Global Cyber Bi-Weekly Report by INSS November 1, 2016

Editor-in-chief: Gabi Siboni, Editor: Hadas Klein; Contributors: Jeremy Makowski, Simon Tsipis, Gal Perl Finkel, Ido Sivan, Paola Aurucci

ISRAEL US Department of Homeland Security officials are coming to Israel to discuss including Israeli cybersecurity companies in federal tenders For years, claims have been made in the United States that Israeli high-tech companies had incorporated backdoors in their products in order to gather information from US government departments and agencies. These claims, which, as far as is known, have never been verified, are the reason why Israeli companies are restricted from participating in US federal tenders. Now the Americans, with the aid of Israeli organizations, are trying to deal with the problem. A senior official in the US Department of Homeland Security is set to come to Israel to discuss with her Israeli counterparts ways of removing the restrictions. http://www.globes.co.il/en/article-us-govt-mulls-removing-bar-to-israeli-tech-cos- 1001156645

UNITED STATES Non-state actor likely behind US cyberattack The giant cyberattack that paralyzed many US sites last week was likely not the work of a foreign country, the top US intelligence chief James Clapper said. Clapper, who oversees US intelligence branches including the CIA, the FBI, sand Homeland Security, pointed to degrees of cybersecurity threats. “We’ve had this disparity or contrast between the capability of the most sophisticated cyber actors, nation-state cyber actors, which are clearly Russia and China, but have to this point perhaps more benign intent,” he said. “And then you have other countries who have a more nefarious intent. And then even more nefarious are non-nation-state actors,” he added. http://phys.org/news/2016-10-non-state-actor-cyber-clapper.html#jCp

The Institute for National Security Studies 40, Haim Levanon St, POB 39950, Ramat Aviv, Tel Aviv 61398 Tel: +972-3-6400400 Fax: +972-3-7447588

United States vs. Russia: Cyber war will have to wait until after the election After US intelligence agencies and the Homeland Security Department accused and blamed Russia for cyber espionage designed to interfere with the presidential election, the Obama administration promised a response “to protect [the country’s] interests at a time and place of our choosing.” That response, however, seems unlikely to come before Election Day. According to four officials, Obama is giving the next president a chance to gradually hit back at Russia for hacking the DNC. http://www.thedailybeast.com/articles/2016/10/27/the-u-s-cyber-war-with-russia- will-wait-for-president-hillary-clinton.html

EUROPE United Kingdom: British Army launches cyberattacks on ISIS Talking at an international conference on waging war, UK Defense Secretary, Sir Michael Fallon suggested that Britain is unleashing its cyber capability on ISIS. Indeed, in response to the question whether the United Kingdom is launching cyber- attacks on ISIS in order to reclaim the northern Iraqi city Mosul, the Defense Secretary answered: “I'm not going into operational specifics, but yes, you know we are conducting military operations against Daesh as part of the international coalition, and I can confirm that we are using offensive cyber for the first time in this campaign.” The UK army is now starting to launch cyber operations. In April 2015, they created a cyber unit named the 77th Brigade which includes reservists as well as regular soldiers, from all three services of the armed forces. Like the United States, the United Kingdom is now launching offensive cyber operations in order to counter terrorism and cyber terrorism activities. Indeed, terrorist groups such as ISIS are developing their cyber capabilities and using encrypted applications to communicate. Thus, armed forces have to adapt themselves and be more reactive. Cyber terrorism will continue, and if its impact is limited to attacking critical infrastructures, it most likely will directly cause human loss in the future. http://www.bbc.co.uk/news/uk-37721147 The Institute for National Security Studies 40, Haim Levanon St, POB 39950, Ramat Aviv, Tel Aviv 61398 Tel: +972-3-6400400 Fax: +972-3-7447588

RUSSIA Alarming Russian cybernetic strengthening The US administration has noted the strengthening of the Russian armed forces, including their cyber capabilities, GPS jamming, and the use of drones, according to US Secretary of the Army Eric Fanning. According to Fanning, in 2014, in the context of the disagreements with Russia over Ukraine, the Pentagon discovered that the Russian armed forces have improved many cybernetic aspects. https://ria.ru/world/20161024/1479893224.html

Russian Foreign Ministry internet site hacked On October 23, the American “the Jester” cracked the website of the Russian Foreign Ministry, CNN reported. The official representative of the Russian Foreign Ministry, Maria Zakharova, explained that it was an old site, which is no longer in operation. http://money.cnn.com/2016/10/22/technology/russian-foreign-ministry-hacked/

Russia to develop its own internet browser The Russian Federal Security Service approved on October 27 the ongoing local Russian internet browser development project, following the President’s decree from May 22, 2015. The aim is to create separate internet for each state under the name RSNet, based on the Federal Security Services’ resources and integrating all Russian government agencies and their subordinate organizations. http://www.securitylab.ru/news/484271.php

Russia to tighten its cyber defense towards its elections Russia intends to strengthen the security of its presidential elections, to be held in 2018. According to the publication Izvestia, the Central Election Commission is considering the possibility of minimizing the influence of the human factor when entering the final protocols of the State Automated System (SAS) Elections. http://www.securitylab.ru/news/484267.php

