Asia Pacific
Interpol hails 78% drop in cryptojacking infections across Southeast Asia
“The number of devices infected with cryptojacking malware in Southeast Asia has been reduced by 78% following a five-month police operation led by Interpol. The operation, dubbed Goldfish Alpha, was launched in 2019 in response to the identification of 20,000 routers in the region that had been maliciously mining cryptocurrency, Interpol said in a press release published earlier this week. Cryptojacking is the unauthorized use of an individual or organization’s computer to secretly mine for cryptocurrency. Its prevalence in Southeast Asia was facilitated through the exploit of a known vulnerability in MikroTik routers, Interpol said. Cybercrime experts from police forces and the national Computer Emergency Response Teams (CERTs) from the 10 ASEAN countries — Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam — collaborated in locating and patching infected routers and alerting victims. Although the operation officially concluded in late November, efforts to remove the infections from the remaining devices are ongoing, Interpol said.”
Army Plans to Expand Asian Cyber Efforts to Counter China
The U.S. Army will expand efforts to counter China by deploying a specialized task force to the Pacific capable of conducting information, electronic, cyber and missile operations against Beijing. The unit, which Army Secretary Ryan McCarthy detailed at an event in Washington on Friday, would also be equipped to hit land- and sea-based targets with long-range precision weapons such as hypersonic missiles, possibly clearing the way for Navy vessels in the event of conflict. China’s military doctrine calls for a so-called “anti-access” strategy, backed by long-range anti-ship missiles and space-based surveillance capabilities, intended to keep U.S. aircraft carrier strike groups well beyond the so-called first and second island chains. The first island chain extends from the Kuril islands down to Borneo, while the second island chain generally extends from just east of Japan to Guam and down toward New Guinea.
National Cyber Crime Reporting Portal Launched For Citizens to Report Cyber Crimes Online
Union Home Minister Amit Shah on Friday inaugurated the Indian Cyber Crime Coordination Centre (I4C) and also the dedicated National Cyber Crime Reporting Portal to the nation, a citizen-centric initiative that will enable citizens to report cybercrimes online. This state-of-the-art Centre is located in New Delhi. The scheme to set up I4C was approved in October 2018 at an estimated cost of Rs 415.86 crore to deal with all types of cybercrimes in a comprehensive and coordinated manner. It has seven components — a national cybercrime threat analytics unit, a national cybercrime reporting portal, a national cybercrime training center, a cybercrime ecosystem management unit, a national cybercrime research and innovation center, a national cybercrime forensic laboratory ecosystem and platform for joint cybercrime investigation team.
A Chinese cyber rumble in Kathmandu
The arrest of 122 Chinese nationals by the Nepal Police in December last year reveals that groups committing major financial frauds are moving to South Asia from their traditional haunts in Southeast Asia. The December 23 raids last year by Nepal’s police were the biggest in over a decade and led to the detention of 122 Chinese nationals for overstaying their visas. The raids followed intelligence that the Chinese nationals were involved in “illegal activities” including “banking fraud.” According to reports the accused had been paying inflated rent to the house owners and lived in large groups. The police carried out the raids across five locations across Kathmandu and seized a large number of mobile phones and passports at the spot and confirmed that most of their visas had expired.
Why financial sector suppliers need to act on APRA’s new infosec standard
Service providers that work with entities regulated by the Australian Prudential Regulatory Authority (APRA) need to adhere to the information security-related Prudential Standard CPS 234 by 1 July 2020. We ask some experts what it is and how enterprises can get ready for it. Where an APRA-regulated entity’s information assets are managed by a third party, the requirements in this Prudential Standard will apply in relation to those information assets from the earlier of the next renewal date of the contract with the third party or 1 July 2020. Refiti predicted that the requirement of testing their own supply chain will fall upon the shoulders of third parties, and that it would be “impossible” for an organisation to do this by itself.
Japan’s Military R&D is Shifting Focus
Over the backdrop of the changing security environment and new threats, Japan’s Ministry of Defense is rethinking the country’s research-and-development priorities. Three new areas of concern — space, cyberspace and the electromagnetic realm — have caused a shift from the previous focus on simply sea, air and land. More powerful regional rivals such as China are introducing technology for these kinds of cross-domain operations and Japan must keep pace, said Hirokazu Hokazono, deputy commissioner and chief defense scientist, MoD’s Acquisition, Technology and Logistics Agency (ATLA), Japan Self-Defense Force will have to transform itself into a “multi-domain defense force,” and strengthen the ability for the Japan-U.S. alliance to deter and counter threats, he added, according to nationaldefensemagazine.org. To do that, its military R&D must shift focus from platform-centric to a “capability oriented” approach.
