Date: 15th December 2019
Wading through uncharted territory of cyber warfare
In this article, LT. Gen DS Hooda presents this recommendations for India’s New National Cyber Security Strategy 2020. Highlighting the US approach to the issue of cyber, similar issues and challenges facing India is presented in the article. The vision of the NCSS 2020 is to “ensure a safe, secure, trusted, resilient and vibrant cyber space for our nation’s prosperity.” The strategy is the first step that India will take to achieving this vision. Citing the example of the Sony Hack 2014, issues of accountability, fundamental national values through cyber, and the privacy vs. national security issues is given as the essential issues that should be addressed in NCSS 2020. He also presents that NCSS 2020 should closely coordinate with the data protection bill and prioritise the national security perspective after rigorous and comprehensive discussion.
Maximum Pressure 2.0 — A Plan for North Korea
The report released by the Foundation for Defense of Democracies, explains that the Trump administration must do more to deter and impose costs on the regime of Kim Jong Un. It calls for a more aggressive cyber approach by adopting offensive cyber action. It also highlights that an increased information operations campaign must be organised. On cyber operations, it argues that Washington should restrict North Korea’s adversarial cyber capabilities, such as dismantling networks used for hacking. These offensive operations should intensify if the regime does not move toward denuclearization in good faith. Washington should also pressure China and other countries to dismantle North Korean networks within their jurisdiction. Given the North’s limited internet connections within its borders, it is heavily reliant on satellite offices within other countries to host its hackers and conduct operations. The report also argues for greater cooperation with South Korea in the form of a joint cyber task force and a cyber defense umbrella.
Cybersecurity: A warning cry for ASEAN
In 2017, ASEAN member states collectively spent 0.06% of their GDP on cybersecurity, which is less than half of the global average of 0.13%. However, the region is technologically advanced which leaves it even more vulnerable to sophisticated and unpredictable cyberattacks. The risk includes cyberattack that would cripple SMEs completely. Further, in a study conducted by Nanyang Technological University, Singapore it is forecasted that Asia could lose US$19 billion in an email ransomeware attack. Apart from the ransom payment, other costs would include cyber-incident response, damage control and mitigation, business interruption, lost revenue and reduced productivity. It is notable that Singapore has taken the lead for the region, investing US$30 million to fund the ASEAN- Singapore Cybersecurity Centre for Excellence aimed at deepening the region’s cyber capabilities and enhancing it ability to respond to emerging global cyber threats. However, employees still remain one of the top causes of data breaches, both malicious and negligent — 36% of organisations in Singapore do not have an employee security awareness training programme and 44% do not have an incident response process.
North Koreans ‘pack up’ all businesses in Nepal
The Government of Nepal has given an ultimatum to the North Korean businesses to leave the country. This warning was raised due to mounting pressure by UN and United States. The North Koreans were operating restaurants, hospitals, and even software companies, some illegally. This year it was reported that a group of North Korean hackers who were surreptitiously active in operating cyber espionage from an Apartment of the Harmony Housing at Tokha, especially targeting banking and financial institutions across the world. Meanwhile, North Korean Ambassador Jo Yong Men, despite striving hard through various channels for more than one and a half years to meet Prime Minister KP Oli, had failed to materialize. Sources have claimed that Prime Minister Oli has advised his ministers to abstain from meeting North Korean authorities, and the intelligence agencies under him are vigilant about N Korean activities lately.
SWIFT Fraud On the Rise According to EastNets Survey Report
In 2016, after the Society for Worldwide Interbank Financial Telecommunication(SWIFT) fraud attack on Bangladesh Bank, the SWIFT interbank messaging platform immediately put new safeguards in place to neutralise risk. However, EastNets, a financial compliance service provider has found that 4 out of 5 banks had experiences atlas one SWIFT fraud attempt since 2016. And it is on the rise. One of the problems highlighted was the rise in “insider attack”. It was stated that the forces outside were taking the help of bank employees to orchestrate the attacks, thereby overriding the red flag signals in the security systems. Of the money stolen from the SWIFT network, 83% is forwarded to beneficiary accounts in Asia, and 10% to Europe. In order to deal with the issue EastNet provided a recommendation to build strong internal collaboration between the departments of a bank to spot fraud. Also, to use sophisticated software solutions to help spot, detect or monitor suspicious transactions. These sophisticated solutions include behavioural analytics tools and attack simulations. It is therefore recommended that we use policies and procedures to prevent SWIFT fraud. It is also suggested by the security analysts that the new solution based around blockchain technology might be the answer. It is also speculated that a rise in social engineering and shift in the tactics is the reason for increased number of attacks.
