WEEKLY REPORT ON CYBER SECURITY – MAY 25, 2017

0
16

SUMMARY

While the allegations and counter-allegations of cyber-rigging of elections between the West and Russia refuse to die down, new tensions arose between Qatar and its GCC allies following a hacker attack that planted fake news of incendiary statements about Iran and Israel on former’s media channels.  North Korean hackers are new players in the game matching the country’s nuclear and missile threats.

A report sponsored by a British Parliamentarian suggests that Russian disinformation campaign may have swayed the EU referendum vote in favour of Brexit. British authorities are also warning its political parties of a Russian hacking threat to forthcoming parliamentary elections. In response, Russian media has reminded of American manipulation to help Boris Yeltsin to get elected in 1996.

UAE and Saudi Arabia blocked Qatari media, including Al Jazeera, on May 24 following a hacking attack that posted incendiary statements attributed to Qatari Emir appreciating role of Iran and Israel.    The incident revived suspicions that exploded into the open three years ago when several Gulf nations pulled their ambassadors from Qatar over similar worries about its politics.

UN experts investigating violations of sanctions on North Korea are the latest victims of latter’s hackers.  They breached computer of one of the members of the 1718 committee.  Meanwhile, more evidence is emerging of North Korean involvement in `Ransomware’ attack.  A North Korean professor of computer science, who defected from the country, revealed of a unit within the country’s spy agency hacks into foreign financial institutions to steal cash.

STATE SPONSORED CYBER-WARFARE

Russia may have rigged Brexit vote – and U.K.’s 8 June general election could be next:

http://www.homelandsecuritynewswire.com/dr20170522-russia-may-have-rigged-brexit-vote-and-u-k-s-8-june-general-election-could-be-next-experts?page=0,1  A report handed to the British Parliament’s Intelligence and Security Select Committee suggests that Russian secret funds and disinformation campaign may have swayed the EU referendum vote in favor of Brexit. Ahead of the 8 June parliamentary election, GCHQ has warned leaders of Britain’s political parties of the threat Russian government hacking was posing to British democracy. Ben Bradshaw, seeking re-election as Labor MP for Exeter, says he has helped write a report on the Russian interference with the EU referendum. He submitted his report to the Parliament’s Intelligence and Security Select Committee.

Irrefutable Proof: Russian Election Meddling Documented!

http://www.counterpunch.org/2017/05/19/irrefutable-proof-russian-election-meddling-documented/ For months we have all been force-fed a story few of us can digest about the hacking of the Democratic Party’s email servers, presumably by Russians commanded by Vladimir Putin himself.  The current brouhaha is utterly trivial compared to the extreme, direct interference by US government-connected campaign professionals in the election that solidified oligarchy in the former Soviet Union. A team of US political consultants operating clandestinely in Moscow was paid $250,000 plus expenses to help a very unpopular Boris Yeltsin get re-elected as Russia’s president in 1996.

Hack, fake story expose real tensions between Qatar, Gulf

http://abcnews.go.com/International/wireStory/qatar-state-news-website-hacked-fake-article-published-47598847  Incendiary statements about Iran and Israel posted on Qatar’s state-run news agency that authorities blamed on hackers sparked a regional dispute Wednesday, with the United Arab Emirates and Saudi Arabia blocking Qatari media including Al-Jazeera. The alleged hack and purported fake news exposed real tensions still lingering in the Gulf between Qatar and other nations over the small gas-rich country’s support of Islamist groups. While Qatar quickly denied the comments attributed to ruling emir Sheikh Tamim bin Hamad Al Thani, Saudi-owned satellite channels repeatedly aired them throughout the day Wednesday. The incident revived suspicions that exploded into the open three years ago when several Gulf nations pulled their ambassadors from Qatar over similar worries about its politics.

In Modern Cyber War, the Spies Can Become Targets, Too

https://www.wsj.com/articles/in-modern-cyber-war-the-spies-can-become-targets-too-1495618209  Former intelligence officials now fear that the hackers, who go by the name Shadow Brokers, are taking a new tack: exposing the identities of the NSA’s computer-hacking team. That potentially could subject these government experts to charges when traveling abroad. The Shadow Brokers on April 14 posted on a Russian computer file-sharing site what they said were NSA files containing previously unknown attack tools and details of an alleged NSA hack affecting Middle Eastern and Panamanian financial institutions. But something went largely unnoticed outside the intelligence community. Buried in the files’ “metadata”—a hidden area that typically lists a file’s creators and editors—were four names. It isn’t clear whether the names were published intentionally or whether the files were doctored. At least one person named in the metadata worked for the NSA, a person familiar with the matter said.

