Global Cyber Bi-Weekly Report by INSS September 15, 2017
ISRAEL
Israeli cybersecurity firms seek to bolster defense of UK banks and insurers
UK banks, insurers, and telecom companies will be looking to Israel for cybersecurity solutions, in an effort by the British government to increase the protection of companies and institutions against cyberattacks. In the past year, UK companies and public institutions, such as the Parliament and the National Health Service, have been hit by cyberattacks. A government report published in August showed that Britain’s top firms and charities “urgently” need to do more to protect themselves from online threats. The UK Israel Tech Hub, a team within the embassy, is seeking to address the threat by connecting British companies to Israeli technologies.
Israel Police to launch dedicated unit to fight cybercrime
Police Commissioner Roni Alsheikh announced the establishment of a new dedicated unit to fight cybercrime, both by catching offenders and by taking preventative actions. The new unit, the police chief said, was established in cooperation with the Education, Welfare, Justice, and other ministries “based on conclusions drawn from many other countries that have done this. Crimes of all types are moving online: sex crimes, property crime, etc., and it has far-reaching consequences. This is an arena where almost anything can be done. The police will be wherever teens are Facebook, Instagram, Snapchat.” He went on to explain the unit’s operations. “When someone is about to commit an offense online, in places where it is obvious people go to commit an offense, a window will pop up from the police saying ‘Excuse me, sir, your next click constitutes a criminal offense. Please consider your actions,’” Alsheikh said.
UNITED STATES
Hackers target American and European energy sectors
Advanced hackers have targeted US and European energy companies in a cyberespionage campaign, and, in some cases, have successfully broken into the core systems that control the companies’ operations. The cyberattacks, which began in late 2015 but increased in frequency in April of this year, are probably the work of a foreign government.
Trump administration orders purge of Kaspersky products from US government
The Trump administration on Wednesday told US government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to the Kremlin’s influence and that its anti-virus software could jeopardize national security. The decision represents a sharp response to what US intelligence agencies have described as a national security threat posed by Russia in cyberspace, following a year marred by allegations that Moscow weaponized the internet in order to influence US elections. In a statement, Kaspersky Lab rejected the allegations, as it has done repeatedly in recent months, and said its critics were misinterpreting Russian data-sharing laws that only applied to communications services.
US sanctions eleven individuals and entities for aiding Iran in ‘malicious cyber activities’ and missile efforts
The US Department of Treasury has imposed sanctions on several individuals and entities accused of aiding Iran’s nuclear program or engaging in “malicious” cyber activity. On the list are two companies based in Ukraine. The sanctions freeze any assets the individuals and companies may hold in the United States and prohibit any US persons from doing business with them. Khors Air and Dart Airlines, based in Ukraine, were sanctioned for “aiding designated Iranian and Iraqi airlines through the provision of aircraft and services,” Treasury said in a statement. The companies are said to have provided Iran with airplanes of US origin.
EUROPE
European Union plans more robust security to shore up cyber defenses
Brussels’ growing cybercrime has spurred proposals to strengthen the European Union’s dedicated security agency and to set up a fund to help countries who suffer such attacks. An increase in ransomware attacks, such as this year’s WannaCry worm that locked up more than 200,000 computers around the world, has convinced the European Commission to act. The European Union’s executive proposed a common plan to coordinate the bloc’s response in case of a large-scale attack and a cyber security emergency response fund.
“New wave” of cyberattacks target American and European energy sectors
The North American and European energy sectors are being targeted by a “new wave” of cyberattacks by the group known as Dragonfly, according to a research report released by the cybersecurity firm, Symantec. These attacks are specifically focused on the power grid and related components, such as power generation, transition, and distribution.
Cyber alert—EU ministers test responses in first computer war game
European Union defense ministers tested their ability to respond to a potential attack by computer hackers in their first cyber war game, based on a simulated attack on one of the bloc’s military missions abroad. In the simulation, hackers sabotaged the European Union’s naval mission in the Mediterranean and launched a campaign on social media to discredit the EU operations and provoke protests. Each of the defense ministers tried to contain the crisis over the course of the ninety-minute, closed-door exercise in Tallinn, which officials sought to make real by creating mock news videos, giving updates on an escalating situation.
Spain’s data privacy regulator fines Facebook $1.5 million
Facebook has been fined $1.5 million (€1.2 million) by Spain’s data privacy regulator, stating that the social network “does not adequately collect the consent of either its users or nonusers, which constitutes a serious infringement.” The agency (AEPD) said that Facebook collects data for advertising purposes, including political ideology, sex, religious beliefs, personal tastes, and browsing history, without the user being aware that it is happening nor for what purpose. It uses cookies to track what its users do on the web, including non-Facebook sites.
RUSSIA
Facebook’s revelation of Russian fake accounts receives new confirmation
Facebook’s Chief Security Officer Alex Stamos released a statement, declaring that the 470 accounts, which were presumably opened by Russian hacker groups to influence the opinions of US citizens in the 2016 US elections, were based in St. Petersburg’s “troll-farm,” known for promoting pro-Russian government positions via fake accounts in social networks.
Putin: all IT sphere in Russia gradually to be produced domestically
Russian President Vladimir Putin called on Russian IT companies to switch to the use of domestic software in order to reduce security risks. Otherwise, the state will not be able to use the products of such IT companies in certain areas, Putin said.
