Global Cyber Bi-Weekly Report by INSS November 15, 2017
- Editor-in-chief: Gabi Siboni
- 16 нояб. 2017 г.
- 8 мин. чтения
ISRAEL
Israeli general: Iran orchestrates thousands of cyberattacks daily on Israel military
Israel’s general in charge of network security said that his country’s military faces thousands of cyberattacks daily, mostly from Iran whose “hacking capabilities are improving.” Speaking at the Reuters Cyber Security Summit in Tel Aviv on October 31, Major General Nadav Padan, who heads the military’s Command, Control, Computer, Communications and Intelligence (C4I) plus Cyber Division, said that Iran has mounted attacks on Israel with the help of proxies like Lebanese Shiite group Hezbollah. “They are not the state of the art, they are not the strongest superpower in the cyber dimension, but they are getting better and better,” Padan told the news agency. “As far as we know, nobody has been able to penetrate our operational systems,” Padan said.
Continental buys Israeli company Argus Cyber Security
The German tire and advanced car components company Continental has acquired the Israeli smart car technology startup Argus Cyber Security. No financial details about the deal were disclosed but market sources say that the acquisition was for $430 million.
UNITED STATES
Ransomware emerges as cybersecurity concern
Ransomware attacks have emerged as one of the most pressing new cyber issues that companies must face when crafting a cyber solution. There are specific reasons for the emergence of ransomware as such a major threat, sources said. “It’s all about the money,” said Jeremy Batterman, founding partner of Azonic Security Solutions L.L.C. in St. Charles, Illinois. “For these types of attackers, this is a way to get money from individuals or companies by holding their data hostage. It doesn’t take a lot of technical expertise to perform these types of attacks, so that makes it easy to facilitate.” Jeremy Kerman, an attorney in Chicago, said that “Bitcoin is the perfect tool for these hackers because it has three things going for it: It’s anonymous, it’s decentralized, and it’s irreversible.” He continued, saying that “The features of bitcoin make it the perfect tool for these ransomware attacks.”The attacks are also drawing in a much wider range of targets including smaller and medium-size companies.
EUROPE
Scottish government outlines cyber security action plan
The Scottish government has outlined its action plan to protect public organizations from cyberattacks. The strategy was fast-tracked after a global cyberattack in May in which eleven Scottish health boards were targeted. Public bodies have been told to improve their defenses against online attacks, which “will continue to increase.” The Public Sector Action Plan on Cyber Resilience outlines how local authorities, government departments, and NHS boards can be more secure online.
New EU framework allows members to consider cyberattacks acts of war
A forthcoming policy framework from the European Union will declare that cyberattacks by hostile actors can be considered an act of war and in the most serious of circumstances justifies a response with conventional weapons. The Framework on a Joint EU Diplomatic Response to Malicious Cyber Activities is intended to be a strong measure of deterrence against countries— such as Russia and North Korea—known for launching offensive cyber operations, according to UK news outlet The Telegraph, which reportedly had obtained a draft of the document.
The framework supposedly will also affirm that EU member nations that suffer a cyberattack not only can defend themselves under international law but also are entitled to assistance from other EU governments.
RUSSIA
Russian Su-35 are already half-manned
Artificial intelligence is already present in the newest Russian Su-35 combat aircraft. The “smart” fighter unit is responsible for independently selecting the primary targets and for destroying them by selecting a certain type of aircraft weapon, Sergei Chemezov, the general director of the state corporation Rostek, told journalists during the international aerospace exhibition at the 2017 Dubai Airshow.
Google, Facebook, and Twitter released statements on Russian US elections interference
Google, Facebook and Twitter released data on the Russian interference in the US elections. Twitter found more than 36,000 accounts that are allegedly associated with Russian special services. Google found eighteen channels—possibly associated with Russia—which published more than 1,100 videos. Facebook claims that the Internet Research Agency, allegedly affiliated with the Kremlin, published about 80,000 pieces of material from January 2015 to August 2017 and that were viewed by about twenty-nine million people. Also, Facebook allegedly discovered and deleted more than 170 accounts in Instagram, where about 120,000 materials related to Russia were published.
Russia constantly attacked by millions of cyberattacks
Tens of millions of cyberattacks are committed against Russian state structures, said Nikolai Patrushev, secretary of the Security Council of the Russian Federation. Following the meeting of the Security Council, Patrushev stated that cyberattacks are constantly improving.
Russian and China to create mutual anti-cyberattack unit
Russia and China have agreed to discuss the creation of telecommunications equipment to counter possible cyberattacks, Deputy Prime Minister Dmitry Rogozin told reporters on Monday after a meeting of the Russian-Chinese intergovernmental commission.
Russian business more vulnerable than it seems
Most Russian companies are not able to successfully withstand cyberattacks, according to a study by the international consulting company PwC. Half of the Russian respondents noted that their companies do not have a common information security strategy. In 48 percent of companies, there is no training program aimed at raising the level of awareness of employees in security matters.
Russia is still being accused on NSA penetration programming theft
The US National Security Agency (NSA) is in a major crisis after a hacking attack in 2016 and apparent theft of malware that the NSA used to infiltrate devices and networks around the world. One suspect in the theft is the Russian Intelligence Services.
