Asia Pacific
Government issues new directive for cyber security
Due to growing rate of Cybercrime and Cybersecurity breach in Nepal, the Government of Nepal has issued ‘Information Technology Emergency Support Group Operation and Management Directive-2019’ to identify threat to cyber security, mitigate its negative impacts and provide emergency services. It members include representatives from the Ministry of Finance, Ministry of Home Affairs, Ministry of Education, Science and Technology, Department of Information Technology, Office of Controller of Certification, Nepal Police, Nepal Rastra Bank, Nepal Telecommunications Authority and National Information Technology Centre.
Terror-crime nexus an existential global threat: India at UN
India’s Permanent Representative to UN spoke at an event named: ‘Cooperation to promote peace, security and stability: preventing the linking of terrorism with organised crime and its financing through drug trafficking’. The highlighted the use of technology for terror, calling for zero-tolerance approach against terror organisations and their financial activities. He reinstated that the international community needs to be ahead of new trends and technologies which can be achieved by working together to tackle the menace “bereft of double standards”. He highlighted that an added challenge is the role of new and emerging technologies, including virtual currencies, encrypted communications and artificial intelligence. Such technologies are making networks loosely associated on the ground, closely intertwined in cyber-space. He also advised that the International System keep in pace with the technology developments, and stated that this will be an opportunity to share skills and experience in various crime prevention areas, including law enforcement, forensic science and cyber-security
Dealing With Piracy in Asia Requires Clear Data
Piracy continues to be a problem in the maritime spaces of Southeast Asia, as well as elsewhere in the world. Although the amount of work available on piracy has increased substantially over the last decade, good research on piracy has long been limited by access to good data. The issues are common to statistical issues associated with criminal incidents, or cyber-attacks. Reported incidents of piracy represent only a portion of the total attacks, as shipping companies remain reluctant to openly report successful attacks.
Quantum Dawn Cyber Exercise Simulates a “Doomsday” Global Ransomware Attack
A “war game” was simulated, where a major financial institution being taken out by a malware attack. The year, the fifth such cyber exercise, was the first to simulate a global attack on the financial services industry. The scenario saw a major institution in the United States hit by ransomware after trading closed, which then spread to banks in the United Kingdom and throughout Asia before returning to the US to hit one of the financial market utilities responsible for payments and settling of accounts. As the imaginary ransomware spread, representatives from each institution and regulatory body were asked to describe what they would do in response and how they would coordinate with other organizations. These exercises also usually feature “hands on keyboard” tests for incident response personnel, but SIFMA has not released any details about such tests from this year’s activity as of yet. These exercises stress communication between participants rather than coming up with perfect responses to each attack. Each cyber exercise usually concludes with an information sharing session in which participants compare their strategies and pass along notes to their incident response personnel.
Singapore wraps up two-day cyber wargame
The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) jointly conducted a cyber-themed business continuity exercise to strengthen the financial sector’s resilience to cyber-attacks and operational disruptions. Exercise Raffles involved over 140 organisations, including banks, insurers, capital market services licensees, financial utility providers, finance companies, industry associations, and the Singapore Exchange. The exercise was also supported by the Cyber Security Agency of Singapore (CSA) and financial industry partners that included SWIFT, FIS Global, and Merimen Technologies (Singapore) Pte Ltd. Codenamed Exercise Raffles, the sixth edition of the exercise was conducted over two days. Exercise Raffles saw financial institutions respond to scenarios of cyber-attacks and operational disruptions by activating their business continuity and crisis management plans, and practicing their public communications and coordination. The scenarios included banking and payment service disruptions, trading disorders, data theft and the spreading of rumours and falsehoods on social media.
The U.N. passed a resolution that gives Russia greater influence over internet norms
A cybercrime-focused resolution backed by Russia passed Monday in the United Nations, despite calls from the U.S. that the measure would further hamper efforts to root out crime on the internet. The resolution, which passed 88–58 with 34 abstentions, aims to establish a group to examine cybercrime and set up a convention to prevent it. However, human rights groups have argued that the resolution is actually an effort by the Kremlin to expand its model of state-backed internet control.