UN experts hacked while investigating violations of sanctions on North Korea

https://www.theguardian.com/world/2017/may/22/un-experts-hacked-sanctions-north-korea-cyber-attack United Nations experts investigating violations of sanctions on North Korea have suffered a “sustained” cyber-attack by unknown hackers with “very detailed insight” into their work, according to an email warning seen by Reuters.  The hackers eventually breached the computer of one of the experts on 8 May, the chair of the panel of experts wrote in an email to UN officials and the UN security council’s North Korea sanctions committee, known as the 1718 committee. North Korea’s deputy United Nations envoy said on Friday “it is ridiculous” to link Pyongyang with the hacking of the UN panel of experts or the WannaCry “ransomware” cyber-attack.

North Korean Hackers are Scarier than Their Nukes

http://www.newsweek.com/north-korea-north-korean-hackers-hackers-kim-jong-un-nuclear-north-korea-612756?spMailingID=1882057&spUserID=MzQ4OTU5MDM0MzUS1&spJobID=790722233&spReportId=NzkwNzIyMjMzS0  A nuclear battle involving North Korea would be horrific—a modern equivalent of World War I. Yet a major cyberattack that completely disrupts everything digital would spin the world into a chaos that could spell the end of our society. Former CIA Director Michael Hayden has compared it to our inability to understand the outcome of a nuclear bomb before one was dropped on Japan. Our mindset about cyberwar, Hayden said, “has the whiff of 1945. It’s a new class of weapon, never before used.”

Related:  Ending North Korea’s Cyber Impunity https://www.wsj.com/articles/ending-north-koreas-cyber-impunity-1495580986  The world will have to take Pyongyang’s hackers as seriously as its nuclear weapons and missile programs. That’s one conclusion from Monday’s evidence from a private cybersecurity firm that North Korean hackers are behind the Wannacry ransomware that froze computers and encrypted data around the world on May 12. The Symantec findings come as Reuters published new details this week about North Korea’s growing cyberwarfare capabilities. According to a former computer-science professor who defected in 2004, a unit within the country’s spy agency hacks into foreign financial institutions to steal cash. State-sponsored hacking for profit is unique to North Korea—a useful reminder that it isn’t so much a country as a criminal syndicate operating for the benefit of the Kim family. As sanctions close off other avenues for earning foreign currency, Pyongyang will likely step up its cyberattacks.

Related: North Korean secret cyber unit ‘likely behind’ NHS ransomware attacks : http://www.independent.co.uk/news/world/asia/nhs-ransomware-wannacry-north-korea-hackers-cyber-attack-us-south-korea-a7747826.html   Defectors and internet experts claim a special cell in the country’s spy agency may have helped to launch online attacks against the US, South Korea and other countries across the world. They pointed to “Unit 180”, a special cell in the country’s spy agency, saying it may have been behind a series of online raids on financial networks and firms in the US, South Korea and more recently across the world. Pyongyang branded the suggestion “ridiculous”. However technical evidence is said to link the dictatorship’s spies to Lazarus Group, the cybergang allegedly behind last year’s $81m (£62m) heist of the Bangladesh Central Bank and a 2014 hack of Sony’s Hollywood studios.

China’s Big Brother Is Watching You Do Business

https://www.wsj.com/articles/big-brother-comes-for-foreign-firms-in-china-1495531800  China is already rolling out an IT-enabled rating system to govern the behavior of individuals. Less attention is being paid to its other application: Big Brother is also harnessing big data to create the world’s most extensive system of corporate surveillance and control. Think of it as the ultimate tool of Chinese state capitalism. The Mercator Institute for China Studies, a German think tank, calls it “IT-backed authoritarianism.” Foreign companies had better get used to the attention, the institute warns in a new report. The backbone of the system will be up and running by 2020.

Amid industry pushback, China offers changes to cyber rules: sources

https://townhall.com/news/sci-tech/2017/05/19/amid-industry-pushback-china-offers-changes-to-cyber-rules-sources-n2329279?utm_source=The+Sinocism+China+Newsletter&utm_campaign=96f2060185-EMAIL_CAMPAIGN_2017_05_22&utm_medium=email&utm_term=0_171f237867-96f2060185-29622273&mc_cid=96f2060185&mc_eid=a080463883   China may delay full implementation of controversial new cyber security rules, giving companies more time to prepare, two people who attended a meeting on Friday between the country’s internet regulator, businesses and diplomats told Reuters. The new law aims to meet growing threats such as terrorism and hacking. Chinese officials say the law applies equally to both domestic and foreign companies.

