DOCSLIB.ORG

Cyber Disruption and Cybercrime: Democratic People’S Republic of Korea

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cyber Disruption and Cybercrime: Democratic People’S Republic of Korea Research Collection Report Cyber disruption and cybercrime: Democratic People’s Republic of Korea Author(s): Baezner, Marie Publication Date: 2018-06 Permanent Link: https://doi.org/10.3929/ethz-b-000314511 Rights / License: In Copyright - Non-Commercial Use Permitted This page was generated automatically upon download from the ETH Zurich Research Collection. For more information please consult the Terms of use. ETH Library CSS CYBER DEFENSE PROJECT Hotspot Analysis: Cyber disruption and cybercrime: Democratic People’s Republic of Korea Zürich, June 2018 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich Cyber disruption and cybercrime: Democratic People’s Republic of Korea Author: Marie Baezner © 2018 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zürich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group, Myriam Dunn Cavelty, Deputy Head for Research and Teaching, Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie (2018): Hotspot Analysis: Cyber disruption and cybercrime: Democratic People’s Republic of Korea, June 2018, Center for Security Studies (CSS), ETH Zürich. 1 Cyber disruption and cybercrime: The Democratic People’s Republic of Korea Table of Contents 1 Introduction 4 2 Background and chronology 5 3 Description 8 3.1 Attribution and actors 8 DPRK actors 8 Other state actors 10 Non-state actor 11 3.2 Targets 11 Targets in South Korea 12 Targets in other states 12 International financial targets 12 Targets in the DPRK 12 3.3 Tools and techniques 12 Spear phishing 12 Distributed Denial of Service 13 Malware 13 4 Effects 14 4.1 Social effects 14 4.2 Economic effects 15 4.3 Technological effects 15 4.4 International effects 15 Cyberattacks attracting significant international attention 16 Cyber-activities as a complement to nuclear strategy 16 Risks from indiscriminate cyberattacks for the DPRK 16 5 Policy Consequences 17 5.1 Improve cybersecurity 17 5.2 Encourage better cybersecurity in financial institutions 17 5.3 Monitor the situation 17 6 Annex 1 18 7 Annex 2 22 8 Glossary 25 9 Abbreviations 26 10 Bibliography 26 2 Cyber disruption and cybercrime: The Democratic People’s Republic of Korea the role of actors from other countries. The study looks Executive Summary at their various targets, techniques and tools deployed, such as spear phishing and malware. Targets: South Korean institutions and media; Effects US military entities, government and businesses; financial institutions and The DPRK used its cyber capabilities at the cryptocurrency exchanges; and domestic level to spy on its own citizens. DPRK leaders institutions of the Democratic People’s sought to maintain power by controlling their nation’s Republic of Korea (DPRK)1. information sphere. Tools: Spear phishing, Distributed Denial of Economically, cyberattacks attributed to the Service2 (DDoS) attacks and malware DPRK caused financial losses for the targeted (DDoS-KSig, Destover, Jokra, institutions and businesses. DDoS and wiper malware MYDOOM, Dozer, Hangman, damaged firms’ websites and hardware, resulting in a DOGCALL, WannaCry, Android need for costly cybersecurity intervention or hardware malware and others). replacement. Effects: Cyber capabilities used to spy on the The technological impact of DPRK cyber-activities DPRK’s own citizens; economic losses was observed in the discovery of new malware families. for businesses targeted by DDoS Actors allegedly linked to the DPRK created specific attacks and hacked financial malware to fit their targets’ networks. These actors also institutions; discovery of new malware appeared to follow technological advancements by families; cyber capabilities garnering targeting cryptocurrencies and adapting their malware the DPRK international attention to new vulnerabilities. without the inconvenience of International effects observed in DPRK cyber- economic sanctions; cyber capabilities activities were marked by the country’s use of cyber fitting in with the DPRK’s asymmetric capabilities to complement its nuclear missile strategy. strategy. Cyber-activities gave the DPRK the opportunity to Timeframe: 2009 – still ongoing. attract international attention without incurring economic sanctions such as those imposed for nuclear capabilities. In 2014, a cyberattack targeted Sony Entertainment Pictures. The attack wiped the contents Consequences of Sony’s computers and leaked sensitive information on the internet. In 2017, the US and other states