CASS seminar ‘Cyber and Space: Opportunities and Challenges for Pakistan’ held
The Centre for Aerospace and Security Studies (CASS) in Pakistan held a seminar on Cyber and Space. This was a seminar attended by military officers and diplomats where the emergence of cyber threats in international relations was discussed. Air Chief Marshal (Retd) Kaleem Saadt, who is the President of CASS stated that countries considered access to space to be their right and that the involvement of private-sector companies was providing low-cost access to space. He further said that deficiencies at the national level must be addressed on priority to ensure that Pakistan is not left behind in this field, and socio-economic benefits of new technologies are made available to the common public. The role of CASS in creating awareness on issues related to cyber and space was appreciated on this occasion.
Cyber crooks attack Indian armed forces
“Cyber Crooks”, the group responsible for the 2016 Indian submarine data leak are now behind a phishing email attack targeting Armed Forces. The tai-services cyber wing issued an emergency warning to all the defence personnel to not open an email with subject ‘Notice’ and containing a hyperlink with name ‘HNQ Notice File.xls, sent out from email ID: firstname.lastname@example.org. The email said to have originated either from Pakistan or China. The government has also planned to have defence cyber agency for Armed Forces that will focus on cyber issues.
New Australian Online Safety Act to include take-down of cyber abuse
The new Online Safety Act for Australia will have the online platforms pull down content within 24 hours after receiving an intimation form the Australian eSafety Commissioner. Also, the cyberbullying provision has now been extended from children to the entire population. The law would enable “ de-ranking offensive content”, and handing the eSafety Commission the power to force transparency reporting by digital platforms. The Act will also give the commissioner the power to have content related to child exploitation, abhorrent violence, content that incites terrorism or violence all around the world. However, the eSafety Commissioner currently has no legislative power to investigate cyber abuse and can only provide advice. The federal government would increase criminal penalty for online abuse and harassment and also deem the industry or company ineffective if they are unable to agree to a code. After the Christchurch terrorist attack, the eSafety Commissioner issued a direction to the nation’s largest internet service providers to block eight unnamed sites, and keep it blocked for six months. In September that block was renewed. The government also said at the time it would establish a 24/7 Crisis Coordination Centre to inform government agencies of “online crisis events” and aid the eSafety Commissioner to make a “rapid assessment” during such situations.
Africa, Israel and the Middle East
Iran Banks Burned, Then Customer Accounts Were Exposed Online
A massive cyber attack against three major Iranian banks which targeted 15-million customers. The latter received warnings that their account information had been hacked, harvested and made available via a Telegram account. At first glance, the attack appeared in the guise of a conventional ransomware operation in which victims are deprived access to their accounts until they paid a financial ransom. But there was no serious attempt by the perpetrators to collect funds from the victims. This confirms that there was no financial motive in the enterprise. Iranian officials at first attempted to ignore the hack, or at least refuse to acknowledge it publicly. But within the past few days, they did confirm it was a major attack. It was later speculated that it is a state-sponsored attack with Isreal, US or Saudi Arabia to blame for it.
Mossad helps Denmark bust 20 terrorists — report
Israel had previously disclosed that it had provided the intelligence to obstruct an ISIS plot to bomb a UAE Etihad Airways flight from Sidney to Abu Dhabi that was obtained by the Israeli Intelligence through cyber tools. Further it was highlighted that Israel had used its cyber intelligence capabilities to stop around 50 ISIS terrorist attacks in dozens of other countries. Recently, Mossad had used intelligence to successfully nab a cell of 20 terrorist planning a wave of attack on Denmark.
Iran ‘foils second cyber-attack in a week’
The second cyber attack was targeted on the Iranian electronic government systems. Dejfa fortress had managed to thwart the attack which had used the “well-known APT27” — which experts have linked to Chinese-speaking hackers.
