to address vulnerabilities in computing devices embedded in everyday objects—known in the tech industry as the “internet of things”—which experts have long warned pose a threat to global cybersecurity. The new bill would require vendors that provide internet-connected equipment to the US government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities.
Prankster tricks top White House officials into replying to his emails
Top White House officials—including the one tasked with cybersecurity, and the just-ousted communications director Anthony Scaramucci—fell for tricks by a self-described email prankster. A person whose identity has not yet been revealed created fake accounts and sent messages to Trump administration officials who replied as if they were real. The prankster created a fake Outlook account, pretending to be Trump’s son-in-law and adviser Jared Kushner. He sent an email to homeland security adviser Tom Bossert, who is charged with cybersecurity. The emails were provided to CNN.
EUROPE
EU agency asks Commission to “avoid fragmentation” in new cybersecurity plans
The European Union needs to increase its cooperation between civil and military cybersecurity authorities when member states are attacked by hackers, according to the EU cybersecurity agency ENISA. The Athens-based agency asked the European Commission for a bigger role in responding to cybersecurity breaches. Part of that role would mean working more with the military when hackers attack more than one EU country. Those cybersecurity breaches could potentially become an issue of EU competency, according to a document that the agency sent the EU executive, which EURACTIV has obtained. ENISA sent the twenty-page document to Brussels arguing for more centralized EU oversight over cybersecurity rules, a certification system to guarantee technology products are secure, and an overhaul of how authorities respond to major hacking attacks.
UK government releases guidelines on protecting connected vehicles from hackers
Under new guidance issued by the UK government, engineers developing the next generation of internet-connected smart vehicles will have to toughen up their cyber protection and help ensure they are better protected from hackers. Smart vehicles are becoming increasingly common on the country’s roads, allowing drivers to access maps, travel and traffic information, and new digital radio services from the driving seat. But while smart cars and vans offer new services for drivers, it is feared would-be hackers could target them to access personal data, steal cars that use keyless entry, or even take control of technology for malicious reasons. The legislation aims to put the United Kingdom at the center of the new technological developments in smart and autonomous vehicles, while ensuring safety and consumer protection remain at the heart of the emerging industry.
Germany needs tougher laws against cybercrime, says top policeman
Germany’s highest police official has called for tougher laws to fight cybercrime on the illegal internet—the Darknet—and other organized criminal structures. Holger Muench, president of the Federal Criminal Police Office, told Die Welt newspaper that German law needed to be adjusted to account for the massive harm such criminal activities can do. “Professional hackers can cause enormous damage. They represent a danger for security and the economy,” Muench said. “That should be reflected in the sentences as well.”
Some Siemens medical imaging devices vulnerable to hackers
The Department of Homeland Security (DHS) has issued an alert warning about cyber vulnerabilities in certain Siemens medical imaging products running Windows 7 that could enable hackers to “remotely execute arbitrary code.” While the company is downplaying the risk to patients, some security experts say the vulnerabilities could pave the way for malicious attacks, including ransomware attacks, if they are not patched. The alert from the DHS’ Industrial Control Systems Cyber Emergency Response Team said that the German-based Siemens identified four vulnerabilities in the medical imaging products and is preparing patches.
RUSSIA
Opinion: The Democrats were hacked from within
In an interview with Fox News, the Romanian hacker Marcel Lehel Lazar, known as Guccifer, who is currently in prison in Romania for hacking email boxes of prominent individuals in the country, stated that those who claimed responsibility for hacking the electronic mailboxes of the campaign headquarters of former Secretary of State Hillary Clinton and the National Committee of the Democratic Party, were not Russian hackers. Rather, he asserted, they were employees of the US National Security Agency, the Central Intelligence Agency, or the US Department of State.
Russia uses NSA tools for hacking?
According to researchers at FireEye, the hacking group APT 28 (also known as Fancy Bear) has been monitoring high-ranking individuals who have stayed at hotels in Middle Eastern and European countries. The researchers concluded that the hackers, which many experts have linked to Russian special services, used the EternalBlue hacking tool from the arsenal of the US National Security Agency. As it is known, EternalBlue was leaked out to public access by hacking group Shadow Brokers in April this year.
Russian banking sector leads in hacking attacks
The number of cyberattacks on both banks and ATMs, the automated teller machines, in Russia is expected to grow by 30 percent in 2017. Such a forecast is given in a study published by specialists of Positive Technologies Company.
