DOCSLIB.ORG

Threat Intelligence Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

June 2019 Threat Intelligence Report - MAN - UFACTUR ING/PUBLIC SECTOR IN THIS ISSUE • New supply chain threats • Ransomware exploits Oracle WebLogic • Hacktivism on the rise • WhatsApp risks to mobile devices • New Lazarus Trojan discovered June 2019 About this report Supply chain vulnerabilities expose critical assets Fusing a range of public and proprietary information feeds, including DXC’s global network of security operations centers and cyber intelligence services, this Mark Hughes report delivers a overview of major Senior Vice President and General Manager of Security incidents, insights into key trends DXC Technology and strategic threat awareness. We’ve seen another active month with third-party security risks playing a role in major breaches, meaning it is more critical than ever to understand supply chain exposure. This report is a part of Ransomware continues to be a growing threat, with an increasing number of attacks DXC Labs | Security, which provides against enterprise environments, often referred to as big game hunting. insights and thought leadership to the security industry. Hacktivist groups are also very active, but the good news is these attacks are becoming Intelligence cutoff date: less effective where proper security controls are in place. I encourage you to read more May 24, 2019 about the latest threats. Table of Contents Threat New ransomware variant exploits Oracle Web- Multi-industry updates Logic vulnerability Hacktivism increases in the first quarter of 2019 Public Sector, but is less effective Healthcare, Educa- tion E-commerce attacks more valuable than ever Retail Nation state Advanced supply-chain attacks attributed to Multi-industry & geopolitical Chinese group dubbed Barium updates Lazarus group develops new Trojan malware Public Sector Manu- dubbed ELECTRICFISH facturing, Technolo- gy & Research Vulnerability WhatsApp vulnerability leads to compromise of Multi-industry updates mobile devices in highly targeted attack 50,000 enterprises may be at risk to potential Multi-industry SAP software vulnerabilities Incidents/ MIRRORTHIEF targets 201 online campus stores Retail Breaches with card-skimming attack Multi-industry Possible MegaCortex ransomware attack disrupts accounting software provider Wolters Kluwer Multi-industry CITYCOMP breach exposes financial data of numerous enterprises June 2019 Attack Threat updates motivations New ransomware variant exploits Oracle WebLogic vulnerability Attackers are using vulnerability CVE-2019-2725 to facilitate the spread of a new ransomware 81% variant dubbed Sodinokibi. Cybercrime Impact 14% The critical vulnerability affects Oracle WebLogic servers, used for building and deploying en- Espionage terprise applications, allows for unauthenticated remote code execution. Attackers require no user interaction to deploy the ransomware. Once installed, the ransomware instructs victims to 3% transfer bitcoin to a specified address in return for the decryptor. Cyberwarfare Notable features of the ransomware include the use of vssadmin.exe to delete automatic sys- 1% tem backups and attackers that follow up the Sodinokibi deployment with attempts to infect Hacktivism the same target with GandCrab ransomware. Industries and organizations targeted remain Source: Hackmageddon out of the public domain, although Cisco Talos suggests there have been numerous victims. Source: Threatpost, Cisco Talos DXC perspective Organizations using Oracle WebLogic are urgently encouraged to patch servers. The flaw was not patched in the standard quarterly update in April. Hacktivism increases in first quarter of 2019 Prominent hacktivist collectives such as Anonymous, LulzSec and various newer groups con- tinue to use relatively low-skill attack vectors — such as distributed denial of service (DDoS), website defacement, and exploitation of misconfigured databases — to gain attention and Most targeted support their various ideologies and causes. industries Impact 1. Multi-industry attacks Attack success rates vary, typically in relation to the cyber defense maturity of the targeted organization. Recent successes have been seen against government departments in Africa, 2. Public Sector where Ghost Squad Hackers continued a campaign against the Sudanese government. In 3. Communications, early April, Ghost Squad and others claimed to be launching DDoS attacks against 260 do- Entertainment & Tech mains a day, leading up to the removal of the autocratic president Omar al-Bashir. Anony- 4. Health & Life Sciences mous launched similar attacks on departments of the Zimbabwe government in late 2018. 