The Institute for National Security Studies 40, Haim Levanon St, POB 39950, Ramat Aviv, Tel Aviv 61398 Tel: +972-3-6400400 Fax: +972-3-7447588

MIDDLE EAST A hacking group operating from the Middle East, arguably linked to Hamas, has been exposed Several Cybersecurity firms have tracked the group’s activity. Its main tactics are social engineering, spear-phishing emails, and social media. http://news.softpedia.com/news/moonlight-apt-uses-h-worm-backdoor-to-spy-on- middle-eastern-targets-509667.shtml

Cisco reports rise in cyber threats in the Middle East According to Cisco, the main cyber threats are to oil production and intellectual property. At the same time, the Middle East suffers from a shortage in cybersecurity professionals. http://www.4-traders.com/CISCO-SYSTEMS-INC-4862/news/Cisco-Cyber-threats-in- Mideast-rising-23260009/

CHINA and ASIA PACIFIC $43 million for new lab to bolster Singapore’s cyber security A new laboratory has been launched by the National Research Foundation (NRF). The new laboratory will bolster Singapore’s capabilities in the battle against cybersecurity threats. The NRF, National University of Singapore (NUS), and telecommunications company Singtel will invest $43 million in the lab over the next five years to develop new ways to fight such threats. The NUS-Singtel Cyber Security Research and Development Laboratory will dive deep into areas such as quantum cryptography, which uses light to secure communications over fiber-optic networks, as well as data analytics and machine learning, which helps in the auto-detection of threats. The National University of Singapore has developed some prototypes in quantum cryptography that will be tested over Singtel’s network, he added. The lab has also been tasked to develop a pool of cybersecurity professionals. It is slated to host 100 researchers and train 120 new cybersecurity professionals from undergraduate to postgraduate levels over the next five years. In 2013 the university

The Institute for National Security Studies 40, Haim Levanon St, POB 39950, Ramat Aviv, Tel Aviv 61398 Tel: +972-3-6400400 Fax: +972-3-7447588 launched a five-year $130 million National Cyber Security Research and Development Program to bolster the nation’s security. http://bit.ly/2f5pVCj

DDoS attack on StarHub, first of its kind on Singapore’s telco infrastructure: CSA, IMDA In a joint statement, the Cyber Security Agency of Singapore (CSA) and Infocomm Media Development Authority (IMDA) stated that the DDoS attacks on StarHub’s broadband network were the first of that nature on Singapore’s telecommunications infrastructure. This comes after the telco revealed in a media briefing that compromised devices such as webcams and routers owned by its customers led to the DDoS attacks. Communications and Information Minister, Dr Yaacob Ibrahim, said at an Asian Pacific cyber security summit that businesses must take action and address their specific cyber security needs, even as the government steps up efforts to help them stay safe. Dr Yaacob said the government has been consistent in pursuing cybersecurity development and working with multiple stakeholders, including businesses and international partners. This includes launching the national cyber security strategy earlier in October, and developing a multi-tiered cyber security response plan. A new Cybersecurity Act is also in the pipeline. Dr. Yaacob emphasized that the Government cannot do it alone, and urged companies to make cybersecurity a priority. http://bit.ly/2f79NFn

China’s Xiongmai recalls webcams after cyberattack on Twitter and Chinese electronics manufacturer Xiongmai is recalling some older versions of its webcams sold in the United States after they were linked to the botnet attack that disrupted internet services from Twitter to the New York Times. The Chinese manufacturer told the Financial Times that any attack could only have occurred on equipment using firmware from before April 2015, with an unchanged preset password and exposed to public internet. used source code for ,

The Institute for National Security Studies 40, Haim Levanon St, POB 39950, Ramat Aviv, Tel Aviv 61398 Tel: +972-3-6400400 Fax: +972-3-7447588 malicious software that takes over Internet of Things devices and is now widely available on the internet, to create a botnet or interconnected network of computers controlled by cybercriminals. The botnet attacked Dyn, making it unable to translate the names of many major websites into addresses that the internet can understand, thus disrupting access. Xiongmai is the first manufacturer to address concerns that its products may have been used as part of the botnet that attacked Dyn. There are already more Internet of Things devices in the world other than standard computers, with research groups predicting that there would be 6.2bn this year, growing to more than 20bn in 2020. These devices often have poor security, either because they were designed by manufacturers not used to connecting products to the internet or because of small memory or a lack of keyboard, which makes it harder to run security software or ask for a password. http://on.ft.com/2f0Iw4d

