Date: 26th January 2020
Chinese hacker group targets Japanese and South Korean businesses
A group of Chinese hackers has struck businesses across Japan and South Korea, employing techniques designed to evade conventional cybersecurity defenses. The latest attack was reported Monday by Japan’s Mitsubishi Electric. Cyberthieves may have gained access to more than 8,000 pieces of personal information, the company said, but reported that no highly sensitive information had been compromised. Japan has urged domestic companies to bolster cyber defenses, and the Defense Ministry is rolling out tougher security standards for contractors. The level of compliance will be similar to what is required by the U.S. Department of Defense.
Cyber security steps planned for Tokyo Games
Japan’s government is guarding against cyber-attacks during the Tokyo Olympics and Paralympics. Security experts meeting in Tokyo have unveiled the latest technologies for protecting communication and transportation networks. One is a round-the-clock monitoring system for detecting system break-ins to rewrite programs. Another is a limited shut-off mechanism allowing engineers to fix a problem without shutting down the entire system. Government officials note that cyber-attacks have already occurred on railway networks overseas. They say the new protections will be put in place mainly in and around the capital.
Mitsubishi Electric reports cyber-attack
Mitsubishi Electric says it suffered a cyber-attack last year that may have compromised personal and corporate data. The company is engaged in businesses ranging from household appliances to communications, space and defense. The electronics giant says the hacking came to light after an in-house terminal showed suspicious movements last June. The company did not identify any suspects for the unauthorized access. Mitsubishi says it confirmed there was no breach of sensitive data on defense, electric power, railroad and other critical infrastructure. It says highly confidential technical data and important client information were not compromised either. Chief Cabinet Secretary Yoshihide Suga said the government has been informed that there was no leak of information related to defense equipment or the electric power sector. He said the industry ministry and the Cabinet cyber-security center will take the lead in monitoring developments.
Govt. to bring new laws to combat online hate speech
The new legal framework will be introduced under the National Cyber Security Strategy, which will be formulated soon to address emerging cybercrimes issues that pose a threat to the national security. Defence Secretary Maj. Gen. (Retd.) Kamal Gunaratne has instructed the officials of Sri Lanka Computer Emergency Readiness Team (SLCERT) to finalise drafting the proposed Cyber Security Act, which will establish a comprehensive framework for the prevention and management of cyber security threats and incidents effectively, and protection of critical information infrastructure.
Huawei is a cyber-security risk
Huawei, the Chinese firm has risen from an obscure importer of foreign telecoms gears to one of the world’s biggest makers of equipment for fifth-generation (5g) mobile networks. Its prowess has caused jitters in other countries, which worry that Huawei’s kit might come with “back doors” — deliberate security holes that could act as conduits for Chinese spies or cyber-saboteurs. Due to this many countries have kept Huawei from their market. However, this article says that countries can use preventive strategies to counter the cyber threat. The first is by encouraging encryption, using defence in depth in networks, monitoring to spot malicious activities, and security by design in systems, citing Britain for instance its plans to exclude Huawei from sensitive parts of its networks. The second by encourage openness. And third through international co-operation.
Low-Intensity Conflict: Cyber, Iran’s Next Move
The level of angst and concern of a hot-war between Iran and the United States has largely been quelled, as time has put space between the flashpoint incidents that caused the relationship to move from contentious to war-footing. As the global news cycles move to other issues — be it the Coronavirus exiting China, the impeachment of the U.S. President Trump or the global economic meetings in Davos — the Iranian Islamic Revolutionary Guard Corps (IRGC) are putting in place their next move.
How Iran’s Military Outsources Its Cyber Threat Forces
Iranian cyberattacks have been limited to desktop computers and servers running standard commercial software. They have not yet affected industrial controls systems running electrical power grids and other physical infrastructure. Were they to get into and take over these control systems, they could, for example, cause more serious damage such as the 2015 and 2016 power outages caused by the Russians in Ukraine. One of the Iranians indicted in the bank attacks did get into the computer control system for the Bowman Avenue Dam in rural New York. According to the indictment, no damage was done, but the access would have allowed the dam’s gate to be manipulated if it not been manually disconnected for maintenance issues. While there are no public reports of Iranian threat actors demonstrating a capability against industrial control systems, Microsoft recently reported that APT33 appears to have shifted its focus to these systems. In particular, they have been attempting to guess passwords for the systems’ manufacturers, suppliers, and maintainers. The access and information that could be acquired from succeeding might help them get into an industrial control system. While it is impossible to know Iran’s intentions, they are likely to continue operating numerous cyber espionage campaigns while developing additional capabilities for cyber sabotage. If tensions between Iran and the United States mount, Iran may respond with additional cyberattacks, possibly ones that are more damaging than we’ve seen so far.