5. Banking & Capital Other hacktivist collectives, particularly those operating in high-income countries, have Markets reportedly had more difficultly when targeting government and media interests. Many groups now focus on low-hanging fruit, such as government subsections or universities. Source: Wired DXC perspective Hacktivist campaigns will continue targeting multiple industry verticals with public sector, energy, education and healthcare at heightened risk. The attackers typically will be motivated by political, social and environmental issues. Faced with maturing cyber defenses, hacktivists may seek to increase social engineering activities and use novel methods to disrupt targets. Misinformation campaigns, aimed at dam- aging a target’s “brand,” could further provide hacktivists opportunities to cause 3 disruption outside of the scope of traditional cyber defenses. June 2019 E-commerce attacks more valuable than ever Payment card information stolen from online stores is increasing in value as demand for card verification value (CVV) numbers is outstripping supply. Impact CVV resale prices have now risen to match those of cloned payment cards used at physical point-of-sale (POS) terminals. Previously, data stolen with “card present” — where criminals create physical clones of cards — was considerably more valuable than cards used only online. POS card clones were $15 to $20 a card, whereas CVVs ranged from $2 to $8. However, recent monitoring of dark web marketplaces shows CVVs are now as valuable as POS Barium APT data sets. A single CVV will routinely cost in excess of $20. The principal drivers for this dymanic Who are they? are likely an increased demand for stolen card data on the dark web and increased difficulty in • Advanced adversary that uses cloning physical cards due to wider chip-and-pin adoption in G20 nations. supply chain compromise to enable Source: Gemini Advisory highly focused targeting. Also known as Wicked Panda or Shad- DXC perspective owHammer. This situation may partly explain the increased prevelance of attacks on e-commerce sites in Where do they operate? the last 12 months, with a number of prominent card-skimming campaigns hitting online stores • Intelligence and analysis suggest across various industries. they are likely Chinese-speaking. They target globally. Nation state and geopolitical updates What do they want? • Barium appears to focus on target- Advanced supply chain attacks attributed to Chinese group ed espionage, most likely in support dubbed Barium of Chinese strategic goals. Intellec- The group is believed to be responsible for the significant breaches of ASUS in March 2019 and tual property, sensitive government Avast’s CCleaner software, affecting 500,000 and 700,000, respectively. documents and research are likely objectives. Impact Barium uses supply chain attacks to compromise hosts en masse, but actively exploits only a Do they work alone? small number of preselected targets. Of the half-million devices implicated in the ASUS breach, • Probably not. They have links to the malware activated on only 600, based on predefined MAC addresses written into the exploit state-sponsored Chinese group APT code. Similarly, only 70 of those compromised by CCleaner saw secondary spyware down- 17 and potentially cybercriminal loads. group Winniti. How can I stop them? Features • Defense in depth and mature tech- The group typically exploits trusted models to deploy malware. Notably, it compromises update nology solutions are required. Fun- servers of suppliers and uses them to push out malicious payloads under the guise of being damental security solutions include legitimate updates. The group’s access to the suppliers enables it to use genuine signatures and understanding your supply chain certificates, making detection early in the kill chain extremely challenging. Evidence suggests risk and effective mailbox, endpoint Barium also links supply chain attacks to gain deeper or more advantageous access. The com- and network protections. promise of CCleaner, for example, was used to target ASUS. Though Barium’s ability to compromise major software and hardware suppliers has given it access to more than a million devices, the group appears to show little interest in destructive actions. Instead, it focuses on highly targeted espionage operations. Its targets are not known, but intelligence points toward the group being aligned with Chinese state interests. Barium may 4 also operate as part of a wider collective of advanced adversaries. Its code shares June 2019 fingerprints with code previously used by the state-sponsored Chinese group APT 17, and it shares tooling with cybercriminal group Winnti. Source: Kaspersky, Wired DXC perspective Barium poses a serious and credible risk to public sector, research and technology enterprises holding intellectual property that would be advantageous to Chinese strategic aims. It also poses a serious threat to suppliers
Recommended publications
  • Ransom Where?