Africa urged to create secure cyberspace to drive digital transformation
The African Union(AU), a 55 member pan Africa bloc, has warned that the ongoing digital transformation in Africa will not provide the socioeconomic benefits if the African countries undermine cybersecurity. It was highlighted that there was evident gap among AU member states in terms of awareness, understanding, knowledge and capacity to deploy and adopt proper strategies, capabilities ad programs to mitigate cyber threats. The AU has also made an urgent call as cybersecurity experts draw from the five African regions gathered at the AU headquarters at Addis Ababa. Cybercrime, Cyberterrorism and the idea of having their own philosophy, ethics, policy for cyberspace was discussed.
Hope for African women as more governments make laws to fight cyber bullying
South Africa recently passed an update on its cyber law that includes provisions that specially criminalise non-consensual pornography. Later, the same month Zimbabwe approved a bill criminalising cyberbullying. The African countries with laws to deal with cyber bullying are Kenya, South Africa, Tanzania, Nigeria, Botswana, Uganda. Countries updating laws to deal with cyber bullying are Zimbabwe, Rwanda, and Zambia. Other countries where calls for anti-cyber bullying laws are growing: Malawi, Namibia. A report by the Media Foundation for West Africa on the challenges faced by Ghanaian women on the Internet indicates that online harassment hinders women’s full participation. The report lists non-consensual distribution of intimate images, sexual harassment, stalking, hate and offensive comments as the most prominent violations. According to results of a poll carried out by the UNICEF, as high as one-in-three young people across 30 countries say they have been bullied online, while one-in-five report that they have skipped school because of it.
NATO detected Russian hackers’ successful cyber operation on Turkey’s energy giant BOTAŞ
The NATO Computer Incident Response Capability (NCIRC) informed Turkish authorities of a cyber espionage attack, codenamed SNAKE, on Turkey’s state-owned energy giant the Petroleum Pipeline Corporation (BOTAŞ) by a Russian hacker group, a classified memo has confirmed. SNAKE is a Russian cyber espionage campaign using complex techniques for evading host defenses and providing the attackers with covert communication channels. It was discovered by BAE System Group in 2014. BOTAŞ is responsible for crude oil and natural gas pipelines in Turkey. In addition to its partnerships with Russia’s Gazprom, it operates the Trans-Anatolian Natural Gas Pipeline Project (TANAP) with Azerbaijan’s SOCAR to reduce gas imports from Russia. On one hand, BOTAŞ has signed contracts with Gazprom to construct a gas pipeline running under the Black Sea to Turkey. On the other, it continues working together with SOCAR for a gas supply from Azerbaijan to the European and Turkish energy markets. The geographical energy rivalry and projects aiming at diversifying energy sources might have attracted the attention of the Russian hacker group.
Latvian state institutions and politicians experience cyber attack
CERT — Latvia has blamed Russian Embassy for orchestrating a cyberattack using phishing emails to politicians and state institution employees. The attack didn’t include critical vulnerabilities, but the downloadable documents included macro functions, where the user had to accept permissions. Cert.lv urges everyone to check the authenticity of all emails by checking the “From” and “Repy-to” addresses before opening any attachments or downloading any documents, as well as to avoid accepting any macro function permissions from documents. Latvia will also be making a Cybersecurity Strategy 2019- 2022.
United States & Canada
New Orleans Declares State Of Emergency Following Cyber Attack
The City of New Orleans has suffered a cybersecurity attack serious enough for Mayor LaToya Cantrell to declare a state of emergency. The attack started at 5 a.m. CST on Friday, December 13, according to the City of New Orleans’ emergency preparedness campaign, managed by the Office of Homeland Security and Emergency Preparedness. Information is still scarce, while both the investigation, involving both State and Federal agencies, and the recovery process continue. It’s not known what ransomware malware was used during the attack, and Mayor Cantrell has said that no ransom demand has been made at this point in time.
Fearing ‘cyber 9/11,’ national security council stresses unified emergency response from agencies
The Cybersecurity and Infrastructure Security Agency, since its launch last year, has taken a collaborative approach as part of its mission to share cyber threat intelligence between the government and the private sector. Among the recommendations, the council urges the president to create two new government organizations: a Federal Cybersecurity Commission (FCSC) to manage “catastrophic cyber risks to critical infrastructure,” and a Critical Infrastructure Command Center (CICC) to allow government intelligence analyst and private-sector cyber experts to better share threat information, including classified information. On this recommendation, the NIAC working group has proposed borrowing a page from the Nuclear Regulatory Commission, which provides supply chain oversights for that industry.