Nassau Republican legislators call for a probe in cyber security controls
Nassau County Legis. Steve Rhoads spoke Friday at a news conference about the county calling for a probe into cybersecurity controls after the county temporarily lost $710,000 to online fraudsters posing as a county vendor.
Former head of security at Facebook casts doubt on Jeff Bezos Saudi WhatsApp ‘hack’ and says the firm the Amazon founder hired to look into it should have been able to decrypt ‘malicious’ file but did not.
The WhatsApp ‘hack’ of Jeff Bezos’ phone allegedly by Saudi Arabia is not as clear cut as the cyber security firm report which Bezos had produced may suggest, other experts in the field have warned including the former head of security at WhatsApp’s parent company Facebook. Forensics specialists Bill Marczak and Alex Stamos told The Wall Street Journal that the investigators at FTI Consulting, the firm Bezos hired, were not able to identify the malicious software that was lying in a video file that they think might have hijacked the phone. Bezos’ team of investigators hired FTI Consulting last year after The National Enquirer published an expose into his affair with Lauren Sanchez which included personal details of text messages and nude photos the Amazon founder had sent his then mistress. The consulting firm produced a report in November that has only now been made public which suggests that it a video file sent to Bezos by Saudi Arabian crown prince Mohammed bin Salman was the source of a hack.
Israeli cyber researchers reveal how hackers manipulate accounts with ‘likes’
Israeli cyber-security researchers have shown how hackers can manipulate people’s social media accounts to portray them as having “liked” illegal or extremist posts. An Online Social Network (OSN) or ‘Chameleon’ attack can be executed across seven online platforms using weaknesses in the posting management systems of Facebook, Twitter and LinkedIn, among others. The attack involves maliciously changing the way content is displayed publicly without any indication whatsoever that it was changed until the account-holder logs back on and sees.
Israeli cyber expert: Healthcare is world’s most cyber-targeted industry
According to Elad Luz, head of research at CyberMDX, an Israeli-led company based in the US that is a pioneer in healthcare cyber intelligence, this happened because a certain piece of software is available to the public. One billion medical records, which include X-rays, ultrasounds and CT scans belonging to patients in the United States, were exposed to the public in 2019, TechCrunch reported.
Despite Cyber Concerns, Israeli Army Embraces TikTok in Public Relations Battle
While the U.S. military recently banned soldiers from using the short-form video app TikTok, whose videos are watched by billions around the world, the Israel Defense Forces has decided to take a very different strategy. Warmly embracing TikTok as the newest weapon in its public relations efforts on social media, the IDF now has an official account on the app. It has posted everything from paratroopers jumping out of the sky to the strains of “It’s Raining Men,” to soldiers in the snowy Golan Heights striking a pose to the song “Icy,” and even a surprise emotional reunion between a lone soldier and his father from abroad, as James Arthur’s “Quite Miss Home” plays in the background. The Israel-based cyber-security company CheckPoint has confirmed that there are “multiple vulnerabilities within the TikTok application” which could potentially allow attackers to manipulate the content of TikTok videos, delete them, make private videos public and reveal personal information saved on the account. The Israeli military’s spokesperson commented that at this stage, it does not prevent the use of TiKTok. The army’s Information Security Department works to raise awareness among soldiers on the potential “threats of uploading private, personal or classified information to social media platforms,” it added.
Israel, Thailand Hold First Joint Cyber Exercise
The Israeli military this week held its first joint cyber drill with Thai forces, the IDF Spokesperson’s Unit said Wednesday. The training drill was conducted by the Israel Defense Forces’ Command, Control, Communications, Computers, and Intelligence Directorate (C4I), as part of a program that has been in place since 2018. Cooperation between militaries is imperative in the cyber sphere, he noted. In cyber defense, we never know where the next threat will come from. In 99 percent of cases, the threat comes not directly from the [enemy], but through a third party, so such collaborations foster valuable ties for a rainy day.