Markets’ regulator Securities and Exchange Board of India to strengthen cyber security amid concerns over massive banking data breach Markets’ regulator Securities and Exchange Board of India (SEBI) is pushing to put in place strong safeguards against cyber threats to bourses, brokerages, and other entities, amid concerns over the largest-ever banking data breach wherein 32 lakh debit cards are feared to have been compromised. SEBI, which is mandated to regulate stock exchanges, clearing corporations, brokerages, portfolio managers, fund houses, rating agencies, and a host of other entities in the capital market space, is already in the process of appointing a chief IT security officer to oversee various initiatives aimed at protecting the marketplace from cyber threats. The markets’ regulator is looking to beef up its own surveillance and risk management systems, as well as that of the market infrastructure entities to check any cyber threats, while various intermediaries would also be asked to strengthen their respective systems, networks, and databases. Given the dynamic nature of new technologies, the risk management systems would also need to keep evolving in order to keep pace with the newer kinds of threats that may come to fore, the official added. SEBI will

The Institute for National Security Studies 40, Haim Levanon St, POB 39950, Ramat Aviv, Tel Aviv 61398 Tel: +972-3-6400400 Fax: +972-3-7447588 appoint a chief information technology security officer, who will be responsible for strengthening its regulatory policy framework in the area of cyber security. http://bit.ly/2enPw9E

AFRICA Microsoft & ISSAN will collaborate to raise cyber security awareness At a Cyber Security Summit organized by Microsoft in conjunction with the Information Security Society of Africa Nigeria (ISAAN), Microsoft Nigeria has called on individuals and organizations to pay needed attention to ensuring cybersecurity in the face of global cyber threats. Dr. David Isiavwe, president of ISAAN, noted that October had been declared as cybersecurity month all over the world, in order to engage with consumers to raise cybersecurity awareness. He said, “There has been an increase in cyberattacks over the last couple of years even as cyber attackers have devised new ways to successfully attack individuals and organizations. Statistics shows that Nigeria loses N128bn annually to cybercrime while about $500bn is lost globally.” The event’s panelists concluded that to successfully reduce cyber threats and its effect, it is imperative for organizations to deploy trusted technology, put the right people in charge, and develop relevant process. http://bit.ly/2f0NlKQ

Cybercrime is the biggest terror threat to Nigeria and it is on the rise As internet services have become more readily available and usage has grown in Nigeria from 23.9 million in 2008 to 82.1 million in 2015, the country arguably bears the greatest risk on the continent for cyber-related offences including fraudulent financial transactions. In general, the increase in cybercrime has been more rapid in Lagos and other major African cities such as Cairo, Johannesburg, and Nairobi than in any other area of the world. In the first half of 2016, cyber fraud attempts in Nigeria reportedly increased by at least 1,000 times compared to the previous year. At a workshop on Cybercrime and Forensic Investigation in Abuja on Wednesday, Prof. Olu Ogunshakin, an expert with the Department for International Development (DFID), said Nigeria loses N127 billion to cybercrimes yearly, and Nigeria’s National

The Institute for National Security Studies 40, Haim Levanon St, POB 39950, Ramat Aviv, Tel Aviv 61398 Tel: +972-3-6400400 Fax: +972-3-7447588

Information Technology Development Agency (NITDA) estimated that the local population lost $450 million to digital fraud in 2015. Despite the fact that Nigeria’s cybercrime act, which defined the legal consequences faced by individuals and corporations found to be in violation of the law, was finally voted into law in May 2015, questions remain as to whether the government and corporations are doing enough to ward off cyber threats and enhance digital security. The proliferation of internet services, a relatively under-educated population, and the non-existence of digital guidelines set the scene for illicit cyber activity to take place with little resistance. A national policy on information security and guidelines to monitor internet activity have yet to be developed and as such cybersecurity may be a problem for years to come. http://bit.ly/2eV8ohg

Cybercrime in Kenya Presently, cybersecurity in Kenya is the single biggest threat to business in terms of the consumption and use of Information Communication Technologies (ICT). Over the recent months there has been a rise in cases of cyberattacks such as and data leakage, some which have even gone undetected. One such incident that went viral on regional social media circles involved a leading Kenyan bank. Through a data systems breach, a hacker was supposedly able to access more than 500,000 customers’ details, including names and phone numbers, which were then plastered on various online platforms. Serianu Limited, the publishers of the Kenya Cyber security report, notes that Kenyan companies lost over Sh15 billion in 2015 through Cybercrime. So how can the consumers of online banking services ensure that they are not a vulnerable and easy target for hackers? Teddy Njoroge, country manager for ICT security solutions company, ESET East Africa, says the first step would be for ICT professionals to obtain the latest training on the prevalent risks in the market. Consumers, he adds, would do much better by being proactive about their online security by keeping up with common cybersecurity threat solutions. “These could be specific to the type of devices or platforms on which you access your online banking services. However, the important thing is to be aware of the potential risks and how

The Institute for National Security Studies 40, Haim Levanon St, POB 39950, Ramat Aviv, Tel Aviv 61398 Tel: +972-3-6400400 Fax: +972-3-7447588 to mitigate these in real-time, since it is very possible to detect unwanted intrusions such as phishing and ransomware scams.” http://bit.ly/2fm5RzN

The Institute for National Security Studies 40, Haim Levanon St, POB 39950, Ramat Aviv, Tel Aviv 61398 Tel: +972-3-6400400 Fax: +972-3-7447588