    Ransom Where?

    Ransom where? Holding data hostage with ransomware May 2019 Author With the evolution of digitization and increased interconnectivity, the cyberthreat landscape has transformed from merely a security and privacy concern to a danger much more insidious by nature — ransomware. Ransomware is a type of malware that is designed to encrypt, Imani Barnes Analyst 646.572.3930 destroy or shut down networks in exchange [email protected] for a paid ransom. Through the deployment of ransomware, cybercriminals are no longer just seeking to steal credit card information and other sensitive personally identifiable information (PII). Instead, they have upped their games to manipulate organizations into paying large sums of money in exchange for the safe release of their data and control of their systems. While there are some business sectors in which the presence of this cyberexposure is overt, cybercriminals are broadening their scopes of potential victims to include targets of opportunity1 across a multitude of industries. This paper will provide insight into how ransomware evolved as a cyberextortion instrument, identify notorious strains and explain how companies can protect themselves. 1 WIRED. “Meet LockerGoga, the Ransomware Crippling Industrial Firms” March 25, 2019; https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms/. 2 Ransom where? | May 2019 A brief history of ransomware The first signs of ransomware appeared in 1989 in the healthcare industry. An attacker used infected floppy disks to encrypt computer files, claiming that the user was in “breach of a licensing agreement,”2 and demanded $189 for a decryption key. While the attempt to extort was unsuccessful, this attack became commonly known as PC Cyborg and set the archetype in motion for future attacks.
  • Monthly Threat Report November 2020

    Monthly Threat Report November 2020

    NTT Ltd. Global Threat Intelligence Center Monthly Threat Report November 2020 hello.global.ntt report | GTIC Monthly Threat Report: November 2020 Contents Feature article: Security in the app economy 03 Spotlight article: The Trickbot takedown 07 Spotlight article: Snapshot of threats to retail 08 About NTT Ltd.’s Global Threat Intelligence Center 09 2 | © Copyright NTT Ltd. hello.global.ntt report | GTIC Monthly Threat Report: November 2020 Security in the app economy Lead Analyst: Zach Jones, Sr. Director of Detection Research, WhiteHat Security, US It used to be simple; a retailer Attack vectors and security spending when organizations are trying to enable was a retailer and a bank was are misaligned customer access in our ‘there’s an app for that’ world. The problem is that a bank. Initially, the role of According to our 2020 NTT Ltd. represents a pipeline where benign and Global Threat Intelligence Report, 33% software in non-technology malicious traffic alike enter networks of observed attacks globally were sectors stayed behind the straight through firewalls and DMZs. The application-specific and 22% of attacks protocol was never designed for secure scenes, supporting the core were web-application based. This means application delivery so building HTTP competencies of that industry, a total of 55% of attacks detected globally applications is prone to error. Threat like inventory management occurred at the application layer. for retailers and account actors will continue to abuse these virtual According to Gartner Group, the 2020 front doors and windows. They are easy management for banks. Security Market Segment spend is to access and are often the weakest link This is no longer the case.
  • CYBER ATTACK TRENDS Mid Year Report 2021 CONTENTS