Development of Local Security Products Increased in Vietnam
The Ministry of Information and Communications (MIC) of Vietnam stated that the number of locally made cybersecurity products increased in 2019. According to MIC, Vietnam developed 52 cybersecurity products domestically in 2019, which was two times compared to the number in 2018, and three times that in 2017. MIC also stated that it approved new licenses to 38 security firms, which is an increase of 82.6 percent from 2017. Last year, the MIC revealed that around 4,770 cyber-attacks were reported in the country in the first quarter of 2019. According to the Vietnam Computer Emergency Response Center (VNCERT), this number is more than half the figure for the whole of 2018, which was 8,319 cyber-attacks. The center also stated that most of the attacks were reported against e-commerce, financial, and banking systems. The Vietnam lawmakers also approved a new cybersecurity law that controls the Internet content and global tech companies operating in the country. The new law prohibits internet users in Vietnam from spreading anti-government information and posting false information that could cause damage to the country. It also prevents the circulation of content that’s fake, slandering, or inciting violence.
Vietnam wants to cooperate with Japan in developing e-government: PM
Vietnam is developing an e-government and cyber security, hence the country wants to cooperate with Japan — a reliable partner — in these fields, said Prime Minister Nguyen Xuan Phuc. While receiving Japanese Minister for Internal Affairs and Communications Sanae Takaichi in Hanoi on January 9, PM Phuc said the Vietnam-Japan extensive strategic partnership is developing comprehensively while their political trust has been enhanced in many aspects. Japan has remained an important economic partner, the biggest provider of official development assistance (ODA), the second biggest foreign investor and the fourth largest trading partner of Vietnam, he stressed.
Africa, Israel and the Middle East
How Iran Can Still Use Cyber and Drone Technology to Attack the U.S.
“The holy grail of attacks are viruses that can get into industrial control systems, or what are called ICS. The Stuxnet attack that the U.S. and Israel carried out on Iran in 2007 is an example of that kind of virus, where you get into the industrial control system of a particular hardware or piece of infrastructure, and then you can begin to control and corrupt it in ways that have physical real-world consequences. The fear that most cyber experts have is that Iran might develop the capability to get itself into the ICS of, say, the nuclear power plants or electrical grid in the U.S. We know that they’re trying to: even [less than] five years ago [it was reported that] they were trying to get into a dam in upstate New York. And if they develop that kind of capability, then it’s no longer just deleting a bunch of files from this computer, but it’s potentially having significant real-world consequences.”
https://nyti.ms/34u84OYSaudi cyber authority uncovers new data-wiping malware, and experts suspect Iran is behind it
Around the time that tensions between the U.S. and Iran started mounting last month, authorities in Saudi Arabia discovered a new variant of data-wiping malware that cybersecurity analysts suspect originated with Iranian hackers. The attackers deployed the malware against an unnamed target on Dec. 29 with “urgency,” rushing to execute their malware and in the process leaving clues behind on the victim network, according to a technical report from Saudi Arabia’s National Cybersecurity Authority. The Saudis believe the hackers may have broken into the target network by exploiting a known vulnerability in a virtual private network application that was disclosed last July. From there, the hackers accessed domain and administrative accounts on the victim’s network and eventually executed the Dustman malware.
Europe
Air Travel Cyber-Attacks: New York Airport Hit, Travelex Exchange Held To Ransom
An ongoing campaign of cyber-attacks appears to be targeting the travel industry, and air travel in particular. The criminals behind the “Sodinokibi” cyber-attacks don’t care about air travelers; instead they rely upon the threat of ongoing disruption to profit from their criminal endeavor. Last year, the Federal Bureau of Investigation (FBI) warned organizations that ransomware remains a high-impact and ongoing cyber threat. Now it has been confirmed that an upstate New York airport fell victim to a ransomware attack over Christmas, while the Travelex global foreign currency exchange is still being held to ransom by the same threat actors. The ransomware that was used in this cyber-attack against the Albany County Airport Authority is Sodinokibi, the same ransomware that hit the London-based global foreign currency exchange Travelex on New Year’s Eve. Travelex shut down its systems to prevent the spread of the ransomware, with airport locations, website and the Travelex app all being impacted. Meanwhile, the threat actors behind the Sodinokibi ransomware attacks have reportedly doubled their ransom demand from the original $3 million (£2,296,000) to $6 million (£4,592,000) and threatened either release stolen data into the public domain or sell it. The ransomware attack on Travelex has had a knock-on impact on foreign exchange services at banks including Barclays and HSBC which are partnered with the company.