Standard Chartered And Uganda Banker’s Association In Fight Against Cybercrime
Standard Chartered Bank Uganda in partnership with Uganda Banker’s Association has spearheaded industry discussions on Information and Cyber Security (ICS) as a principal risk type arising from the digital and technological revolution. The session was attended Heads of Operations, Heads of Information Technology, Heads of Compliance, Heads of Risk Management and Audit as well as media who converged at Golden Tulip hotel to understand the global and local trends in ICS, discuss the emerging regulations and learn how to build a Cyber Secure culture.
Security attacks cost Singaporean businesses $1.7M per breach
The average cost of a cyber security attack for organisations in Singapore stands at approximately S$1.7 million per breach, with businesses on “high” alert in 2020. According to McAfee findings, the city-state houses the highest estimated costs stemming from a breach across Asia Pacific, ahead of markets such as Australia, Hong Kong, India, Indonesia, Malaysia, New Zealand and Thailand. Findings from a survey of 480 cyber security decision-makers at a regional level paint a damning picture for Singapore with 80 per cent of respondents claiming that cyber security incidents pose “high” or “medium” impacts on business. Estimated costs from respondents in Singapore were more than double that of the next highest country in Asia Pacific, identified as Indonesia with financial implications at roughly S$785,000 per breach. Meanwhile in Malaysia, where more than 85 per cent of respondents believed they could estimate the costs of cyber security incidents, companies estimated an average of S$31,000 per attack. In response, 92 per cent of Singaporean organisations revealed plans to invest more in cyber security due to regulations with 100 per cent turning to the channel for specialist expertise. Specifically, 68 per cent of the companies surveyed are aligning with solution providers, alongside engaging with system integrators (58 per cent), vendors (57 per cent) and consulting firms (52 per cent).
Greece and Turkey enter a cyberwar era
A number of cyberattacks took place this week between Athens and Ankara amid an ongoing escalating crisis between the two countries. Greek media reported earlier this week that Turkish hackers attacked the websites of the Greek parliament, the Ministry of Foreign Affairs and the National Intelligence Service. Problems have also been reported on other websites, such as the Treasury and the Athens Stock Exchange. The Turkish hacker group “Anka Neferler” took responsibility for the attacks. In response, Anonymous Greece, a cyber hacking organisation, which defines itself as a Non-Governmental Organisation (NGO), counter-attacked by targeting specific state-owned communications servers. Although the activities of this group have been controversial, they say they have frequently helped Greek authorities identify pedophiles operating online.
Bank of Italy and regulator agree joint cyber security strategy
Italy’s central bank and its financial regulator have agreed a joint strategy aimed at strengthening the cyber security of the country’s finance sector. The Bank of Italy announced its collaboration with the Commission for Companies and the Stock Exchange, statement issued on January 16. The central bank said the strategy was based on specific measures to safeguard parts of the country’s financial market infrastructure. It said payment systems, central counterparties, central securities.
UK cyber security legislation ‘crying out for reform’, new report finds
The CMA criminalises individuals who attempt to access or modify data on a computer without authorisation. This often involves cyber-attacks like malware or ransomware attacks which seek to disrupt services, obtain information illegally or extort individuals or businesses. But the CLRNN report, ‘Reforming the Computer Misuse Act’, details how the CMA is in fact compromising the UK’s cyber resilience by preventing cyber security professionals from carrying out threat intelligence research against cyber criminals and geo-political threat actors, leaving the UK’s critical national infrastructure at increased risk. It also restricts journalists and academics from researching cyber threats in the public interest.