    CYBER ATTACK TRENDS Mid Year Report 2021 CONTENTS

    CYBER ATTACK TRENDS Mid Year Report 2021 CONTENTS 04 EXECUTIVE SUMMARY 07 TRIPLE EXTORTION RANSOMWARE—THE THIRD-PARTY THREAT 11 SOLARWINDS AND WILDFIRES 15 THE FALL OF AN EMPIRE—EMOTET’S FALL AND SUCCESSORS 19 MOBILE ARENA DEVELOPMENTS 2 22 COBALT STRIKE STANDARDIZATION 26 CYBER ATTACK CATEGORIES BY REGION 28 GLOBAL THREAT INDEX MAP 29 TOP MALICIOUS FILE TYPES—WEB VS. EMAIL CHECK POINT SOFTWARE MID-YEAR REPORT 2021 31 GLOBAL MALWARE STATISTICS 31 TOP MALWARE FAMILIES 34 Top Cryptomining Malware 36 Top Mobile Malware 38 Top Botnets 40 Top Infostealers Malware 42 Top Banking Trojans 44 HIGH PROFILE GLOBAL VULNERABILITIES 3 47 MAJOR CYBER BREACHES (H1 2021) 53 H2 2021: WHAT TO EXPECT AND WHAT TO DO 56 PREVENTING MEGA CYBER ATTACKS 60 CONCLUSION CHECK POINT SOFTWARE MID-YEAR REPORT 2021 EXECUTIVE SUMMARY CHECK POINT SOFTWARE’S MID-YEAR SECURITY REPORT REVEALS A 29% INCREASE IN CYBERATTACKS AGAINST ORGANIZATIONS GLOBALLY ‘Cyber Attack Trends: 2021 Mid-Year Report’ uncovers how cybercriminals have continued to exploit the Covid-19 pandemic and highlights a dramatic global 93% increase in the number of ransomware attacks • EMEA: organizations experienced a 36% increase in cyber-attacks since the beginning of the year, with 777 weekly attacks per organization • USA: 17% increase in cyber-attacks since the beginning of the year, with 443 weekly attacks per organization • APAC: 13% increase in cyber-attacks on organizations since the beginning of the year, with 1338 weekly attacks per organization In the first six months of 2021, the global rollout of COVID-19 vaccines gave hope that we will be able to live without restrictions at some point—but for a majority of organizations internationally, a return to pre-pandemic ‘norms’ is still some way off.
  • Advanced Persistent Threats

    Advanced Persistent Threats

    THREAT RESEARCH Defending Against Advanced Persistent Threats Introduction As the name “Advanced” suggests, APT (advanced persistent threat) is one of the most sophisticated and organized forms of network attacks that keep cybersecurity professionals up at night. Unlike many hit & run traditional cyberattacks, an APT is carried out over a prolonged period of time by skilled threat actors who strategize multi-staged campaigns against their targets, employing clandestine tools & techniques such as Remote Administration Tools (RAT), Toolkits, Backdoor Trojans, Social Engineering, DNS Tunneling etc. These experienced cybercriminals are mostly backed & well-funded by nation states and corporation-backed organizations to specifi cally target high value organizations with the following objectives in mind: a Theft of Intellectual Property & classifi ed data i.e. Cyber Espionage a Access to critical & sensitive communications a Access to credentials of critical systems a Sabotage or exfi ltration of databases a Theft of Personal Identifi able Information (PII) a Access to critical infrastructure to perform internal reconnaissance To achieve the above goals, APT Groups use novel techniques to obfuscate their actions and easily bypass traditional security barriers that are not advancing at the same rate as the sophisticated attack patterns of cybercriminals. To understand the evolved behavioral pattern of APT Groups in the year 2020, a review of their latest activities revealed interesting developments and a few groundbreaking events¹: a Southeast Asia
  • Global Security Report End Year 2020 Executive Summary

    Global Security Report End Year 2020 Executive Summary

    Global Security Report End Year 2020 Executive Summary The Zix | AppRiver Global Security Report for 2020 highlights the threats and trends Zix | AppRiver Security analysts saw throughout the year. In 2020, analysts saw attackers shift their tactics to take advantage of the unprecedented situation the world faced due to the Covid-19 pandemic. These attacks: • Aimed to take advantage of uncertainty surrounding the pandemic and the shift to “work from home” throughout much of the year. • Leveraged other world events, like the contentious US election, to distribute their attacks. • Multiplied "living off the land” attacks across many new and otherwise legitimate services. • Continued shift from high volume email blasts to a much more focused and customized attack style. • Posed impersonation attacks as internal executive communications and were persistent throughout 2020. In this report, we will take a deep dive into many of the threats and trends we saw in email security as well as discuss examples of prevalent attacks and explore potential impacts. Introduction Threat actors have always leveraged both local and world events to help spread their attacks. Never more so than in 2020. Early in the year, as the global pandemic came to fruition, attackers began launching spam, phishing and malware attacks utilizing interest in the pandemic. It wasn’t long before they had begun crafting attacks centered around the surge in remote work. Later in the year they took advantage of the contentious US Election cycle to distribute attacks. In 2020, Attackers continued to embrace the use of more targeted attacks versus the large volume email blasts we have seen in the past.
  • Annotated Bibliography Digital Transnational Repression

