Global Cyber Bi-Weekly Report by INSS December 1, 2017
ISRAEL
US-Israel cybersecurity firm Armis warns Google, Amazon of Bluetooth cyberattacks
US tech giants Google and Amazon released security updates for their respective Google Home and Amazon’s Alexa devices after being warned by US-Israeli cybersecurity company Armis that the smart speakers, which respond to voice commands, were at risk for cyber breaches from a security exploit called BlueBorne. The Israeli-established firm warned that as many as twenty million users of Amazon Echo, Google Home, and other voice-activated personal assistant devices running on Android and Linux were subject to BlueBorne vulnerabilities activated via Bluetooth.
Maklev: Israel unprepared for cyber threats
The chairman of the Knesset Science and Technology Committee, Member of Knesset Uri Maklev (United Torah Judaism) referred to the report by the State Comptroller regarding local authority’s preparedness for cyberattacks and said that “a long list of public bodies” are unprepared for such attacks. Maklev said that “part of the problem is a severe lack of qualified cyber personnel. In some bodies there are no such people. The state is making efforts to train people, but the gaps seems to be growing and more investment is required.”
UNITED STATES
Siemens AG, Trimble, Moody’s Analytics breached by Chinese hackers
US prosecutors have charged three Chinese nationals affiliated with a cybersecurity company in China with hacking into Siemens AG, Trimble Inc, and Moody’s Analytics to steal business secrets. The indictment said they were owners, employees, and associates of Guangzhou Bo Yu Information Technology Company Ltd, a firm located in Guangzhou, in southern China, that offers cybersecurity services. The company is affiliated with China’s People’s Liberation Army Unit 61398, and that most, if not all, of its hacking operations are state-sponsored and state-directed.
“9/11-style attack”: North Korea cyberwar targets US aerospace amid fears of hacked planes
The US Government has admitted that North Korea has targeted its aerospace industry in a shocking revelation—amid growing fears that enemy states could hack into planes mid-flight to cause a devastating attack. This comes after the US Department of Homeland Security admitted that hackers could now “take control” of a passenger jet mid-flight following a classified test by the US Government. American security services are scrambling to keep this top-level information on exactly how to hack into planes a secret and out of the hands of their enemies.
An Iranian hacker was charged with stealing HBO scripts to raise bitcoin
The HBO hack that gave “Game of Thrones” fans a tantalizing taste of unaired episodes of Season 7 has a culprit: a former Iranian military hacker who was in it for the money. US prosecutors charged Behzad Mesri with stealing material, including scripts to “Game of Thrones” this summer, saying he demanded $6 million in untraceable digital currency as extortion. Mesri once worked for the Iranian government as a hacker, where he attacked nuclear software systems and Israeli infrastructure.
EUROPE
NHS looks to increase its cybersecurity
NHS Digital (National Health Service of the United Kingdom) will invest £20 million in a cybersecurity team, which will be dedicated to protecting the NHS from cyberattacks, while enhancing the network’s cyber defense. The investment, in part, will see the formation of an “ethical hacking” unit, which will probe the NHS network for any weaknesses in order to identify where hackers might attack.
London and Berlin are most exposed cities in Europe
London and Berlin have emerged as the two European cities most exposed to potential cyberattacks, according to a new study from Trend Micro. The security giant ran a Shodan search on over 2.7 million unique IP addresses in the region to compile its latest report “Exposed Cities: Western European Capitals.” It found 2.8 million exposed cyber assets in Berlin and 2.5 million in London. These assets include webcams, routers, printers, NAS devices, web and email servers, and much more. While being exposed to the public internet does not indicate these devices will be compromised, it does give hackers a good chance to remotely probe them for vulnerabilities.
European police arrest over one hundred money mules
European law enforcers are celebrating after identifying hundreds of money mules and making over one hundred arrests as part of a coordinated global clampdown. During the European Money Mule Action (EMMA) which ran from November 20–24, police from twenty-six countries supported by Europol, Eurojust, and the European Banking Federation (EBF) made 159 arrests. Money mules are recruited by cybercrime gangs to launder cash stolen in online campaigns, often lured by the promise of easy money.
ISF: Crime-as-a-Service, regulations pose top threats in 2018
The Information Security Forum (ISF) has identified the top five global security threats that businesses will face in 2018: Crime-as-a-service (CaaS), the Internet of Things (IoT), supply-chain risk, regulatory complexity, and unmet board expectations. In the coming year, the number of data breaches will grow along with the volume of compromised records, ISF predicts, and will become far more expensive for organizations of all sizes. Costs will derive from traditional areas, such as network clean-up and customer notification, as well as newer areas such as litigation involving a growing number of parties.
RUSSIA
Britain accuses Russia of hacking
The head of the British National Center for Cybersecurity, Kiaran Martin, said that Russia has interfered in the affairs of Great Britain. Russian interference was manifested in attacks on British media and on energy and telecommunications companies, the official said.