MIDDLE EAST
FBI detects Iranian cybercriminals in US systems
The FBI has detected a group of hackers that are using dozens of IP addresses and hundreds of domains hosted in the United States to attack enemies of the Iranian government. The FBI have joined forces with private actors and report that the malicious cyber actors are likely located in Iran and use infrastructures hosted in the United States to compromise government, corporate, and academic computer networks. The majority is located in the Middle East, Europe, and the United States. The hackers have been using spear phishing, social engineering, and malicious web sites since 2015.
Iranian Cyberspace Council requires all social media apps to store data inside Iran
To improve Iran’s ability to monitor and censor online content and user activity, the country’s Supreme Cyberspace Council (SCC) has ruled that all foreign social media networks must store domestic traffic data inside Iran and have a representative based inside the country. The SCC, which sets internet policy in Iran, does not have the authority to force foreign social media apps to comply with the legally binding ruling. This step was taken to pressure foreign social media companies that wish to maintain presence in Iran to aid the state’s surveillance efforts.
Qatar and Turkey cooperate in cybersecurity
The Scientific and Technological Research Council of Turkey and Qatar’s National Research Fund are beginning to implement the cybersecurity part of their scientific cooperation agreement. Under the pact, both nations plan to develop technology needed to protect the vital infrastructure of banks, energy, and electronic communications. Turkish and Qatari researchers plan to form a consortium of companies from the private sector, and public bodies will grant $2 million to implement joint projects.
CHINA and APAC
India: Cyber “soldiers” to unleash ransomware on Pakistani sites
As the Independence Day of India and Pakistan is just around the corner, Indian hackers are preparing for a major cyberattack on the Pakistani government website. The hackers claim to have found vulnerabilities in several Pakistani government and education portals and are expected to infect the Pakistani network with ransomware and demand digital currency for the return of their network. This is a reaction to the tensions in the India-Pakistan border. After having announced the death penalty of Kulbhushan Jadhav and during the surgical strike conducted by the Indian Army, many Pakistani government websites were hacked. Furthermore, earlier this month an anonymous Indian hacker posted the Indian national anthem and Independence Day greeting on the Pakistani government website, www.pakistan.gov.pk.
India ill-prepared to handle Chinese cyberattacks, says expert
Recently, Indian infrastructure companies and some government institutions were attacked by Chinese hackers. Rahul Tyagi, vice-president of the cybersecurity firm Lucideus Tech, says that India lags behind in the defensive mechanisms employed to deal with such attacks, let alone its offensive capabilities. India imports hardware products from China, and possibilities of the hardware products infected by malware raise concerns about cyberespionage. The government of India is most vulnerable to these advanced attacks carried out by Chinese attackers. The expert also claims that IP spoofing capabilities are being used by China to further target and distort relations of India with many other countries around the Globe. Lastly, he asserted that the Indian government must adopt a more proactive method of dealing with cyberattacks and build its national cyber capabilities.
Japan’s Defense Ministry plans to boost number of cyber soldiers
In order to prepare for challenges by Chinese, Russian, and North Korean-state sponsored attacks on critical cyber infrastructure ahead of the Tokyo Olympic and Paralympic Games in 2020, the Japanese Ministry of Defense plans to develop its cyber warfare capabilities by increasing the number of soldiers in its Cyber Defense Unit and establishing a working group to study the cyber warfare techniques. Although it relies on the US-Japan alliance through the US-Japan Treaty of Mutual Cooperation and Security, the coordination between the countries remain underdeveloped and there is no provision that mentions US military intervention should there be a cyberattack on Japan’s critical information infrastructure. Furthermore, the Japanese plan to build its defensive capabilities as acquiring offensive capabilities would violate Japan’s constitution, and has thus instigated a debate as to whether Japan can conduct cyberattacks in defense of military networks.
United States and Japan talk cooperation against large-scale cyberattacks
On July 24, the meeting of the fifth joint US-Japan cyber dialogue took place, which led to an agreement for the private sector, academia and government to collaborate on information sharing and strengthening cybersecurity. The information sharing will take place between the National Center of Incident Readiness and Strategy for Cybersecurity and the US Department of Homeland Security through an Automated Indicator Saying program.