Africa, Israel and the Middle East
NATO encourages women’s participation in cyber security
Experts and researchers shared their inspiring experience and successes in women’s participation in cyber security and looked at future challenges during a NATO Science for Peace and Security (SPS) Programme workshop in Qatar from 30 to 31 October 2019. The event, hosted by the KINDI Center for Computing Research of Qatar University, was the first SPS activity hosted in the country.
Israel’s national AI plan unveiled
Prof. Ben-Israel and Prof. Matania, who established the committee in Israel as a government initiative, with Netanyahu’s support, were behind a similar initiative early in the decade for promoting cybersecurity technologies. This initiative is credited with making Israel a cybersecurity power.The current plan’s goal is to apply the formula that proved successful in cybersecurity to AI. In contrast to the cybersecurity sector, however, Israel did not become aware of AI early enough, and entering the race with redoubled force is now a matter of some urgency. The plan’s expected cost is based on the idea that in order to propel Israel to the forefront in the sector and overtake countries that have already been active in it, a large initial government investment amounting to 10–20% of total annual government spending on civilian research and development is needed. A coordinating agency is needed because of the large number of authorities involved in the local technology industry: the Innovation Authority; the Ministry of Communications; the Ministry of Science, Technology, and Space; Digital Israel (part of the Ministry of Labor, Social Affairs, and Social Services); the Council for Higher Education in Israel’s Planning and Budgeting Committee; and of course defense agencies, headed by the Ministry of Defense Administration for the Development of Weapons and Technological Infrastructure.
SA hit by longest running cyber attack campaign in July — report
In July this year South Africa experienced the longest running cyber-attack campaign among all the regions monitored by email and data security company Mimecast for its quarterly Threat Intelligence Report. Four major cyber-attack campaigns were detected in South Africa between July and September. The systems of several financial services companies suffered the brunt of the impact of these cyber-attacks. Mimecast’s Threat Intelligence Report: Risk and Resilience Insights, released on Wednesday, provides a technical analysis of the nature of cyberattack campaigns on businesses in several key markets, including the US, UK, Australia, Germany, and South Africa. The report includes an analysis of 207 billion emails processed, 99 billion of which were rejected. The goal of the report is to keep organisations informed on the threats that are targeting their industries. Impersonating attacks are also on the rise.
Europe
A new era of cyber warfare: Russia’s Sandworm shows “we are all Ukraine” on the internet
This year’s CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history. All countries, not just Ukraine, are extremely vulnerable to Sandworm’s attacks. Paraphrasing former NSA and CIA Director Michael Hayden, who once said “On the internet, we are all Polands,” referring to Germany’s easy invasion of the country in World War II, Greenberg said Hayden was off by a few hundred miles. “On the internet, we are all Ukraine.”
US, Montenegro plot cyber warfare ahead of 2020 elections
Deployed inside the sprawling communist-era army command headquarters in Montenegro’s capital, an elite team of U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. Russian activity in the region risks exacerbating ethnic tensions and instability, but the U.S. response has been inconsistent. Trump, a frequent NATO critic, once questioned whether U.S. troops should defend Montenegro as part of the Western military alliance. But, in a statement, the U.S. cyber command, or USCYBERCOM, has highlighted the partnership with Montenegro. In May, a court in Montenegro found 14 people, including two Russian military intelligence operatives, guilty of plotting a coup on election day in 2016 to prevent Montenegro from joining NATO. The two Russians, who allegedly coordinated the botched effort from neighboring Serbia, were tried in absentia and are believed to be in Russia. Moscow has denied involvement. This is the second time that cyber command has worked with Montenegro. It has also worked with North Macedonia, which will soon join NATO. Russia has been accused of meddling in election campaigns worldwide, most recently in Britain. Moscow has repeatedly denied doing so.
