Global Cyber Bi-Weekly Report by INSS October 1, 2017
ISRAEL
Netanyahu, Peña Nieto meet, agree to bolster Israel-Mexico cybersecurity ties
Mexican President Enrique Peña Nieto met with Israeli Prime Minister Benjamin Netanyahu and said the two countries agreed to improve economic ties and cooperation on cyber security.
Israeli cyber defense directorate declared operational
C4i and Cyber Defense Directorate of the Israel Defense Forces (IDF) declared initial operational capacity in early September. The move is part of a wider restructuring of the IDF’s cyber operations into two parts, with defensive operations now handled by C4i and Cyber Defense Directorate (previously known as the C4i Directorate), while the Military Intelligence Directorate and its SIGINT Unit 8200 collect intelligence on threats. “In 2018 we will declare a second level of operational capability,” Brigadier General Yaron Rosen, head of the IDF’s Cyber Staff said.
New firewall defends Androids from hardware security risk
Cybersecurity researchers at Ben-Gurion University of the Negev have developed an innovative firewall program that adds a missing layer of security in the communication between Android smartphone components and the phone’s central processing unit (CPU), reports the university in Israel’s southern city of Beersheba.
UNITED STATES
Deloitte hit by cyberattack, revealing clients’ secret emails
Deloitte, one of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients. Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms, and government agencies. Deloitte clients across these sectors had material in the company’s email system, which was breached. The companies include household names as well as US government departments. The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas.” The hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information.
US aviation company targeted by Iranian hackers
A suspected Iranian hacking group has been targeting aviation and energy companies in the United States, Saudi Arabia, and South Korea since 2013. The group seems largely to have engaged in stealth spying in order to give Iranian military and corporate interests information about possible enemies and competition. However, researchers also found signs of a data-destroying program capable of wiping disks, erasing volumes, and deleting files deployed in affected companies located in the Middle East. The fact that the destructive programs were not deployed in the United States and South Korea was due to the marching orders of the hackers, not their abilities. “If they were missioned differently they could have dropped the destructive malware on any of the targets they’d hit. I think it was just a matter of the orders they’d been given,” said John Hultquist, director of intelligence analysis at FireEye, a computer security company.
US Homeland Security found SEC had “critical” cyber weaknesses in January
The US Department of Homeland Security detected five “critical” cybersecurity weaknesses in the computers of the Securities and Exchange Commission (SEC) as of January 23, 2017, according to a confidential weekly report reviewed by Reuters. The report’s findings raise fresh questions about a 2016 cyber breach into the US market regulator’s corporate filing system known as “EDGAR.” The SEC at the time had the fourth most “critical” vulnerabilities. It was not clear if the vulnerabilities detected by the Department of Homeland Security are directly related to the cyber breach disclosed by the SEC. But it shows that even after the SEC says it patched “promptly” the software vulnerability after the 2016 hack, critical vulnerabilities still plagued the regulator’s systems.
Russians tried to hack election systems of twenty-one states in 2016
Russians attempted to hack elections systems in twenty-one states in the run-up to last year’s presidential election, officials said. The US Department of Homeland Security has notified states of the attempted breaches. Homeland Security officials said the effort was conducted by “Russian government cyber actors.” States that were targeted included some key political battlegrounds, such as Florida, Ohio, Pennsylvania, Virginia, and Wisconsin. The hacking attempt was on the state’s voter registration system, and not on the voting machines. Had hackers taken over the voter registration system, they could have suspended people’s registrations, creating confusion and long lines at the polls. They also could have acquired information about individual voters, such as addresses or birth dates. The system does not include full Social Security numbers for voters, though it does have the last four digits of those numbers for some voters.
EUROPE
Norway joins global cyberdefense hub
Furthering the trend of global knowledge-sharing, Norway said this week that it plans to join the NATO Cooperative Cyber Defense Center of Excellence. The Nordic country will bring the total number of nations cooperatively working within the NATO-accredited knowledge hub to twenty-one. Located in Tallinn, Estonia, the NATO CCD COE is a research institution, and training and exercise center. Considered an international military organization, its community of nations provides a 360-degree look at cyberdefense, with expertise in the areas of technology, strategy, operations, and law.