‘Serious cyber-attack’ on Austria’s foreign ministry
Austria’s foreign ministry has been targeted by a cyber-attack that is suspected to have been conducted by another country. The ministry said the seriousness of the attack suggested it might have been carried out by a “state actor”. The hack started on Saturday night and experts warn it could continue for several days. The breach occurred on the same day Austria’s Green party backed forming a coalition with conservatives . It was recognised very quickly and countermeasures taken immediately, the foreign ministry said in a statement.
Army of hi-tech police reservists could help tackle cyber crime crisis, senior officer claims
Britain should recruit an army of volunteer police reservists to help tackle the growing cyber crime crisis, a senior police leader has suggested. Paul Griffiths, president of the Police Superintendents’ Association, said forces would never be able to compete with private firms when it came to recruiting the brightest and best from the IT world. But he said one answer might be to create a reservist police force — along similar lines to the military — allowing cyber security experts and other specialists to volunteer to help alongside full time warranted officers. Mr Griffiths said the scheme would be relatively easy to organise if some of the big tech firms, could be persuaded to release some of their staff for set periods each year.
Cyber security breaches hit unprecedented highs in UK defence industry
Cyber security breaches have risen to unprecedented levels across the British defence industry over the last year, according to a heavily redacted government document obtained by Sky News. Sky News previously revealed the MoD and its partners failed to protect military and defence data in 37 incidents throughout the whole of 2017, with military data exposed to state-level cyber risks on dozens of occasions. Among the documents stolen from the OPM were copies of a document known as Standard Form 86, a detailed 127-page questionnaire filled out by staff seeking security clearance, detailing how they might be vulnerable to hostile spies. It is understood that a similar bulk data theft would be recorded as a category one incident in the UK.
NCSC launches CyBOK cyber security guide
The UK’s National Cyber Security Centre (NCSC) has launched a new cyber security guide called Cyber Security Body of Knowledge (CyBOK) at London’s Science Museum. The guide is said to bring together knowledge from some of the top cyber security experts in the world, claimed NCSC, which is a part of the Government Communications Headquarters (GCHQ). The 828-page CyBOK cyber security guide is said to give a foundation for cyber security education, training, and professional practice for academia, industry and the government as well.
United States & Canada
Cyber Threats To North American Power Grid Are Growing
Industrial cybersecurity firm named Dragos confirmed that the threat of cyber attack on the North American electric network systems are growing. It also identified that Magnallium and Xenotime and the two groups involved in compromising the electric assets. The group had also identified that Parasite is another rogue group exploiting vulnerabilities in remote VPN appliances, while the others target vulnerabilities in the ICS systems. However, lately, with growing cybersecurity awareness there are dedicated professionals looking into cybersecurity in critical infrastructure and preventing any harm. The U.S Department of Energy is also warding millions of U.S. Dollars in Research on tools and technology thereby strengthening cybersecurity at critical energy infrastructure.
Congress struggles on rules for cyber warfare with Iran
The U.S. and Iran may have walked back from the brink of war, but the potential for a cyber battle looms with no clear rules of engagement. Lawmakers and military officials say there’s no agreed-upon definition of what constitutes cyber warfare, leaving them to decide on a case-by-case basis how best to respond to individual incidents. The Department of Homeland Security (DHS) and FBI subsequently issued a bulletin to law enforcement and briefed lawmakers of the threat of retaliation. The Cybersecurity and Infrastructure Security Agency at DHS issued a separate notification warning of Iranian cyber threats. But what kind of cyber aggression might spark a return to hostilities remains unclear.
Accenture to Acquire Symantec’s Cyber Security Services Business
Accenture Security is to acquire Symantec’s Cyber Security Services business from Broadcom. No financial terms were disclosed regarding the acquisition, which is expected to close in March 2020, subject to customary conditions. The impending Symantec deal is the latest in a long line of acquisitions by Accenture Security in the threat intelligence and cybersecurity fields. Already in Accenture’s cyber-stable are Deja vu Security, iDefense, Maglan, Redcore, Arismore, and FusionX. With this latest acquisition, Accenture Security has signaled its intention to become one of the main players on the managed security services stage.
Las Vegas Suffers Cyber-Attack
The city of Las Vegas is licking its wounds after suffering a cyber-attack on its computer network. It is not yet known whether any sensitive information was compromised in the incident, which took place in the early hours of Tuesday morning. City spokesperson David Riggleman said that it was likely that the threat actors gained access to the city’s network via a malicious email. If the breach turns out to be the latest in a string of ransomware attacks on US cities, then it is highly unlikely that Las Vegas will cough up the money. The city’s mayor, Carolyn Goodman, went on record in July as sponsor of a resolution not to pay ransoms in the event of a cybersecurity breach. The resolution was approved by the US Conference of Mayors.