The Challenges of UK Cyber Security Standards
The UK’s National Cyber Security Centre (NCSC) has therefore issued principles for cyber secure enterprise technology to organisations, including guidance on deploying and buying network encryption, with the aim of reducing risks to the UK by securing public and private sector networks. This guidance bears parallels with the US National Institute of Standard and Technology’s (NIST) Cybersecurity Framework and therefore applies equally to US and other federal organisations in a similar scenario.
Finland Prepares For Bitcoin Ransomeware Attack With Cyber Fire Drill
The Finnish Population Register Centre is coordinating a simulated ransomware cyberattack on more than 200 Finnish cities and public organizations. According to the organizers, the aim of the exercise is to strengthen the cities’ and organizations’ abilities to handle a cyber attack more effectively. The Population Register Centre, which operates under the Ministry of Finance, already organized two such practice days, with the third scheduled for next week.
United States, Canada & Mexico
Canada, U.S. must work together to fight cyber threats, conference told
The public and private sectors in Canada and the U.S. have to work together to effectively fight cyber attacks, a U.S. expert recently told a Canadian business audience. In an interview Harknett said business and political leaders can’t think about cross border trade without understanding the digital space. Both the U.S. and Canada at the federal levels are moving in the right direction in changing their approach to cybersecurity, he said. Both, for example, are more willing to be active rather than reactive to threat actors. The conference heard speakers describe a number of areas of cross-border trade where cyber security comes into play, many involving business-related data flows such as electronic invoices for goods and transport authorizations and even ID border checks. But it also could involve automated trucks guided by 5G networks.
FBI Warns of Cyber Attacks Targeting US Automotive Industry
The U.S. Federal Bureau of Investigation (FBI) Cyber Division warned private industry partners of incoming cyberattacks against the US automotive industry targeting sensitive corporate and enterprise data. The Private Industry Notification (PIN) detailing this alert was seen by BleepingComputer after it was issued to partners by the FBI on November 19, 2019. They are also recommended to back up their data as regularly as possible to prevent data loss following destructive malicious attacks, to protect databases with passwords, and to run an up-to-date anti-malware solution. Additionally, any unusual employee activity such as logins coming from weird IP addresses never used before should be monitored to decrease the response time when dealing with an ongoing attack. They also suggested that employees should also be trained to spot malicious links and attachments delivered via malspam campaigns and alerted when any phishing attacks targeting the org are detected.
Governor declares state of emergency after cyber-attack
On November 18, a ransomware attack caused Louisiana’s Office of Technology Services to shut down parts of its network, including the systems of several major state agencies. These included the governor’s office, the Department of Health (including Medicare systems), the Department of Children and Family Services, the Department of Motor Vehicles, and the Department of Transportation. Louisiana Governor John Bel Edwards activated the state’s cybersecurity response team. While some services have been brought back online — in some cases, within hours — others are still in the process of being restored. But because of a number of issues, state and local agencies, as well as hospitals, have been an easy target for ransomware operators because of their reliance on legacy systems and lack of organic information security skills. This year alone, there have been more than 100 reported ransomware attacks against state and local governments.
US Cyber Command Calling Out North Korean Hackers
According to the U.S. Cyber Command, North Korean hackers are constantly adapting their tactics. On one hand, these cyber actors are engaged in corporate espionage attacks, such as those that involve remote access, backdoors and other forms of malware designed to infiltrate a computer network and then exfiltrate data to another server within North Korea. In one infamous attack, a group of North Korean hackers known as APT38 launched a malware attack against the SWIFT interbank messaging system. As the U.S. Cyber Command points out, both of these types of attacks are dangerous in their own way. According to a recent UN report, for example, the North Korean regime has stolen more than $2 billion, much of which has been diverted to fund weapons programs for different military units. The U.S. government has been at the forefront of changing the strategic thinking around modern cybersecurity. Once viewed as a “defense only” unit, the U.S. Cyber Command and other U.S. government entities are showing that a variety of proactive and offensively minded strategies are available as well. Posting malware samples to a publicly available platform is yet one more weapon in the arsenal of the U.S. Cyber Command.
Latin America
*No news this week