Saipem, Italian Police Sign Cyberattack Prevention Deal
Italian offshore energy services provider Saipem and the Italian State Police have signed an agreement that aims to prevent and combat cyberattacks that target information and services systems of companies of special importance for the country. Saipem, an oilfield and renewables services company with 32,000 employees around the world, is deemed vital for Italy’s economy and is thus of national importance. Saipem was a target of a cyberattack back in December 2018, when hackers hit its servers based in the Middle East, India, UK, and Italy through a variant of Shamoon malware. The attack, Saipem then said, led to “the cancellation of data and infrastructures, typical effects of malware.” The attack had crippled between 300 and 400 servers and up to 100 personal computers out of a total of about 4,000 Saipem machines, the company’s head of digital and innovation, Mauro Piasere, told Reuters at the time.According to Cyber Scoop, the Shamoon Malware — reportedly developed by Iranian hackers — rewrites data on the victim’s hard drives in such a way that makes it impossible for the systems to restart. The malware came to prominence in 2012 after an attack oil giant Saudi Aramco reportedly wiped out tens of thousands of computers.
What Switzerland should consider when tracking cyber incidents
Switzerland has not yet followed this lead. However, last December the Swiss government adopted a report external link that considers the key issues and implementation models for the introduction of a general reporting obligation for operators of critical infrastructure. The purpose of such a reporting requirement is to enable the authorities to collect information about and get a reliable overview of imminent cyber threats and to help launch a coordinated cross-sectoral response. Currently, Swiss law setting forth reporting obligations in relation to security incidents is scattered in several sectoral laws. These reporting obligations are often phrased vaguely and are not tailored specifically to cyber incidents. Although providers of critical infrastructure may notify the Federal Reporting and Analysis Centre for Information Assuranceexternal link (Melani) about cyber incidents, they are not obliged by law to share information and thereby support the exchange of relevant information across industry sectors. As the government produces a bill on the subject, it will need to evaluate a couple of points, particularly: 1. Who shall be subject to the reporting obligations? 2. What kind of incidents shall be reported? 3. How shall the reporting obligation be implemented?
Estonia, US to start exchanging cyber defense related threat information
The United States Air Force and the defense forces of Estonia are to start exchanging threat information via an automated threat information system. The Estonian Center for Defense Investment (RKIK) and Cybernetica AS have signed a framework agreement aiming to launch an automated cyber security threat information exchange system between the US Air Force and the Estonian defense forces and develop a software system for the exchange of threat information between the two countries’ defense forces, RKIK said. The project is based on a defense research and development agreement signed in 2016 between the US Department of Defense and the Estonian Ministry of Defense the signing of which was born out of cooperation with the US Air Force Research Laboratory.
Greece cyber-attacked again
Greek government websites were the target of hackers once again on Thursday following a similar assault by Turkish hackers last Friday. Among the websites currently subject to the Denial-Of-Service cyber attack include the Ministry of Foreign Affairs, Ministry of Interior, Finance Ministry as well as emergency services including Police and Fire Brigade. Government spokesperson Stelios Petsas confirmed the news saying that a DoS attack was launched against government sites and these attacks have resulted “in many sites not working” adding that measures have been taken and the sites had been restored.
Cyber attack on Türk Telekom causes nationwide internet access problems
Turkey’s telecommunications giant Türk Telekom was hit by a cyber attack, which caused hours-long problems with Internet access, the company said on Monday. Cyber security experts worked to resume normal Internet traffic domestically and abroad following the attack that targeted Turk Telekom’s DNS addresses, it said. The company later announced problems with Internet access were fixed by 6:45 pm local time. Turk Telekom did not specify who was behind the cyber attack.
Travelex hackers shut down German car parts company Gedia in massive ‘cyber attack’
The criminal group responsible for the cyber attack that has disrupted high-street banks and the foreign currency exchange chain Travelex for more than three weeks has launched what has been described as a “massive cyber attack” on a German automotive parts supplier.
Parts manufacturer Gedia Automotive Group, which employs 4,300 people in seven countries, said today that the attack will have far-reaching consequences for the company, which has been forced to shut down its IT systems and send staff home. The 100-year-old company, which has its headquarters in Attendorn, said in a statement posted on its website that it would take weeks or months before its systems were fully up and running. Gedia posted the statement on its website after the criminal group behind the Sodinokibi ransomware attack on Travelex claimed responsibility for the attack on an underground web forum.
