CAAPR Weekly Report – Cyber Security

0
71

(Feb 22-28, 2017)

Cyber Warfare

Future Plans of US Cyber Command

https://www.youtube.com/watch?source=GovDelivery&v=b-b9hkUf9pY  Navy Adm. Mike Rogers, the chief of U.S. Cyber Command, discussed the command’s future over the next five to 10 years yesterday at West 2017.  Cybercom today is a component of U.S. Strategic Command.  Over the next five to 10 years the admiral said he would like to see cyber integrated offensively and defensively “down to the operational tactical level.”   Offensive cyber in some ways is treated like nuclear weapons, he added, “in the sense that their application outside a defined area of hostilities is controlled at the chief-executive level and is not delegated down.”  Rogers said he hopes that over the next five to 10 years Cybercom can engender enough confidence in decision makers and policymakers that they feel comfortable pushing offensive cyber activities to the tactical level.  The cyber force, based on Cybercom billet structure, is about 80 percent military, 20 percent civilian, Rogers said.

Iran Renews Destructive Cyber Attacks on Saudi Arabia

http://freebeacon.com/national-security/iran-renews-destructive-cyber-attacks-saudi-arabia/?utm_source=Freedom+Mail&utm_campaign=1bd90cfd99-EMAIL_CAMPAIGN_2017_02_24&utm_medium=email&utm_term=0_b5e6e0e9ea-1bd90cfd99-38360125

After a four-year hiatus, Iran recently resumed destructive cyber attacks against Saudi Arabia.  Late last month, the Saudi government warned in a notice to telecommunications companies that an Iranian-origin malicious software called Shamoon had resurfaced in cyber attacks against some 15 Saudi organizations, including government networks.  The Shamoon malware was last detected in the 2012 cyber attack against the major Saudi state oil producer Aramco. That cyber attack damaged or destroyed some 30,000 computers and was considered one of the more destructive state-linked cyber attacks to date.  A new version of the malware, Shamoon 2, was linked to the recent cyber attack, which took place in November. Security officials linked that attack to a Middle East hacker group known as Greenbug that used fraudulent emails in phishing scams to acquire login credentials for Saudi networks. A cyber security expert familiar with details of the latest Saudi cyber attack who spoke on condition of anonymity said the November incident was “Iranian-directed” and linked to two hacker groups in Iran known as “Cadelle and Chafer” in cyber security circles.

Southeast Asia Begins to Prepare for Cyber War; India Turns to AI

http://www.huffingtonpost.com/asiatoday/southeast-asia-begins-to_b_14334812.html?utm_hp_ref=cyber-security

India turns to AI as cyber warfare threats grow,” reported AFP on Sunday. India’s tech start-up Innefu has recently signed an agreement with the government of India and is using AI to look at data provided by Indian intelligence agencies to find patterns in the past and predict future behavior. Its latest offering Prophecy has been able to find the main players of an incident along one of India’s borders and the connection among them by analyzing intelligence documents, including social media snippets on planned protests.  “Cyber warfare is happening right now. India should not lost out in the cyber revolution,” said Tarun Wig, co-founder of Innefu Labs.  Southeast Asia has the world’s fourth-largest internet population, and smartphone usage is also surging. However, it has an underdeveloped system of data protection laws and weak adoption of cyber security best practices.  Malaysia, where botnets still run rampant, launched the Cyber Defense Operations Centre (CDOC), which was first suggested in 2013. The Malaysian defense ministry has set its goal of building the best cyber defense capability in Southeast Asia.

Software Vulnerabilities

A major flaw disclosed in Cloudflare security systems

https://www.washingtonpost.com/news/the-switch/wp/2017/02/24/a-major-security-flaw-means-you-have-to-change-your-passwords-again/?hpid=hp_regional-hp-cards_rhp-card-technology%3Ahomepage%2Fcard&utm_term=.c58268d38b27   The security firm Cloudflare disclosed on February 23 that a long-running bug in its security systems may have leaked information, including potentially personal information, from thousands of sites including Uber, Fitbit and OKCupid. The issue is only known to have affected a small portion of the 5.5 million sites that Cloudflare services. Cloudflare posted a technical explanation of the problem to its blog. Essentially, the company was changing over from older code to newer code. Running both at the same time created an unforeseen issue that, when combined with some other features that Cloudflare offers, caused a data leak.

Google Cracks Key Security Code, Calls for New Standard

http://www.technewsworld.com/story/84329.html      Google on February 23 announced that its two years of collaboration with CWI, the Netherlands’ national research institute for mathematics and computer science, resulted in the launch of a successful attack against the SHA-1 cryptographic algorithm, a widely used standard protocol used to protect sensitive data in millions of computers. The breakthrough research shows that the industry needs to send the SHA-1 standard into retirement, Google said, because the attack they were able to generate shows that the algorithm is no longer secure.

Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability

http://thehackernews.com/2017/02/google-microsoft-edge-bug.html   Google last week disclosed an unpatched vulnerability in Windows Graphics Device Interface (GDI) library, which affects Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10.  The vulnerability (CVE-2017-0037), discovered and disclosed by Google Project Zero team’s researcher Ivan Fratric, is a so-called “type confusion flaw” in a module in Microsoft Edge and Internet Explorer that potentially leads to arbitrary code execution.

Privacy Regulations & Data Brokerage

US Federal Regulators to put on hold privacy regulations

https://www.washingtonpost.com/news/the-switch/wp/2017/02/24/these-rules-force-internet-providers-to-protect-the-data-they-have-on-you-now-the-fcc-wants-to-put-those-on-hold/?hpid=hp_regional-hp-cards_rhp-card-technology%3Ahomepage%2Fcard&utm_term=.63c813b6aaef   Federal regulators were expected to move to stop certain privacy regulations from going into effect that were designed to safeguard consumers’ personal information from hackers and criminals. The affected regulations are part of a much broader package of privacy rules, approved in the waning days of the Obama administration, that forced internet providers to honour some of the same consumer protections that govern legacy telephone services.

Data brokerage: All your personal data up for sale for less than a rupee

http://timesofindia.indiatimes.com/business/india-business/data-brokerage-all-your-personal-data-up-for-sale-for-less-than-a-rupee/articleshow/57385823.cms  Data brokerage is still at a very nascent stage in India.  Increasingly, all your personal data – be it your residential address, phone number, email ID, details of what you bought on line, age marital status, income and profession – is all up for sale.  Most of it is sold for less than a Rupee per person.  Globally, data broking is an approximately $ 200 billion industry.  The most obvious kind of misuse is for financial data.  The Reserve Bank of India registered 8,689 cases of frauds involving credit cards, ATM/debit cards and internet banking last year.

Industrial Vulnerabilities

Simulated ransomware attack highlights vulnerability of industrial controls

www.homelandsecuritynewswire.com/dr20170227-simulated-ransomware-attack-highlights-vulnerability-of-industrial-controls?page=0,1   Ransomware generated an estimated $200 million for attackers during the first quarter of 2016, and the researchers believe it’s only a matter of time before critical industrial systems are compromised and held for ransom.  Cybersecurity researchers at the Georgia Institute of Technology have developed a new form of ransomware that was able to take over control of a simulated water treatment plant. After gaining access, the researchers were able to command programmable logic controllers (PLCs) to shut valves, increase the amount of chlorine added to water, and display false readings.

Cybersecurity of the power grid: A growing challenge

http://www.homelandsecuritynewswire.com/dr20170224-cybersecurity-of-the-power-grid-a-growing-challenge?page=0,1

Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this country.  As the grid has become more dependent on computers and data-sharing, it has become more responsive to changes in power demand and better at integrating new sources of energy. But its computerized control could be abused by attackers who get into the systems.  Until 2015, the threat was hypothetical. But now we know cyberattacks can penetrate electricity grid control networks, shutting down power to large numbers of people. It happened in Ukraine in 2015 and again in 2016, and it could happen here in the United States, too.

A computer’s blinking light could transmit data

http://www.homelandsecuritynewswire.com/dr20170223-a-computer-s-blinking-light-could-transmit-data

A desktop computer’s tiny blinking LED light would hardly arouse the suspicions of anyone working in an office after hours. However, that LED could be silently winking out an optical stream of the computer’s secrets to a data-stealing drone.  BGU researchers built just such a drone, and demonstrated how it could be used as a very real espionage technique. If an attacker can plant malware on a system – for example, by paying an insider to infect it via USB or SD card – every blink of its hard drive LED can spill sensitive information to a spy with a line of sight on the compromised machine.

Cyber Tops List of Threats to Business Continuity

http://www.satprnews.com/2017/02/21/cyber-attacks-and-data-breaches-remain-top-of-the-agenda-for-business-continuity-concerns/    Cyber attack is once again the top threat perceived by businesses, according to research by the Business Continuity Institute.  Eighty eight percent of organizations are either ‘extremely concerned’ or ‘concerned’ about the possibility of a cyber attack, according to the research. The threat of a data breach remains in second place (81 percent), while unplanned IT and telecom outage stays in third place (80 percent).  For the first time in the study’s six-year history, the threat of uncertainty around the introduction of new laws and regulations has entered the list of top 10 business continuity concerns in the Horizon Scan Report.

LEAVE A REPLY