attributed The policy recommendations in this report are the ransomware WannaCry, which exploited unpatched aimed at reducing states’ risk of being impacted by DPRK Windows operating systems, to the DPRK. The US also cyber-activities. First, states should improve their attributed the Sony hack to the DPRK and revealed DPRK cybersecurity by raising public awareness of spear cyber capabilities to the world. However, the DPRK has phishing attacks and the need for keeping software been developing its cyber capabilities in parallel to its updated. Second, states should encourage financial nuclear capabilities and has been attracting increasing institutions and cryptocurrency exchanges to improve attention throughout recent years. their own cybersecurity. Finally, states should closely This Hotspot Analysis studies cyber-activities monitor DPRK cyber-activities to be better prepared in related to the DPRK. It examines the impact of these the event of a DPRK cyberattack. cyber-activities on the DPRK’s domestic society, the international economy, technological development and international relations. The goal of this report is to better understand the mechanisms of the DPRK’s cyber-activities and their role in the DPRK’s strategy. Description States and cybersecurity companies regularly attribute cyberattacks to cyberactors with alleged links to the DPRK. However, these links cannot always be confirmed. This report examines these actors as well as 1 Abbreviations are listed in section 9 2 Technical terms are explained in a glossary in section 8. 3 Cyber disruption and cybercrime: The Democratic People’s Republic of Korea domestic level, the report shows that the DPRK uses its 1 Introduction cyber capabilities to spy on its own citizens to secure its The attribution3 of the Sony hack to the information sphere and the continuity of the regime. Democratic People’s Republic of Korea (DPRK) 4 shed Economically, DDoS attacks conducted by the DPRK on new light on DPRK cyber capabilities. Until then South Korean businesses caused economic losses, and cyberattacks attributed to the DPRK had mostly been other cyberattacks on financial institutions attributed to directed against South Korea, but since this event the DPRK also resulted in major economic losses. The technological effects of DPRK cyber-activities consisted cybersecurity firms and states have attributed an 5 increasing number of cyberattacks to the DPRK, of the discovery of new malware families and the revealing the DPRK’s growing cyber capabilities. The identification of the DPRK’s growing interest in unique aspect of DPRK cyberattacks resides in their cryptocurrencies. motives, as the DPRK is the only state that allegedly The examination of international effects conducts cyberattacks for both political motives and addresses the role DPRK cyber-activities played beyond financial gain. DPRK cyber capabilities also appear to the Korean peninsula. It looks at how cyberattacks develop in parallel to its nuclear capabilities. garnered the DPRK the same level of attention as its This Hotspot Analysis examines cyber-activities nuclear capabilities without the inconvenience of related to the DPRK. It looks at various cyberattacks that incurring international sanctions. This subsection were attributed to the DPRK, but also at the role of other explains how cyber capabilities fit into the DPRK’s states in these activities. asymmetric strategy and complement its nuclear missile The study of DPRK cyber-activities is relevant program. The WannaCry ransomware, for example, because of the DPRK’s unique position in international showed that DPRK cyber capabilities can be deployed to politics and its growing cyber capabilities. The latter threaten individuals through indiscriminate have attracted greater international attention in recent cyberattacks. years and warrant more detailed examination. In Section 5, this Hotspot Analysis suggests a The goal of this Hotspot Analysis is to better series of policy recommendations that states may wish understand the mechanisms of DPRK cyber-activities to implement in order to mitigate potential cyberattacks and their role in DPRK strategy. This report will be from the DPRK. States could improve their cybersecurity updated as new cyberattacks or relevant elements through awareness programs on spear phishing and by related to the DPRK emerge. This Hotspot Analysis will keeping their operating systems and software up to also form part of a broader study that comprises the date. They could also encourage financial institutions, various Hotspot Analyses published during the year. This which are at a particularly high risk, to improve their broader report will compare these Hotspot Analyses, cybersecurity. Finally, states should closely