CYBER-CRIME

After WannaCry attack, reserachers find new ransomware ‘EternalRocks’

http://www.business-standard.com/article/international/after-wannacry-attack-reserachers-find-new-ransomware-eternalrocks-117052200686_1.html  Like the original ransomware, known as WannaCry, EternalRocks uses an NSA tool known as EternalBlue to spread itself from one computer to the next through Windows. But it also uses six other NSA tools, with names like EternalChampion, EternalRomance, and DoublePulsar (which is also part of WannaCry), Fortune reported. In its current form, EternalRocks does not have any malicious elements; it does not lock or corrupt files or use compromised machines to build a botnet. But that’s not particularly reassuring because EternalBlue leaves infected computers vulnerable to remote commands that could ‘weaponize’ the infection at any time.

Windows 7 hardest hit by WannaCry worm

http://www.bbc.com/news/technology-39997581  The majority of machines hit by the WannaCry ransomware worm in the cyber-attack earlier this month were running Windows 7, security firms suggest. More than 97% of the infections seen by Kaspersky Lab and 66% of those seen by BitSight used the older software. Windows 7 was first released in 2009 and the most widely infected version was the x64 edition, which is widely used in large organisations, showed figures from Kasperksy.

WannaCry-infected Windows can be unlocked without paying ransom: Know how

http://www.business-standard.com/article/current-affairs/wannacry-infected-windows-can-be-unlocked-without-paying-ransom-know-how-117052000180_1.html  A loose-knit team of security researchers scattered across the globe said they had collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed. But the researchers said their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently.

Zomato hack: You need to enhance online security with a password manager

http://www.business-standard.com/article/companies/zomato-hack-you-need-to-enhance-online-security-with-a-password-manager-117052201261_1.html  Recently, food-tech company Zomato suffered a security breach where 17 million user records were stolen, including email addresses and passwords.  Experts recommend you create complex passwords and use different ones for different accounts. Since generating complex passwords and remembering them all is difficult, you should use a password manager. Some of the good ones are LastPass, 1Password, Dashlane and TrueKey.

Pakistan Cracks Down on Social-Media Critics of Military

https://www.wsj.com/articles/pakistan-cracks-down-on-social-media-critics-of-military-1495548991  Pakistan’s government is cracking down on social-media critics of the nation’s powerful military, a move many activists and opposition lawmakers say is aimed at suppressing free speech and political dissent. Authorities targeted 27 users on Facebook and Twitter in the past week that allegedly criticized the military, Interior Minister Chaudhry Nisar Ali Khan said Tuesday.

Related: ‘Misuse of Cyber Crime Law: Outcry as FIA scales up crackdownhttp://nation.com.pk/national/23-May-2017/outcry-as-fia-scales-up-crackdown  The Federal Investigation Agency (FIA) Monday expanded the scope of ‘cybercrime’ crackdown while the opposition parties and human rights activists continued with their protest against, what they called, the misuse of law. The government claimed it has been taking action over anti-army posts under the cybercrime law while the PTI and other opposition parties alleged their workers have been victimised politically.

Related: https://www.dawn.com/news/1334762/free-speech-in-dangerFree speech in danger: edit in Dawn – THE state appears to have developed a taste for intimidation that society ought to be deeply concerned about. Initially, when a handful of bloggers went missing, there was great deal of confusion and uncertainty. Soon, however, it became apparent that a new front against lawful free speech had been opened under the guise of cracking down on unlawful conduct. The passage last year of a controversial law regulating online conduct appears to have opened the floodgates, leading to the astonishingly brazen attack by the interior ministry-led Federal Investigation Agency against vocal critics of the military and the government by social-media activists.

Facebook flooded with ‘sextortion’ and revenge porn, files reveal

https://www.theguardian.com/news/2017/may/22/facebook-flooded-with-sextortion-and-revenge-porn-files-reveal  Leaked documents show site struggles with mammoth task of policing content ranging from nudity to sex abuse.  Figures shared with staff reveal that in January Facebook had to disable more than 14,000 accounts related to these types of sexual abuse – and 33 of the cases reviewed involved children.  Facebook admitted this was a high priority area and that it was using “image-matching” software to stop explicit content getting on to the site. It also acknowledged it was difficult to draw a line between acceptable and unacceptable sexual content.

Related: Leaked documents from Facebook show types of content it allows http://www.thehindu.com/sci-tech/technology/internet/leaked-documents-from-facebook-show-types-of-content-it-allows/article18523434.ece?homepage=true Leaked Facebook Inc documents show how the social media company moderates issues such as hate speech, terrorism, pornography and self-harm on its platform, the Guardian reported, citing internal guidelines seen by the newspaper.  New challenges such as “revenge porn” have overwhelmed Facebook’s moderators who often have just ten seconds to make a decision, the Guardian said. The social media company reviews more than 6.5 million reports of potentially fake accounts a week, the newspaper added.

