Global Cyber Bi-Weekly Report by INSS November 1, 2017
ISRAEL
Israel eyes measures to prevent cyber election sabotage
Israel is on guard against hacking ahead of the next general election, one of its most senior cybersecurity officials said, identifying Iran as posing the greatest overall risk to the country’s cybersecurity. The government is bracing against the risks of fake news, possible denial of service attacks on civic institutions, or efforts to hack the correspondence of politicians or government officials in order to leak embarrassing details. “We are on the way to identifying and assisting from a distance everywhere we find or identify as a vulnerability . . . and make it tougher for the bad guys to hack,” Yigal Unna, head of technology at the prime minister’s Cyber Directorate, told a Reuters Cyber Security Summit. Since the 2016 US election, Western countries have been fretting about the possibility of Russian hacking to influence their internal politics. Israel is less concerned about hacking attempts on polling stations as the country, with less than six million voters, still uses paper ballots.
Israeli cybersecurity company Intezer raises $8m
Israeli cybersecurity company Intezer has raised $8 million in a Series A financing round led by Intel Capital with co-investors Magma and Samsung NEXT. This round will be used to expand the company’s global sales efforts and open new opportunities in targeted markets. Former investors include Alon Cohen (founder and former CEO of CyberArk). The company raised $2 million last December. Tel Aviv-based Intezer provides enterprises with unparalleled detection against advanced threats, in addition to significantly improving incident response.
UNITED STATES
United States warns public about attacks on energy, industrial firms
The US government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyberattacks present an increasing threat to the power industry and other public infrastructure. The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email that the nuclear, energy, aviation, water, and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May. The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage. The objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing the computer networks of their targets.
Trump administration imposing new email security protocols for agencies
The Trump administration will order federal agencies to adopt common email security standards to better protect against hackers. Department of Homeland Security Assistant Secretary for Cybersecurity Jeanette Manfra, speaking at an event in New York, said the agency would issue a binding directive to require implementation of two cyber security measures, known as DMARC and STARTTLS, to guard against email spoofing and phishing attacks. The new requirements are “discrete steps that have scalable, broad impact” and will improve federal government cybersecurity, Manfra said. DMARC, or domain-based message authentication, reporting and conformance, is a decade-old popular technical standard that helps detect and block email impersonation, such as when a hacker might try to pose as a government official or agency.
United States widens surveillance to include “homegrown violent extremists”
The US government has broadened its interpretation of citizens who can be subject to physical or digital surveillance to include “homegrown violent extremists,” according to official documents seen by Reuters. The change last year to a Department of Defense manual on procedures governing its intelligence activities was made possible by a decades-old presidential executive order, bypassing congressional and court review. The new manual, released in August 2016, now permits the collection of information about Americans for counterintelligence purposes “when no specific connection to foreign terrorist(s) has been established,” according to training slides created last year by the Air Force Office of Special Investigations (AFOSI).
EUROPE
“Basic IT security” could have prevented England’s WannaCry attack
The National Health Service (NHS) in England should have been able to block the “unsophisticated” WannaCry ransomware outbreak that hit the world in May, government auditors say. “Basic IT security” was all that was required to prevent the attack, which affected more than a third of NHS organizations, said the National Audit Office in its report “Investigation: WannaCry Cyberattack and the NHS.” The failure of so many NHS trusts and organizations to block WannaCry means that, unless substantial cybersecurity improvements are made, the NHS will remain easy pickings for online attackers. Information security experts say the report contains important lessons for organizations worldwide.
Security information about Britain’s queen leaked onto the Dark Web
Top secret security information of Britain’s queen was found to be circulating on the Dark Web since the last week of October. According to the sources of Cybersecurity Insiders, the information could have been leaked from a memory stick that was found on a street near Heathrow Airport. Law enforcement officials have launched an investigation and officials are now planning to realign the arrangements of the British royal family for security reasons. The Daily Mail reports that the memory stick that was found on a street contained sensitive data like maps, videos and details about measures to protect the queen and her royal family in transit to and from the airport. It also contained files that contained information regarding the safety of cabinet ministers, foreign dignitaries who are to visit Britain in the future, and some high-profile British dignitaries.
Bad Rabbit ransomware strikes Eastern Europe
As new ransomware called Bad Rabbit has infected systems across Eastern Europe, and cybersecurity experts have been monitoring the outbreak, in part to see if it will match the disruption caused by this year’s WannaCry and NotPetya ransomware campaigns. Bad Rabbit, which encrypts files on hard drives and asks for a ransom, has so far hampered the subway system in Ukraine’s capital city, Kiev, as well as the Odessa International Airport, which reported on October 24 that it had been “attacked by hackers.” Dubbed “Bad Rabbit,” it is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (about $285) as ransom from victims to unlock their systems.