The botnet army: Tracker reveals the European “botspots” powering global cyberattacks
On September 27, Symantec released an updated botnet tracker, sharing insight into where bots are lurking in the European, the Middle Eastern and African region. According to the firm, 6.7 million bots joined the global botnet in 2016, and Europe made up nearly one-fifth (18.7%) of the world’s total bot population. The UK, Symantec said, was Europe’s eleventh highest source of bot infections, falling from seventh place in 2015. The City of London boasted the majority of the bot infected devices in the United Kingdom, with 34.4% of all British bots located there at the time of writing. “More than 13.8m people in the UK were victims of online crime in the past year, and bots and botnets are a key tool in the cyber-attacker’s arsenal,” said researcher Candid Wueest. “Nearly a third (31%) of attacks originated from devices in Europe alone.” Indeed, the cities of Madrid, Istanbul, and Moscow had more bots in their cities than most nations had in their entire countries, Symantec said.
Corrupt Barclays banker helped gang launder £16 million for Eastern European cybercriminals
Nilesh Sheth, 53, a personal banking manager at Barclays, opened a large number of so-called “mule accounts” using fake IDs and address documents. The hackers were reportedly traced back to a location in Eastern Europe, which has not been revealed. The process, investigators found, would be repeated several times—to disguise the source of the money—before being sent back to cybercriminals.
EC-Council announces fully proctored, hands-on penetration testing exam
EC-Council announced the release of the new, fully proctored Licensed Penetration Tester (LPT) certification, which will be launched at Hacker Halted, 2017. The new LPT (Master) certification exam is a hands-on penetration testing certification exam administered in a fully proctored environment. Penetration testing professionals around the world will be able validate their skills in this new exam format launched by EC-Council. The new LPT (Master) certification exam will be delivered as a secure, fully proctored, live certification test that can be taken anytime, anywhere by busy professionals.
RUSSIA
State institutions in the United States ordered to stop using Kaspersky Lab products
US Department of Homeland Security announced on Wednesday, September 13 that all US government agencies and companies should stop using Kaspersky Lab products within a three-month period. These actions are based on the risks to information security, which Kaspersky products represent for federal information systems. The Department is concerned about the links between some representatives of Kaspersky Lab and Russian intelligence, the Department’s spokesman said.
Facebook will give the US Congress data on “Russian interference”
Facebook previously announced that during the US presidential election campaign, Russian bots bought advertisements on the social network in order to influence the outcome of the race. After the Congress’ Special Investigation Commission regarding the Russian involvement in the US elections asked Facebook to deliver the data, Mark Zuckerberg said that he gave the order to transfer the detected advertising to the US Congress.
In 2018, Russia might block Facebook in its territory
In 2018 Facebook might be blocked in Russian territory, if the network does not comply with the requirements of the law “On Personal Data,” according to which companies are obliged to transfer personal data of Russian citizens for storage on Russian soil by mid-2018. This was reported by Interfax with reference to Alexander Zharov, the head of Roskomnadzor, the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media,
Russia’s Federal Security Service demanded that Telegram provide decryption keys of users’ correspondence
The founder of the messenger app, Telegram, Pavel Durov responded by refusing the demand of Russia’s Federal Security Service (FSB) to provide decrypted correspondence of users of the popular social network. In response, the FSB launched an administrative persecution of the company, by stating that the messenger app is obligated by Russian law “On Information,” which obliges companies, among other things, to provide encryption keys at the request of government agencies.
http://bit.ly/2xABmMS
MIDDLE EAST
Iran-linked hackers are connected to major cyberattacks
The FireEye company has published a report linking a hacking group sponsored by the Iranian government to attacks on organizations in the United States, Middle East, and Asia. The hacked organizations were involved in the petrochemical industry, as well as military and commercial aviation. The main attack vector of the group was through spear-phishing emails. FireEye’s report notes that the hackers’ workday corresponds to Iran’s time zone and its Saturday to Wednesday work week.
http://nbcnews.to/2wI0Hm9
Saudi Arabia is taking significant steps to achieve cyber readiness
In the face of rapidly growing cybersecurity threats, Saudi Arabia is taking significant steps to achieve cyber readiness but is restrained by shortages of skilled Saudi labor in the cyber field. According to a newly published assessment by the Potomac Institute, the newly-established state security agency seeks to enhance the country’s cybersecurity by developing a national framework, clarifying roles across the government, enhancing information sharing, and increasing awareness. The new wave of cyberattacks in Saudi Arabia that affected government agencies and private sector companies have placed renewed urgency on national development of cyber capacities. In 2016, the Kingdom sustained more than 1,000 cyberattacks against critical infrastructures, data thefts, and service interruption.