CYBER SECURITY MEASURES

A cyber coordination centre is likely be set up in New Delhi by June this year

http://www.business-standard.com/article/economy-policy/govt-reinforcing-cyber-security-to-deal-with-emerging-threats-117052301317_1.html  Indian government is planning to set up separate cyber security teams for different sectors in the face of emerging cyber threats such as the recent ransomware attack and fringe incidents of leaks of Aadhaar database. A centralised hub to monitor and take on such attacks is also on the agenda. Information Technology Minister Ravi Shankar Prasad on Tuesday said the government was planning to set up a separate Indian Computer Emergency Response Teams (CERT-In) for the financial and power sectors to deal with specific cyber threats. “Cyber security is a vast area. We want to divide it for a more specialised approach. A separate CERT for the financial sector and a dedicated digital payment division will ensure and secure the digital payments ecosystem.” Experts, however, believe India is not prepared to shield itself from massive cyber attacks and needs to work more in this area.

India likely to sign cyber security pact with Spain, Germany during PM Modi’s visit 

http://economictimes.indiatimes.com/news/politics-and-nation/india-likely-to-sign-cyber-security-pact-with-spain-germany-during-pm-narendra-modis-visit/printarticl… 1/2   India is set to enter into cybersecurity arrangements with Germany and Spain — with a view to combat online crimes including ransomware type situations as well as terrorism — during Prime Minister Narendra Modi’s back­to­back visits to Berlin and Madrid next week. Delhi is fine­tuning cyber­security partnership documents with these European partners with an eye on entering into a similar agreement covering the whole of European Union in future, people familiar with the matter told ET. Key features of cyber­security agreements with both Germany and Spain include joint fight against cybercrimes and countering violent extremism (CVE), said one of the people.

Netherlands Cyber Readiness at a Glance

http://www.potomacinstitute.org/featured-news/2334-netherlands-cyber-readiness-at-a-glance The Potomac Institute for Policy Studies (PIPS) and the Dutch Government are pleased to announce the release of the “Neatherlands Cyber Readiness at a Glance” the latest study in a series of country reports assessing national-level preparedness for cyber risks based on the Cyber Readiness Index (CRI) 2.0 methodology. This report provides the most in-depth analysis to date of the Netherlands’ current cyber security posture and its efforts to strengthen the country’s security and resilience in the face of emerging ICT threats.

Major airport delays in Australia and New Zealand as global passport system goes down

https://www.theguardian.com/world/2017/may/22/major-airport-delays-in-australia-and-new-zealand-as-global-passport-system-goes-down  A failure of the global passport security system has caused huge delays for passengers trying to fly overseas from Australian and New Zealand airports. International passengers at Sydney, Melbourne and Brisbane had to be checked in manually on Monday morning, causing flights to be delayed for hours.

New funding enables work on Internet policy and cybersecurity for key infrastructure

http://www.homelandsecuritynewswire.com/dr20170522-new-funding-enables-work-on-internet-policy-and-cybersecurity-for-key-infrastructure.  MIT’s cross-disciplinary Internet Policy Research Initiative (IPRI) announced that it has awarded $1.5 million to a select group of principal investigators for early-stage Internet policy and cybersecurity research projects. “Understanding the nuance of cybersecurity risk in our critical infrastructure will help policymakers assure that the proper incentives are in place to reduce the threat of catastrophic attacks.”

VULNERABILITIES/PATCHES

Samsung Galaxy S8 iris scanner can be easily fooled: Here’s how it was done

http://indianexpress.com/article/technology/mobile-tabs/samsung-galaxy-s8-iris-scanner-can-be-easily-fooled-heres-how-it-was-done/  Samsung’s Galaxy S8 comes with an iris scanner and a face recognition feature, but as German hacker group Chaos Computer Club has shown, this can be easily fooled. Also you don’t really need high-end tools to carry out this exercise. In the past, the Chaos Computer Club has also revealed how Apple iPhone’s Touch ID isn’t foolproof.

In the latest demonstration, the CCC hacker group is arguing that biometric authentication systems are not really secure. One can use simple hacks to get around these methods, according to the group.

Video: How to survive the global cyberwar

http://www.techrepublic.com/videos/video-how-to-survive-the-global-cyberwar/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  Dr. Kenneth Geers, senior research scientist at Comodo and NATO Cyber Center Ambassador, explains #WannaCry and the steps business should take to protect critical assets during the next cyberattack.

Video: How to beat security threats to ‘internet of things’

http://www.bbc.com/news/av/technology-39926126/how-to-beat-security-threats-to-internet-of-things  The “internet of things” is all about connecting objects to a network and enabling them to collect and share data. Household objects like thermostats, light switches, doorbells, washing machines, fridges and even toys can all be connected via wi-fi and controlled remotely. Cyber-security expert Ken Munro about how some devices have been shown to be vulnerable and what you can do to protect your home appliances from hackers.

 

 

 

LEAVE A REPLY