Anonymous attacks Spanish government sites
The hacktivist group Anonymous has been firing up its DDoS cannon again, this time aiming at Spanish government websites, in support of Catalan independence. The group claimed to have taken offline the website of the constitutional court, which ruled the Catalonian referendum illegal last week. It also defaced the website of the Spanish Ministry of Public Works and Transport with a “Free Catalonia” message. A statement from the group said the following: “In the name of all the Catalan independence and democracy, Anonymous Catalonia asks all the Anons of the world who are in favor of the freedom of expression . . . and peaceful dialogue to persist in the #FreeCatalonia operation until 29 October 2017.”
Organized cybercrime originates from Eastern Europe, says NCSC CEO
The CEO of Britain’s cybersecurity agency National Cyber Security Center (NCSC), Ciaran Martin, revealed on October 21, 2017 that Northern Ireland’s infrastructure has been hit by “significant” online attacks from hostile nations. In an exclusive interview with Belfast Telegraph, Martin, who had been serving as director general for cybersecurity of Government Communications Headquarters, said, “A very serious attack is possible. I wouldn’t say it’s statistically more probable or less probable that it would happen in Northern Ireland than England or the Republic or somewhere else. What I would say with high confidence is that there is an everyday risk to the economy here from that sort of low sophistication, but highly prolific, set of attacks.” Martin also said that such organized cybercrime network originates from Eastern Europe, particularly Russia.
RUSSIA
Russia under major cyberattack
On October 25, Bad Rabbit, a new massive cyberattack, targeted Russian media companies Interfax and Fontanka, as well as targets in Ukraine, including the airport of Odessa, the Kiev subway, and the Ministry of Infrastructure of Ukraine. At this point, it is unclear who is behind the attack, who the victims are, how the malware is spreading, or where it originated. The Ukrainian computer emergency agency CERT-UA posted an alert on Tuesday morning warning of a new wave of cyberattacks, without mentioning Bad Rabbit. Kaspersky Lab, a security firm based in Moscow, said that that “most” Bad Rabbit infections are in Russia, and some also in Ukraine, Turkey, and Germany. The company called Bad Rabbit “a targeted attack against corporate networks.”
Russian regime machine in action: First closure of social network nears
Following the demand by the Russian Federal Security Services (FSB) that the messenger app Telegram, which belongs to Russian native Pavel Durov, would disclose its users’ correspondence, the FSB has sued the social network at the Moscow Magistrate’s Court. The court’s decision obligated Telegram messenger to pay 800,000 rubles fine for refusing to provide the authorities with decoding keys to its users’ conversations. Dmitry Peskov, the press secretary of President Putin, commented that the blocking of the app meanwhile is not being discussed, whereas Herman Klimenko, the president’s IT and internet adviser, noted that Durov eventually will have to cooperate with the authorities, or his messenger app will cease to exist.
New space satellite communication center launched in Russia
A new space flight control center for the Russian personal communication satellite system “Gonets-D1M” was launched in the town of Zheleznogorsk. The project was completed under the order of the state corporation Roscosmos. The Russian satellite system Gonets-D1M is designed to transmit data and provide communication services to subscribers anywhere in the world.
Twitter blocked Russian news agency and Russia expected to respond
Twitter has blocked Russian news agency RT’s accounts in connection to the investigation of Russian intervention in the US presidential elections in 2016. “Russia will respond to the decision of the social network of Twitter to prohibit advertising of accounts owned by RT TV channel and Sputnik news agency,” Maria Zakharova, an official representative of the Ministry of Foreign Affairs, said to RIA Novosti.
MIDDLE EAST
Iran may respond with cyber operations after Trump announced he might not cooperate with the nuclear deal
After President Trump is arguably heading towards changing or even canceling Iran’s nuclear agreement, experts assess that increased tension will lead to Iranian cyber operations against US targets. Observers say that while the current diplomatic instability will probably not impact Iran’s hacking campaigns, further decisions about sanctions could fuel offensive plans directed at the United States. In 2011–2012, Iranian hackers were very active in targeting US and EU targets, but in the past couple of years they mostly have turned to Middle Eastern targets like Saudi Arabia. A RAND expert argues that the lack of recent cyberattacks on Western countries has resulted from low motivation to use cyber weapons following the nuclear deal, but since this is about to change, all the options are on the table.