Suspicions raised regarding Russian influence on Catalonia’s crisis
Foreign Minister Alfonso Dastis of Spain is planning to raise the issue of Russian influence on the independence of Catalonia through social networks. He intends to discuss this topic at the meeting of the foreign ministers of the EU member states in Brussels.
MIDDLE EAST
Saudi Arabia sets up new authority for cybersecurity
Saudi Arabia has set up a new authority for cybersecurity, which will include the head of state security, head of intelligence, the deputy minister, and assistant to the minister of defense. The official role of the authority is to boost the state’s cybersecurity and protect vital interests, national security, and critical infrastructures. This comes after repeated cyberattacks on the kingdom from rival Iran.
Turkish attacks on media sites that criticize President Erdoğan
A student group from Pennsylvania argues that an international cyber organization hacked their website, replacing their homepage with a Turkish nationalist image after students posted op-eds criticizing Erdoğan. The attack is attached to the “Turk” hacking team, a nationalist hacking organization that has a reputation for reacting against perceived criticism against the Turkish regime. In the past, the group was able to shut down the Vatican’s website and several universities around the world that published criticism of Erdoğan.
Communication technology as a tool of oppression in the UAE
Since the Arab Spring, it seems that the tools that enabled collective action in the Middle East are now serving a totally different objective. Social media and internet communications have been transformed into a central component of authoritarian control. The UAE stands out as a country in which government critics, bloggers, and human rights defenders have been disappearing at an alarming rate as a result of social media activity, and dozens of online publications have been blocked by authorities for publicly expressing views that counter the regime. As technological advancements have increased, the repressive arm of the state has also, with cyber arm dealers from many Western countries filling the market gap.
CHINA and APAC
MHA forms two new divisions to check radicalization and cyber fraud
As a part of the administrative effort, the Indian Ministry of Home Affairs modified the Internal Security-II division, and merged the Internal Security-I division and Internal Security-III division to form two distinct divisions called “Counter-Terrorism and Counter (CTCR)” and “Cyber and Information Security (CIS).” While the CTCR is responsible for online tracking, propaganda assessment, strategizing counterattacks, and assessing other aspects of global terrorist outfits, the CIS is responsible for monitoring all online crimes and threats. This has come especially after reports of the exponential rise in cybercrime and after young Indian Muslims, especially from Kerala, were radicalized to go join the Islamic States since 2014.
India in the web of North Korean cyberwar
As a matter of concern for the security establishment and the strategic community, around one-fifth of North Korea’s cyberattacks originates from India, according to Recorder Future and Kaspersky, US and Russia-based cybersecurity firms respectively. It was also observed that North Korean students are pursuing computer science in around seven universities in India; however, there is no evidence that they support the illegal activities incited by their country. Some of the Indian organizations that are a victim of North Korean cyberattacks are the Indian Space Research Organization, National Remote Sensing Center, and the Indian National Metallurgical Laboratory. It is also a matter of concern that the security of the unique identification data of Indian residents, which is linked to all Indian banks and other financial activities, might be at stake. In addition, many North Korean hackers are trained in China and use Chinese Technology to conduct cyber espionage and cyberattacks. According to the cybersecurity firms, the physical and virtual North Korean presence is not only in India but also in Malaysia, New Zealand, Indonesia, Nepal, Kenya, and Mozambique.
Taiwan boosts cyber defenses against threat from China
The Democratic Progressive Party, which is Taiwan’s ruling party, is bolstering its cyber defense after concerns over the Chinese government’s plans to influence election results in Taiwan. This decision was made after Taiwan saw a rise in cyberattacks, mainly emerging from mainland China, which affected the functioning of its businesses and government, in addition to the speculation of Russian influence in the US elections. As a part of boosting its cyber defense capabilities, the party has started to hire outside companies to monitor network security and provide staff with additional training.
Korea raises concerns over China’s cybersecurity measures in WTO meeting
The Korean Agency for Technology and Standards have discussed thirty-three technical issues concerning China’s strict cybersecurity regulation, with sixteen representatives in the WTO’s Technical Barriers to Trade Committee. One of the issues raised was that the enforced regulation by China requires trade secret infringements, as companies are required to contractually hand over source code and other key intellectual property elements to government officials so that they can conduct a safety inspection on products. Moreover, it was discussed that the definition of “critical infrastructure operators” was too broad and ambiguous under this regulation and requires clarification by China.
ESET survey: Thailand most prone to encryption-related cyberattacks in the region
According to ESET, an IT security company, 92 percent of the data breaches that Thailand suffers is related to encryption, as compared to Japan (72 percent), India (61 percent), Hong Kong (57 percent), and Singapore (43 percent). Despite that a high proportion of Thai small- and medium-sized businesses have adopted strong encryption for data, threats persist mainly due to a lack of user awareness and proactive measures to defend against cyber threats.
CyberGym opens Melbourne cybersecurity training center
CyberGym, an Israel-based cyber defense solution provider, opened its newest facility in Melbourne, Australia as a part of its global “CyberGrid” security defense network. This facility was inaugurated by Phillip Dalidakis, the Victorian state’s minister for innovation and digital economy. The multi-million-dollar facility includes a cyber training and technologies arena that builds on its other facilities across Europe, Asia, the Middle East, and America. The interconnected network strengthens the ability of government agencies and critical infrastructure providers to protect against and respond to cyberattacks.