UN INTERNATIONAL CIVIL AVIATION ORGANIZATION FIRES CYBER SECURITY WHISTLEBLOWER AFTER U.S. WITHDRAWS MILLIONS OVER WHISTLEBLOWER RETALIATION CONCERNS
On December 13, 2019, the UN International Civil Aviation Organization (ICAO) fired whistleblower Vincent Smith for his disclosure that ICAO’s leadership responded inadequately to a cyber-espionage group’s breach that exposed a gateway to nearly every airline, airport, and government aviation agency globally. Smith started making internal disclosures of security safeguards breaches that threaten the civil aviation security and safety worldwide along with ICAO’s lack of response. According to a forensic investigation report, the breach was part of a cyber-hack spanning back to 2010. As reported by Canadian Broadcasting Corporation (CBC) News in February 2019, the Chinese government-backed threat actor “Emissary Panda” (also known as TG-3390, APT 27, and Bronze Union) was likely responsible for the attack. In July 2019, after years of ignored complaints, cover-ups, inaction, and lack of consequences at ICAO, Smith finally made disclosures to CBC News about ICAO’s culture of impunity, whistleblower retaliation, and harassment against him.
Cyber Attack Halts Radiation Treatment By Oahu Cancer Center
A cyber security breach temporarily halted cancer radiation treatment services at The Cancer Center of Hawaii on Oahu, the center acknowledged today. The company, which conducts radiation treatment for cancer patients at two locations — Pali Momi Medical Center and St. Francis’ hospital campus in Liliha — confirmed Tuesday it experienced a computer network hack on Nov. 5. In response, the company shut down its network servers which temporarily kept them from being able to offer radiation services to cancer patients. Ransomware attacks can launch via corrupt email links or remotely through the internet. Ransomware rarely targets specific victims, he said. Hackers usually cast a wide net. But the health care industry is particularly susceptible and vulnerable.
Public transportation threat matrix evolves with geo-political climate
Public transportation networks in three major metropolitan cities on three different continents were shut down because of political ideology. In Hong Kong, Barcelona, and Santiago protesters all focused demonstrations — and sometimes violent attacks — against public train stations and networks. Public transportation networks are a popular target for a variety of hostile actors: from terrorists to criminal extortionists; cyber attackers, and protest movements. Network attacks on public transportation have not been nearly as common as ransomware attacks on municipal governments or hospitals, but there are certainly precedents. In 2017, Sacramento, California’s Regional Transit authority’s homepage was defaced after city officials chose not to pay a hacker who was threatening follow on attacks if they weren’t paid $8,000. The hacker followed through on the threat, deleting files from Sacramento Regional Transit’s database. Ultimately, transport operations were not disrupted, but employees had to scramble and run things manually while technicians restored the automated systems. Other major attacks against public transportation networks in San Francisco (2016), Sweden (2017), and Denmark (2018) caused little to no service disruptions but did lead to lost revenue due to either disabled ticketing systems or lost employee productivity — not to mention repairs. In Chile, we have seen hackers who are either part of the protest movement or sympathetic to it target Chilean police databases and release personal information on officers, jeopardizing their personal security and undermining their authority to deal with the unrest. Given that particular protest movement’s grievances with public transportation, the cyber threat to Santiago’s public transportation networks is very high. The anonymous nature of cyber threats means that attacks don’t even need to be manufactured in-house by protest movements — they can pay criminals to carry out a Distributed Denial of Service(DDoS) attack or appeal to a foreign government that has something to gain by maintaining unrest. The U.S. State Department has already warned of signs of foreign online support for the Chilean protests, but Chile’s case certainly is not unique in this regard.
Historic cyber workshop for the Caribbean
The United States Department of State said on Friday that the US and co-host Jamaica have completed an historic three-day cyber capacity-building workshop with participation from 12 countries in the Caribbean and Latin America. US Ambassador Donald R. Tapia, Jamaican Minister of National Security, Dr. Horace Chang; Jamaican Minister of Science, Energy and Technology Fayval Williams and other senior US and Jamaican officials opened the event. The State Department said cyber officials from Antigua and Barbuda, Bahamas, Costa Rica, the Dominican Republic, Grenada, Guyana, Haiti, St. Lucia, St. Vincent and the Grenadines, Suriname, and Trinidad and Tobago “actively participated” in the workshop.