UAE Banks Federation launches its first cyberthreat-sharing platform
The UAE Banks Federation launched its first information-sharing analysis center to bring together cybersecurity data from thirteen banks. The new framework will aggregate, correlate, and analyze threat data from multiple sources in real-time to support defensive actions. The launch comes at a time when financial institutions in the country face significant cyber security threats. The United Arab Emirates is the second most targeted country in the Middle East for ransomware attacks, behind Saudi Arabia, according to the “Internet Security Threat Report” by Symantec published earlier this year. As a financial hub in the Middle East, it is essential that UAE banks are better protected.
CHINA and APAC
India’s transition to digital causes a spike in cyberattacks, but they can be fought
Recently, there has been a growth in cyberattacks in India. This is due to a series of events that have caused a boost in India’s digital market. Moreover, the Equifax data breach in the United States has caused concern in India, where in June 2017 alone, India witnessed more than 27,000 cybersecurity threats. Also, according to Kaspersky Labs, due to India’s migration to digital services, it is highly susceptible to cyberattacks. As a result, technology startups have started prioritizing cybersecurity and are deploying mechanism for vulnerability and penetration testing and third-party security audits. The problem of the high price of cybersecurity is also solved, as a company named ShieldSquare is working with companies and startups to tighten security measures. The Technology Development Board and the Data Security Council of India have jointly decided to promote cybersecurity startups in India as a result.
Singapore overtakes United States and Russia as top spot to launch global cyberattacks
The Israeli company CheckPoint has remarked that Singapore has overtaken many nations including United States, Russia, and China as the country that launches the most cyberattacks. However, it was also asserted that a lot of internet traffic flows through Singapore, as it is a key tech-hub, and the cyberattacks actually originate in other nations. It was noted that the city-state, which holds the ambition of becoming a global technology hub, recently stepped up efforts to strengthen its cybersecurity. These efforts involve the establishment of a cyber defense unit in Singapore’s military; legislating and imposing new cybersecurity requirements; and also helping companies protect their critical information infrastructure.
Singapore and Japan sign accord to strengthen cybersecurity cooperation
On September 18, 2017, Singapore and Japan signed a pact to boost cybersecurity cooperation between the two countries. This cooperation memorandum suggested policy dialogue, information exchange, collaboration to enhance cybersecurity awareness, and also best practices to follow. Although many pacts already have been signed between the two countries, this pact was signed to bring the relationship a step further. This move is made at a time when Singapore is planning to introduce a cybersecurity bill in parliament.
AFRICA
African universities battle hacking, cybercrimes
An increasing number of cyberattacks targeting African higher education institutions and universities points to the need for more effective security and greater emphasis on university-based education and research, according to experts. Cyberattacks on African universities are not regarded as serious issues and are bundled up as simple information technology-based problems, which is false because there has been an increase in the number of cyberattacks. This is partly the result of the availability of online information about perpetrating attacks and because secure software development in Africa has been an issue as developers focus more on “functional” coding rather than on “secure” coding. Among the continent’s most recent targets have been Zimbabwe’s National University of Science and Technology and the Harare Institute of Technology. Cyber incidents, with motives ranging from fraud to political or protest action and ransom, have been reported at universities in Algeria, Egypt, Morocco, Kenya, Nigeria, Botswana, Uganda, Ghana, and South Africa.
South Africa and Nigeria in cybersecurity, airspace technology collaboration
Cybersecurity and airspace technology were high on the agenda at the South Africa-Nigeria Defense Committee meeting. Delegations from South Africa and Nigeria, led by South Africa’s Secretary for Defense Sam Gulube and Nigeria’s Ambassador Danjuma Nanpon Sheni, attended the meeting, which reviewed the progress of the defense collaboration between the two countries. Secretary for Defense Gulube said that “On the issue of cybersecurity, both militaries are in the process of strengthening and developing our systems but the field is ever-changing and evolving. Through jointly acquiring infrastructure and expertise we could enhance both our defensive capabilities.”