Russian government to limit the internet’s open access of information
The government of the Russian Federation submitted to the State Duma a bill proposing amendments to several legislative acts, which would restrict open access to information on activities of individual physical and legal entities. The government initiative contains legal traps that could significantly affect freedom of information and freedom of speech. This bill would effectively remove open access of all information from a list of enterprises, to be approved by the Russian government.
The presumed Russia-linked Fancy Bear hacking gang rented British servers
The hacker group Fancy Bear, which is associated with Russian security services, rented servers from the British Crookservers company for three years, BBC journalists found out as a result of their investigation.
MIDDLE EAST
Iran is linked to attacks on Lebanese prime minister and government officials
A group of Iranian hackers backed by Iran, attacked the servers of the offices of Lebanese president Michel Aoun and prime minister Saad Hariri after his resignation. The attacks also targeted the Ministries of Justice, Foreign Affairs, the army and several banks. This operation of hacking Lebanese servers is known as “Oilrig.” The hackers had access to the email accounts of Prime Minister Hariri and President Aoun. The hackers’ intention is to try to influence the polls in favor of Hezbollah by seeking embarrassing information about its rivals. The cyber hackers of operation “Oilrig” are probably civilians, which would allow the Iranian government to refute any involvement in the operation.
An Iranian national is accused of hacking HBO and stealing popular TV shows
US prosecutors have accused an Iranian national of scheming to extort millions of dollars from HBO by hacking the cable network’s computers and stealing unaired episodes and scripts of popular shows to leak them online. According to prosecutors, Mr. Mersi was a self-styled hacking expert who had worked on behalf of Iran’s military to carry out cyberattacks on targets, including military and nuclear systems and Israeli infrastructures. He was also alleged to be an occasional member of Turk Black Hat Security Team, an Iranian-based hacking group.
Saudi Arabia had been targeted as part of a wide-ranging cyber espionage campaign
Saudi Arabian security officials said on Monday that the country had been targeted as part of a wide-ranging cyber espionage campaign observed since February against five Middle Eastern nations as well as several countries outside the region. The Saudi government’s National Cyber Security Center said in a statement that a hacking campaign, with the technical hallmarks of an attack group named “MuddyWater,” was discovered by the US cybersecurity firm Palo Alto Networks. The attackers used decoy documents to lure unsuspecting users from targeted organizations to download and open infected documents that have compromised their networks. The attacks targeted organizations in Saudi Arabia, Iraq, the United Arab Emirates, Turkey, and Israel, as well as entities in Georgia, India, Pakistan, and the United States.
CHINA and APAC
India-New Zealand cyber dialogue held
On November 27, 2017, the first India-New Zealand cyber dialogue was held, in which both countries reaffirmed their commitment to an open, free, secure, stable, peaceful, and accessible cyberspace, enabling economic growth and innovation. The two countries agreed upon a multi-stakeholder approach to cyber policy and reaffirmation of existing principles of international law applied to cyber space. They also emphasized the significance of various regional, international, and multilateral initiatives, particularly ones facilitated by the United Nations, the need to continue the debate on these issues, and to build and cyber capacity. Both sides also agreed to hold the next India-New Zealand cyber dialogue in New Zealand in 2018.
Individual privacy should not be held hostage to measures around cyber security
After the Global Conference on Cyber Space that was inaugurated by Prime Minister Narendra Modi, the government’s focus on cybersecurity and on the rising menace of financial fraud and terror threats has been strengthened. Although the government has ensured that there will not be any witch hunt to ensure the privacy of citizens, it has also asserted that privacy cannot become a shield for corruption or terrorism. Many top industrialists from across the globe and cyber and IT ministers were present at the conference as the government wanted to engage in “cyber diplomacy” to strengthen its online security apparatus.
China’s internet censorship continues
China is imposing a tighter grip on cyberspace with the removal of internet phone services, including Skype from China’s app stores. Apple has also confirmed that several internet phone call apps and VPNs have been removed from its outlet in China after the government said that they had violated local laws. The Cyberspace Administration of China, which oversees censored technology, was upgraded as a government agency in 2014 to support the operations of Chinese president Xi Jinping’s newly founded leading group on cybersecurity and information technology. Furthermore, users of the encrypted messaging app WhatsApp also have experienced frequent disruptions of service in the run-up to last month’s five-yearly party congress.
AFRICA
Nigeria faced greatest cybersecurity threat ever in 2017
With the Nigerian government not having a single budget line for cybersecurity and lacking implementation of a cybersecurity strategy and policy, one wonders how Nigeria planned to cope with cyberattacks in 2017. When it comes to cyberattacks, it is not a matter of if, it is a matter of when. The greatest security threat Nigeria faced in 2017 was cybercrime, having defeated terrorism with the liberation of Sambisa forest from the notorious Boko Haram.
Nigeria’s 419 cybercrime gangs now specialize in using advanced malware tools common among sophisticated criminals and espionage groups according to a November 2016 report released by Palo Alto Networks. There have been many unreported cases of cybercrime activities in the country, which resulted in financial loss to organizations and individuals. It has been estimated that Nigeria loses about N127 billion annually to cybercrime.