Russia’s new law: Ten years’ imprisonment for hackers
Putin signed a new law on IT security, which is aimed to strengthen protection against hacker attacks. The new law provides legal persecution for development of malicious programs and cyberattacks and imprisonment for up to ten years.
The tightening of the IT sphere by Russia’s security apparatus continues
The Federal Security Service of the Russian Federation (FSB) will expand its powers to control the work of the Centers for Computer Attacks Detection. Such normative legal act was released by President Vladimir Putin’s administration and will be empowered on September 22.
MIDDLE EAST
Iran has its own cyber police for the internet and social media
The expansion of the internet and particularly social media poses an increasing challenge to Iranian security forces. To deal with this challenge, the Iranian government has set up a cyber police force charged with policing the internet and social media. They focus on Instagram and Telegram, as these platforms have been involved in two-thirds of the investigated cybercrimes in the country.
State-sponsored hacks have become an increasing worry among countries in the Gulf
The suspected Iranian attacks on Saudi Arabia and the leaked emails among allied Arab nations have made state-sponsored hacks as the top priority of countries across the Persian Gulf. Defending against such attacks has become a major industry in Dubai, as the interconnected “smart city” relies on digital infrastructures. They fear a Shamoon-like hack, the computer virus that destroyed Saudi Arabia’s state-run oil company. Iran, UAE, Saudi Arabia, and Qatar have already proved their cyber capabilities and their willingness to use those capabilities against one another according to their interests.
The Turkish government will unveil a new cybersecurity plan
The new plan aims to counter growing domestic and global threats. The Turkish Transportation, Shipping, and Information Ministry said that Turkey was working on a new cybersecurity strategy that will involve five strategic objectives, with forty-one action topics and 167 practical steps. The Ministry will also launch a cyber drill this year to assess the preparedness of Turkish cyber defense agencies. An online cybersecurity simulator is also on the government’s agenda.
CHINA and APAC
Cyber Secure Car 2017 comes to Japan, bringing global experts to focus on cybersecurity of connected, automated vehicles
The annual cybersecurity conference called “Cyber Secure Cars” will take place in Tokyo on September 26–27. The world’s leading automotive security minds will deliver deep insights on how to design and implement defense strategies in vehicles. Connected services and vehicle automation, brought about by more than 100 electronic control units that are connected to the internet, have turned cars into an attractive target for hackers, fraudsters, and cybercriminals. This conference gathering will help determine the mechanisms necessary for dealing with such challenges.
AXA data breach affects 5,400 Singapore customers
The recent cyberattack on the life insurance firm, AXA, leaked personal data, such as email addresses, mobile numbers, and birthdates, of 5,400 customers. AXA Singapore Chief Executive Officer Jean Drouffe apologized for this attack and confirmed that the Health Portal that had been compromised was secure to use. Fortunately, the financial and health data was not leaked and customers were immediately advised to be vigilant against phishing attacks and change their passwords. Furthermore, the Monetary Authority of Singapore has asked AXA to make a thorough review of its IT security to remediate any control gaps.
Chinese cyber spies broaden attacks in Vietnam, security firm says
According to FireEye, cyber spies named “Conimes,” working on behalf of China’s government, have broadened their attacks against corporations and financial institutions in Vietnam due to the tensions over the South China Sea. While Hua Chunying, the spokesperson of the Chinese Foreign Ministry, has opposed any illegal internet activities and denied any state-driven cyberattacks, Le Thi Thu Hang, the spokesperson of Vietnamese Foreign Ministry has said that the attackers must be severely punished. The growing tensions over the South China Sea over the past three years has been heightened by Vietnam’s efforts to rally Southeast Asian countries to its side in the dispute and strengthen its defense ties with the United States, Japan, and India. Earlier this month, Vietnam’s President Tran Dai Quang called for higher control and better protection against cyberattacks.
India: As government pushes for digitized cashless economy, cyberfraud increases
Ever since the move toward demonetization and the push for cashless currency, there has been a 10 percent increase in cybercrime in India. Pawan Duggal, a cyber expert and lawyer in the Supreme Court, has confirmed this fact and has expressed concerns over the failure to curb monetary theft in cyberspace. As a result, the government has issued twenty-one advisories for securing platforms for digital transactions, such as ATMs and credit cards. Most of the cyberfraud reported are phishing attacks, while small towns in India, such as Tikamgarh in Madhya Pradesh, Jamtara in Jharkhand and Katrisarai in Bihar, are becoming India’s equivalent of Ramnicu Valcea, Romania, the cybercrime capital of the world.
India: SEBI asks registrars, share transfer agents to implement cybersecurity framework
At a time of rising cyberattacks, the Security and Exchange Board of India (SEBI) released the circular on “Cyber Security and Cyber Resilience framework for Registrars to an Issue/ Share Transfer Agents’ (RTAs),” demanding the implementation of a robust cyber security framework. This framework includes stringent supervision of outsourcing staff who have access to critical systems. This policy for compliance has been approved by the respective board and the entities are to implement the requisite systems by December 1, 2017.
AFRICA
Nigeria is to establish a cyber security research center to fight cybercrime
Nigeria’s National Information Technology Agency (NITDA) will establish the National Cyber Security Research Center. Nigeria has not been spared the global increase of cyberattacks. In 2016, the NITDA revealed that Nigeria lost 89,55 billion Naira ($450 million) per year to cybercrime. Director of Cyber Security Christopher Okeke said that “It is imperative to note that this war cannot be fought in isolation. Nations collaborate, share strategies and highly classified information and skills.”