    Annotated Bibliography Digital Transnational Repression

    Annotated Bibliography Digital Transnational Repression By Noura Al-Jizawi, Siena Anstis, Sophie Barnett, Sharly Chan, Adam Sen, and Ronald J. Deibert Last Updated: May 2021 Copyright Copyright © 2021 Citizen Lab, “Digital transnational Repression,” by Noura Al-Jizawi, Siena Anstis, Sharly Chan, Adam Sen, and Ronald J. Deibert. Licensed under the Creative Commons BY-SA 4.0 (Attribution-ShareAlike Licence) Electronic version first published in 2020 by the Citizen Lab. Citizen Lab engages in research that investigates the intersection of digital technologies, law, and human rights. Document Version: 2.0 New changes in this annual update include: ● Change of terminology from “transnational digital repression” to “digital transnational repression” to align with the discourse ● New summaries collected between October 2020 - May 2021 and added to the document The Creative Commons Attribution-ShareAlike 4.0 license under which this report is licensed lets you freely copy, distribute, remix, transform, and build on it, as long as you: ● give appropriate credit; ● indicate whether you made changes; and ● use and link to the same CC BY-SA 4.0 licence. However, any rights in excerpts reproduced in this report remain with their respective authors; and any rights in brand and product names and associated logos remain with their respective owners. Uses of these that are protected by copyright or trademark rights require the rightsholder’s prior written agreement. 2 Acknowledgements The design of this document is by Mari Zhou. About the Citizen Lab, Munk School of Global Aairs & Public Policy, University of Toronto The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.
  • PARK JIN HYOK, Also Known As ("Aka") "Jin Hyok Park," Aka "Pak Jin Hek," Case Fl·J 18 - 1 4 79

    PARK JIN HYOK, Also Known As ("Aka") "Jin Hyok Park," Aka "Pak Jin Hek," Case Fl·J 18 - 1 4 79

    AO 91 (Rev. 11/11) Criminal Complaint UNITED STATES DISTRICT COURT for the RLED Central District of California CLERK U.S. DIS RICT United States ofAmerica JUN - 8 ?018 [ --- .. ~- ·~".... ~-~,..,. v. CENT\:y'\ l i\:,: ffl1G1 OF__ CAUFORN! BY .·-. ....-~- - ____D=E--..... PARK JIN HYOK, also known as ("aka") "Jin Hyok Park," aka "Pak Jin Hek," Case fl·J 18 - 1 4 79 Defendant. CRIMINAL COMPLAINT I, the complainant in this case, state that the following is true to the best ofmy knowledge and belief. Beginning no later than September 2, 2014 and continuing through at least August 3, 2017, in the county ofLos Angeles in the Central District of California, the defendant violated: Code Section Offense Description 18 U.S.C. § 371 Conspiracy 18 u.s.c. § 1349 Conspiracy to Commit Wire Fraud This criminal complaint is based on these facts: Please see attached affidavit. IBJ Continued on the attached sheet. Isl Complainant's signature Nathan P. Shields, Special Agent, FBI Printed name and title Sworn to before ~e and signed in my presence. Date: ROZELLA A OLIVER Judge's signature City and state: Los Angeles, California Hon. Rozella A. Oliver, U.S. Magistrate Judge Printed name and title -:"'~~ ,4G'L--- A-SA AUSAs: Stephanie S. Christensen, x3756; Anthony J. Lewis, x1786; & Anil J. Antony, x6579 REC: Detention Contents I. INTRODUCTION .....................................................................................1 II. PURPOSE OF AFFIDAVIT ......................................................................1 III. SUMMARY................................................................................................3
  • LAZARUS UNDER the HOOD Executive Summary