On the Integration of Psychological Operations with Cyber Operations
How can cyber operations be regarded as psychological operations? A plausible answer to this question is that cyber operations are important instruments through which psychological effects can be generated. The Defense Department definition of psychological operations (or military information support operations, as they are now known in the department’s lexicon) is the conveyance of “selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals in a manner favorable to the originator’s objectives.” Glowing Symphony activities conveyed selected information (information causing glitches in information technology) to foreign audiences (Islamic State network and cyber operatives) to influence their emotions (the Islamic State operators become angry and frustrated), motives, objective reasoning (when frustrated, calm and objective reasoning is difficult), and ultimately the behavior (Islamic State operatives become less efficient and effective in performing their own cyber missions) of foreign organizations (the Islamic State) in a manner favorable to the originator’s objectives (i.e., the anti-Islamic State objectives of the United States).
Cyber-Attack Makes Pennsylvania Students Learn “Old School” Style
Students in the Pittsburg Unified School District of Pennsylvania were left without internet access on Monday as the result of a ransomware attack. With schools’ internet servers and email compromised, youngsters returning to classes after the winter break were forced to enrich their brains the old-fashioned way, through books and direct teaching. The latest ransomware attack is the second such incident to befall a Contra Costa County system since the new year began. On Friday, January 3, a similar attack on Contra Costa County Library System resulted in a network outage in which services at 26 branches were impacted.
Incident Of The Week: Zynga Security Breach Affects 170 Million User Accounts
Zynga, a successful mobile game company with titles like “FarmVille,” “Mafia Wars” and “Cafe World,” has become the target of a security breach. A Pakistani hacker, who goes by the online alias Gnosticplayers, took responsibility for the attack, claiming he managed to breach “Words With Friends” and “Draw Something” to access the data of more than 200 million users. The same person made headlines previously for selling nearly a billion stolen records from 45 online services. The attack affected all people who installed and signed up for “Words With Friends” on or before September 2nd, 2019. The stolen data includes names, emails, phone numbers, Facebook IDs and more. The hacker also exposed passwords for more than 7 million “Draw Something” users.
Gov. Greg Abbott warns Texas agencies seeing 10,000 attempted cyber attacks per minute from Iran
Gov. Greg Abbott is warning Texans to be “particularly vigilant” regarding potential cyberterrorism from Iran, suggesting that heightened tensions with the country have caused an increase in attempted attacks on state agencies. The FBI was investigating a cyber attack on the Texas Department of Agriculture website that included pro-Iranian messages and a photo of Suleimani. Sid Miller, the Texas agriculture commissioner, told the Chronicle that officials did not believe Iran was behind the attack. They suspect it was people participating in a type of cyber challenge.
Canyon targeted by cyber attack
Canyon has announced that shortly before the start of the New Year its IT infrastructure was targeted by a professionally organised group of criminal computer hackers. The hacker group apparently targets big businesses in order to gain access to sensitive and valuable data and in this case the group has been able to gain access Canyon’s IT systems. Canyon has been closely working with the Koblenz criminal investigation department and state criminal investigation department since the date of the attack. It also want to reassure existing and new customers that it has experts from IT, forensics and cyber security working to analyse and control the attack and it has already initiated solutions and countermeasures to prevent this scale of attack from happening again.
Pentagon gets ‘big win’ on cyber forces
From 2013 to mid-2018, U.S. Cyber Command built its cyber mission force — the 133-team, roughly 6,200-person cadre of personnel that conduct cyber operations. Following the build out of those teams, Cyber Command asserted that the focus would shift to readiness, or maintaining the teams and ensuring they remained fully capable of performing missions. Officials have explained in the past that cyber protection teams, which are 39 person teams, don’t all have to deploy at once. This allows them to not only be more efficient in splitting up resources, but it allows parts of the team to reconstitute and conduct training while the other portion is engaged in operations, thus creating a more ready force. This is similar to how other military forces operate, such as fighter squadrons. Congress in its most recent annual defense policy bill directed the Pentagon to brief members on the abilities of the force to conduct cyber operations based on capability, capacity of personnel, equipment, training and equipment condition. Next in line for similar definition are the offensive and support teams within the cyber mission force.
Latin America
Why is Brazil so vulnerable to cyber attacks?
Year after year, Brazil continues to be a hotspot for a broad variety of cyberattacks, from phishing and DDoS campaigns to ransomware. The number of cyberattacks on government networks increased again in 2019, according to data just released by government cyber incident handling and response center CTIR-Gov, a body linked to the office of institutional security (GSI). There were 19,150 notifications of incidents in government networks last year, 3,875 more than in 2018. Of all notifications recorded, more than 10,000 have already been confirmed as attacks and were labeled as “fraud”, “vulnerability” or “site abuse”. That figure may still rise, as 2019 data is still being processed.