Saudi Arabia’s National Cyber Security Center is going public
The National Cyber Security Center (NCSC) in Saudi Arabia announced on Monday its participation in the third annual RSA Conference in Abu Dhabi, set to take place at Emirates Palace on November 7–8, 2017. Bringing together some of the brightest minds in the industry, the event will include high-level discussions around block-chain, cyber resilience, artificial intelligence, and more. Representatives from NCSC will present the challenging threat landscape and methods used to respond efficiently. One of the main goals of the NCSC is sharing information with the public and increasing awareness in order to reach a “safe cyberspace for the kingdom.”
Turkish police broke mobile phone password of US consulate employee in Istanbul, creating a major diplomatic crisis
Turkish police have broken the password of the mobile phone of an arrested employee of the US Consulate in Istanbul where they found messages about media reports on the arrest of Turkish-Iranian businessman Reza Zarrab in the United States. The Turkish cybercrime unit revealed that US Consulate employee Metin Topuz had sent WhatsApp messages to an unidentified US diplomat, sharing reports on Zarrab, who had been arrested in the United States for evading US sanctions on Iran. Washington demanded the return of the seized mobile phone, stating that the phone belongs to the United States, and any information on it and its SIM card fall within diplomatic impunity of the consulate staff, as per the 33rd article of the Vienna Convention.
CHINA and APAC
Asia-Pacific region most vulnerable to cyberattacks
According to Trend Micro, a major cloud-security solutions company, the Asia-Pacific region remains the biggest target for cyberattacks, ranging from ransomware to malicious software, by cyber criminals across the globe. APAC account for 35.7 percent of all the ransomware detections and lead in online-banking malware detection. Furthermore, it was reported that the total financial and economic losses in APAC from WannaCry alone was $4 billion. It was also noted that this region is majorly affected by cyber propaganda, in addition to cybersecurity threats.
Protecting Australia schools from cyberattacks
As a major shift to a new digital education model takes places and schools become increasingly cyber-reliant, the vulnerability to cyber attacks also grows. This brings into account the case for optimizing the technology infrastructure. The schools in Australia are adopting a “bring your own device” policy. This is creating an influx of uncontrolled devices and digital tools and is also forcing a change of focus in education cybersecurity and network design. This is also a challenge to the school’s IT department to build an infrastructure that can support a variety of devices, prioritize requests, and follow compliance standards. To ensure the safety of students, the government has imposed regulation with which schools must comply. Furthermore, schools must limit IT resources when adopting new tools in order to reduce the overhead needed to effectively manage, update, and integrate these tools for increased visibility and control.
New norms likely for India’s power grid to avoid cyberattacks
The Government of India has laid down a proposal for the Central Electrical Authority to verify testing standards and procedures for cybersecurity compliance and amend regulations so that the power grid infrastructure of India can be protected. There have already been a lot of concerns over the contract given to Chinese companies for installation of Supervisory Control and Data Acquisition systems (SCADA) for power distribution, which has been installed in Rajasthan, Madhya Pradesh, Tamil Nadu, and Puducherry. Furthermore, the Central Electricity Authority has been planning to draft a roadmap for securing India’s power station and smart grip systems against cyberattacks.
NATO chief seeks stronger, broader partnership with Japan on security and cyberattacks
Concerned about North Korea’s threat to regional stability and global issues which include cyberattacks, the secretary general of North Atlantic Treaty Organization wants to strengthen Japan-NATO ties. This move is aimed not only at strengthening cooperation in cyber, maritime security, and other areas between NATO, Japan, and South Korea but also for finding a peaceful solution and respond to China’s increasing assertiveness and North Korea’s actions that challenge global peace.
AFRICA
Fortinet, South Africa’s cybersecurity company, has caught up
Fortinet, a cybersecurity company, revealed the findings of the company’s 2017 Global Enterprise Security Survey. The survey aimed to uncover the attitudes of companies around the world towards cybersecurity. The global survey was conducted across sixteen countries in August 2017. The survey provided great insight into where South African companies are in terms of cybersecurity in comparison with the rest of the world. The survey revealed the increase in cybercrimes over the past two years. 82 percent of South African businesses have been victims of a security breach in the past two years, compared to 85 percent globally. In South Africa, 76 percent of participants increased their IT budget, 22 percent stayed the same, and 2 percent decreased the budget. Paul Williams, Southern Africa country manager at Fortinet, said that “South Africa has really caught up to the rest of the world in terms of security focus within their IT departments. This has also been met with an added accountability on a board level when there is a breach in security.” The report also highlighted the lack of cybersecurity basics, ongoing and future challenges and a decision maker’s wish list. The full report can be seen here.