Cyber gangsters publish staff passwords following ‘Sodinokibi’ attack on car parts group Gedia
Gedia Automotive Group, based in Attendorn, has been forced to shut down its IT systems and send home more than 300 employees from its head office following the cyber attack on 21 January. The cyber crime group, Sodinokibi, which uses ransomware to extort companies into paying a ransom to recover their data, claimed responsibility for the attack. The crime groups behind Sodinokibi access company computer systems through a variety of techniques, including phishing attacks, vulnerabilities in VPN services and Microsoft’s Remote Desktop Protocol, designed to allow technicians remote access to computers.
Secretary General: NATO-EU cooperation has reached unprecedented levels
On 21st January 2020, European Parliament’s Foreign Affairs Committee and Sub-Committee on Security and Defence, NATO Secretary General Jens Stoltenberg welcomed closer NATO-EU cooperation, including on maritime security, military mobility, and countering cyber and hybrid attacks. Listen to the one hour audio for more details. https://www.nato.int/nato_static_fl2014/assets/audio/2020/1/audio/200121a-eng.mp3
South Yorkshire Police blame cyber attack for sentencing delay
A police force criticised after a teenager had to wait 22 months to be sentenced has said the delay was partly due to a cyber-attack on the UK’s biggest forensics service.
The Cybersecurity 202: Here’s the inside story of Cyber Command’s campaign to hack ISIS
Cyber Command had to overcome intense hurdles within the U.S. government to launch the first hacking operation it ever acknowledged: Sabotaging the Islamic State’s online propaganda. That’s according to a trove of declassified but heavily redacted government documents released this morning, which George Washington University’s National Security Archive obtained through a Freedom of Information Act request. They paint the most vivid portrait to date of the complex challenges facing U.S. military hackers as they develop rules for a new domain of warfare. Cybercom dedicated a significant amount of time making sure its hacking fit neatly into broader U.S. government and military goals, Martelle told me. For example, the documents show Cybercom struggling with how to hit targets quickly while still ensuring its hacking operations aren’t unnecessarily jeopardizing the work of U.S. spy agencies gathering intelligence about ISIS and not unnecessarily stepping on allies’ toes.
What new documents say about US-partner cyber operations
Cyber operations were given their first big real-world test in November 2016, during the Department of Defense’s largest cyber operation to date. Now newly released documents reveal that U.S. Cyber Command proposed passing some targets to coalition partners — information typically held closely. The documents, released as part of a Freedom of Information Act request from the National Security Archive at George Washington University, are a series of internal briefings and lessons from Operation Glowing Symphony. The operation was part of the larger counter-ISIS operations — Joint Task Force-Ares — but specifically targeted ISIS’s media and online operations, taking out infrastructure and preventing ISIS members from communicating and posting propaganda. For years, the military operated under what the military, many members of Congress and national security experts considered restrictive authorities and polices. U.S. officials have detailed instances where domestic authorities and processes may have slowed down operations. The former commander of the joint task force in charge of the anti-ISIS operations described an instance in which they were trying to use non-kinetic capabilities to take out ISIS command posts. While the overall operation was successful, the planning and coordination took weeks. Other officials noted that foreign partners provide unique access or unique capabilities and operate off of different authorities that compliment those of the military.
Mastercard sets up Intelligence and Cyber Centre in Vancouver
Mastercard has inaugurated a global Intelligence and Cyber Centre in Vancouver, Canada, the sixth in its portfolio focused on cyber solutions for the payments’ industry, the company announced. Mastercard invested $510 million in the innovation hub, opened in partnership with the Government of Canada’s Strategic Innovation Fund. Mastercard has been actively involved in investing in Canadian innovation and talent. In 2017, following the purchase of Vancouver company NuData Security, Mastercard started leveraging its online and mobile fraud detection solutions using behavioral biometrics. In 2019, it purchased biometric security and fraud prevention developer Ethoca from Toronto.
Canada, allies prepared to impose cost on cyberattacker, advisers tell Trudeau
Canada will work with allies to strike back at foreign cyberattackers and “impose costs” that make them understand the price of their wrongdoing, advisers have told Prime Minister Justin Trudeau. The principal international forum for advancing discussions on responsible state behaviour in cyberspace is the United Nations Group of Governmental Experts. Deterrence begins with strong cyberdefence, led by the Centre for Cyber Security, to make it harder for hackers to gain access to important systems, the briefing note says.