    LAZARUS UNDER the HOOD Executive Summary

    LAZARUS UNDER THE HOOD Executive Summary The Lazarus Group’s activity spans multiple years, going back as far as 2009. Its malware has been found in many serious cyberattacks, such as the massive data leak and file wiper attack on Sony Pictures Entertainment in 2014; the cyberespionage campaign in South Korea, dubbed Operation Troy, in 2013; and Operation DarkSeoul, which attacked South Korean media and financial companies in 2013. There have been several attempts to attribute one of the biggest cyberheists, in Bangladesh in 2016, to Lazarus Group. Researchers discovered a similarity between the backdoor used in Bangladesh and code in one of the Lazarus wiper tools. This was the first attempt to link the attack back to Lazarus. However, as new facts emerged in the media, claiming that there were at least three independent attackers in Bangladesh, any certainty about who exactly attacked the banks systems, and was behind one of the biggest ever bank heists in history, vanished. The only thing that was certain was that Lazarus malware was used in Bangladesh. However, considering that we had previously found Lazarus in dozens of different countries, including multiple infections in Bangladesh, this was not very convincing evidence and many security researchers expressed skepticism abound this attribution link. This paper is the result of forensic investigations by Kaspersky Lab at banks in two countries far apart. It reveals new modules used by Lazarus group and strongly links the tools used to attack systems supporting SWIFT to the Lazarus Group’s arsenal of lateral movement tools. Considering that Lazarus Group is still active in various cyberespionage and cybersabotage activities, we have segregated its subdivision focusing on attacks on banks and financial manipulations into a separate group which we call Bluenoroff (after one of the tools they used).
  • Threat Landscape Report

    Threat Landscape Report

    QUARTERLY Threat Landscape Report Q3 2020 NUSPIRE.COM THIS REPORT IS SOURCED FROM 90 BILLION TRAFFIC LOGS INGESTED FROM NUSPIRE CLIENT SITES AND ASSOCIATED WITH THOUSANDS OF DEVICES AROUND THE GLOBE. Nuspire Threat Report | Q2Q3 | 2020 Contents Introduction 4 Summary of Findings 6 Methodology and Overview 7 Quarter in Review 8 Malware 9 Botnets 15 Exploits 20 The New Normal 28 Conclusion and Recommendations 31 About Nuspire 33 3 | Contents Nuspire Threat Report | Q3 | 2020 Introduction In Q2 2020, Nuspire observed the increasing lengths threat actors were going to in order to capitalize on the pandemic and resulting crisis. New attack vectors were created; including VPN usage, home network security issues, personal device usage for business purposes and auditability of network traffic. In Q3 2020, we’ve observed threat actors become even more ruthless. Shifting focus from home networks to overburdened public entities including the education sector and the Election Assistance Commission (EAC). Many school districts were forced into 100% virtual or hybrid learning models by the pandemic. Attackers have waged ransomware attacks at learning institutions who not only have the financial resources to pay ransoms but feel a sense of urgency to do so in order to avoid disruptions during the school year. Meanwhile, the U.S. Elections have provided lures for phishers to attack. Nuspire witnessed Q3 attempts to guide victims to fake voter registration pages to harvest information while spoofing the Election Assistance Commission (EAC). Like these examples, cybercriminals taking advantage of prominent media themes are expected. We anticipate our Q4 2020 Threat Report 4 | Introduction Nuspire Threat Report | Q3 | 2020 to find campaigns leveraging more of the United report each quarter is a great step to gain that States Presidential election as well.
  • Trend Analysis the Israeli Unit 8200 an OSINT-Based Study CSS

    Trend Analysis the Israeli Unit 8200 an OSINT-Based Study CSS

    CSS CYBER DEFENSE PROJECT Trend Analysis The Israeli Unit 8200 An OSINT-based study Zürich, December 2019 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich Trend analysis: The Israeli Unit 8200 – An OSINT-based study Author: Sean Cordey © 2019 Center for Security Studies (CSS), ETH Zurich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zurich CH-8092 Zurich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zurich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group, Myriam Dunn Cavelty, Deputy Head for Research and Teaching; Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Cordey, S. (2019). Trend Analysis: The Israeli Unit 8200 – An OSINT-based study. Center for Security Studies (CSS), ETH Zürich. 1 Trend analysis: The Israeli Unit 8200 – An OSINT-based study . Table of Contents 1 Introduction 4 2 Historical Background 5 2.1 Pre-independence intelligence units 5 2.2 Post-independence unit: former capabilities, missions, mandate and techniques 5 2.3 The Yom Kippur War and its consequences 6 3 Operational Background 8 3.1 Unit mandate, activities and capabilities 8 3.2 Attributed and alleged operations 8 3.3 International efforts and cooperation 9 4 Organizational and Cultural Background 10 4.1 Organizational structure 10 Structure and sub-units 10 Infrastructure 11 4.2 Selection and training process 12 Attractiveness and motivation 12 Screening process 12 Selection process 13 Training process 13 Service, reserve and alumni 14 4.3 Internal culture 14 5 Discussion and Analysis 16 5.1 Strengths 16 5.2 Weaknesses 17 6 Conclusion and Recommendations 18 7 Glossary 20 8 Abbreviations 20 9 Bibliography 21 2 Trend analysis: The Israeli Unit 8200 – An OSINT-based study selection tests comprise a psychometric test, rigorous Executive Summary interviews, and an education/skills test.
  • Council Decision (Cfsp)