The age of cyber-warfare
As technology continues to advance, so does the complexity and power of cyber attacks. Cyberwarfare is the latest trend in a long list to garner widespread attention, and it has shocked governments around the world with the covert threat it presents to infrastructure and businesses. This is why governments and businesses are working tirelessly to repel any attacks which might threaten their citizens and customers. In the wake of political tensions between states, it seems more prudent than ever to understand how warfare may look during the next decade. As cyber attacks and the technology and people behind them develop, defensive systems and governments opposing them need to ensure that their security infrastructure is capable of repelling any attacks. In an interview with the Telegraph in November 2019, former US paratrooper and current advisor to the Pentagon, Sean McFate argued that this is the future of warfare, “That’s the future of war, not tanks. It’s a way to reach into society and to erode it from the inside out. Who needs a blitzkrieg today when you can find fissures in society and expand them?”
Tech Companies Take A Leading Role In Warning Of Foreign Cyber Threats
The U.S. government says it’s on high alert for cyberattacks from foreign countries in this election year. Yet private cybersecurity firms have often been the ones sounding the alarm, and in some cases, they are selling their services to the U.S. intelligence community. The treat they receive is mainly from Russia and now they are keenly monitoring Iran. They say that there is a high suspicion on Russian interference in US elections and Iran is using propaganda to win the war. They also say there is more threat of Iran targeting a cyberattack on the oil and gas company.
Greenville Water target of international cyber-attack, officials say
Greenville Water was the recent target of an international cyber-attack, according to Emerald Clark, with Greenville Water. According to Clark, the attack caused technical difficulties for staff and a temporary inconvenience for customers. Greenville Water said it was experiencing technical difficulties in regard to network connectivity, which included phones and computers, and asked customers to be patient at it worked to restore normal business operations. Greenville Water plans on sharing information about the attack with other government agencies in the area to help them gain a better understanding of how the attack occurred, Clark said. According to Clark, the company is in contact with regulatory authorities, and as more information becomes available those updates will be shared with the public.
US County Suffers Two Cyber-attacks in Three Weeks
A five-figure ransom in Bitcoin was paid by Albany County Airport Authority (ACAA) earlier this month after their servers became infected with ransomware on Christmas day. Airport CEO Philip Calderone said that the authority caught the virus from a company called LogicalNet, which, rather ironically, ACAA had hired to provide cybersecurity services. The attack came to light after LogicalNet reported that its management services network had been breached. According to Times Union, while the airport’s insurer reimbursed the authority for the rest of the undisclosed ransom payment, the airport authority is seeking to recover the $25,000 deductible it paid on its insurance policy from LogicalNet. Three weeks later, on January 15, the Albany County town of Colonie was hit by a cyber-attack that took the town’s computer system and email offline. Many departments were still experiencing problems on Friday.
Know Thy Enemy — Identifying North American Cyber Threats
The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. Listen to the podcast to know more.
India and Brazil sign 15 agreements providing for cooperation in range of areas
India and Brazil on Saturday signed 15 agreements to cement cooperation in areas ranging from energy and trade and investment to cyber security and information technology after talks between visiting Brazilian President Jair Messias Bolsonaro and Prime Minister Narendra Modi. After talks between Prime Minister Narendra Modi and Bolsonaro, the two countries signed an investment cooperation and facilitation treaty that provides a framework to increase trade and investment in high growth areas. The two leaders acknowledged the great synergies between India and Brazil which were two large economies with a combined GDP of around $4.5 trillion and having a total population of 1.5 billion. According to an Indian foreign ministry statement, the action plan unveiled by the two countries included the setting up of consultation forums and frameworks like foreign office consultations, strategic, economic and financial dialogues, a trade monitoring mechanism and joint working groups in the area of oil and gas, bio-energy, geology and mineral resources, science and technology, environment and global cyber issues.
Glenn Greenwald: Brazil accuses journalist of cyber-crimes
Brazilian authorities are seeking to bring charges against Glenn Greenwald, the journalist who published Edward Snowden’s intelligence agency leaks. Mr Greenwald has been accused of “helping guiding and encouraging” a criminal group that hacked into the phones of Brazilian officials. The journalist had recently published stories describing private messages between public prosecutors. At this point, federal public prosecutors have proposed the charges. However, a judge still needs to decide whether to formally indict him.