    Council Decision (Cfsp)

    L 246/12 EN Offi cial Jour nal of the European Union 30.7.2020 COUNCIL DECISION (CFSP) 2020/1127 of 30 July 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States THE COUNCIL OF THE EUROPEAN UNION, Having regard to the Treaty on European Union, and in particular Article 29 thereof, Having regard to the proposal from the High Representative of the Union for Foreign Affairs and Security Policy, Whereas: (1) On 17 May 2019 the Council adopted Decision (CFSP) 2019/797 (1). (2) Targeted restrictive measures against cyber-attacks with a significant effect which constitute an external threat to the Union or its Member States are among the measures included in the Union’s framework for a joint diplomatic response to malicious cyber-activities (the cyber diplomacy toolbox) and are a vital instrument to deter and respond to such activities. Restrictive measures can also be applied in response to cyber-attacks with a significant effect against third States or international organisations, where deemed necessary to achieve common foreign and security policy objectives set out in the relevant provisions of Article 21 of the Treaty on European Union. (3) On 16 April 2018 the Council adopted conclusions in which it firmly condemned the malicious use of information and communications technologies, including in the cyber-attacks publicly known as ‘WannaCry’ and ‘NotPetya’, which caused significant damage and economic loss in the Union and beyond. On 4 October 2018 the Presidents of the European Council and of the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy (the ‘High Representative’) expressed serious concerns in a joint statement about an attempted cyber-attack to undermine the integrity of the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands, an aggressive act which demonstrated contempt for the solemn purpose of the OPCW.
  • Bibliography

    Bibliography

    Bibliography [1] M Aamir Ali, B Arief, M Emms, A van Moorsel, “Does the Online Card Payment Landscape Unwittingly Facilitate Fraud?” IEEE Security & Pri- vacy Magazine (2017) [2] M Abadi, RM Needham, “Prudent Engineering Practice for Cryptographic Protocols”, IEEE Transactions on Software Engineering v 22 no 1 (Jan 96) pp 6–15; also as DEC SRC Research Report no 125 (June 1 1994) [3] A Abbasi, HC Chen, “Visualizing Authorship for Identification”, in ISI 2006, LNCS 3975 pp 60–71 [4] H Abelson, RJ Anderson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, PG Neumann, RL Rivest, JI Schiller, B Schneier, “The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption”, in World Wide Web Journal v 2 no 3 (Summer 1997) pp 241–257 [5] H Abelson, RJ Anderson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, M Green, PG Neumann, RL Rivest, JI Schiller, B Schneier, M Specter, D Weizmann, “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications”, MIT CSAIL Tech Report 2015-026 (July 6, 2015); abridged version in Communications of the ACM v 58 no 10 (Oct 2015) [6] M Abrahms, “What Terrorists Really Want”,International Security v 32 no 4 (2008) pp 78–105 [7] M Abrahms, J Weiss, “Malicious Control System Cyber Security Attack Case Study – Maroochy Water Services, Australia”, ACSAC 2008 [8] A Abulafia, S Brown, S Abramovich-Bar, “A Fraudulent Case Involving Novel Ink Eradication Methods”, in Journal of Forensic Sciences v41(1996) pp 300-302 [9] DG Abraham, GM Dolan, GP Double, JV Stevens,