Load more

Recommended publications
  • Nkorea's Twitter Account Hacked Amid Tension (Update) 4 April 2013, by Youkyung Lee
    NKorea's Twitter account hacked amid tension (Update) 4 April 2013, by Youkyung Lee Hackers apparently broke into at least two of North sanctions against its nuclear program and joint Korea's government-run online sites Thursday, as military drills between the U.S. and South Korea. tensions rose on the Korean Peninsula. North and South have fired claims of cyberattacks The North's Uriminzokkiri Twitter and Flickr at each other recently. Last month computers froze accounts stopped sending out content typical of at six major South Korean companies—three banks that posted by the regime in Pyongyang, such as and three television networks—and North Korea's photos of North's leader Kim Jong Un meeting with Internet shut down. military officials. Meanwhile, the website for the U.S. forces Instead, a picture posted Thursday on the North's stationed in South Korea has been closed since Flickr site shows Kim's face with a pig-like snout Tuesday and their public affairs office said Friday and a drawing of Mickey Mouse on his chest. that the problem does not have to do with any Underneath, the text reads: "Threatening world hacking. peace with ICBMs and Nuclear weapons/Wasting money while his people starve to death." "Initial assessments indicate it is the result of an internal server issue," it said on the website without Another posting says "We are Anonymous" in elaboration. white letters against a black background. Anonymous is a name of a hacker activist group. A Copyright 2013 The Associated Press. All rights statement purporting to come from the attackers reserved.
    [Show full text]
  • UNCLASSIFIED U.S. Department of State Case No. F-2014-20439 Doc No. C05771047 Date: 08/31/2015 RELEASE in PART B6 From: Sent: To
    UNCLASSIFIED U.S. Department of State Case No. F-2014-20439 Doc No. C05771047 Date: 08/31/2015 RELEASE IN PART B6 From: PIR <preines Sent: Monday, August 16, 2010 11:48 PM To: Cc: Huma Abedin; CDM; Jake Sullivan Subject: "minister in a skirt" http://mobile.nytimes.com/a rticle?a=644869 North Korea Takes to Twitter and YouTube By CHOE SANG-HUN The New York Times August 17, 2010 SEOUL, South Korea - North Korea has taken its propaganda war against South Korea and the United States to a new frontier: YouTube and Twitter. In the last month, North Korea has posted a series of video clips on YouTube brimming with satire and vitriol against leaders in South Korea and the United States. In one clip, it called Secretary of State Hillary Rodham Clinton a "minister in a skirt" and Secretary of Defense Robert M. Gates a "war maniac," while depicting the South Korean defense minister, Kim Tae-young, as a "servile dog" that likes to be patted by "its American master." Such language used to be standard in North Korea's cold-war-era propaganda. Its revival is testimony to the increased chill in relations between the Koreas in recent months. In the past week, North Korea also began operating a Twitter account under the name uriminzok, or "our nation." Both the Twitter and YouTube accounts are owned by a user named "uriminzokkiri." The Web site www.uriminzokkiri.com is run by the Committee for the Peaceful Reunification of Korea, a propaganda agency in Pyongyang. Lee Jong-joo, a spokeswoman for the Unification Ministry in Seoul, said, "It is clear that these accounts carry the same propaganda as the North's official news media, but we have not been able to find out who operates them." The two Koreas agreed to stop their psychological war after their first summit meeting in 2000.
    [Show full text]
  • Family, Mobile Phones, and Money: Contemporary Practices of Unification on the Korean Peninsula Sandra Fahy 82 | Joint U.S.-Korea Academic Studies
    81 Family, Mobile Phones, and Money: Contemporary Practices of Unification on the Korean Peninsula Sandra Fahy 82 | Joint U.S.-Korea Academic Studies Moving from the powerful and abstract construct of ethnic homogeneity as bearing the promise for unification, this chapter instead considers family unity, facilitated by the quotidian and ubiquitous tools of mobile phones and money, as a force with a demonstrated record showing contemporary practices of unification on the peninsula. From the “small unification” (jageun tongil) where North Korean defectors pay brokers to bring family out, to the transmission of voice through the technology of mobile phones illegally smuggled from China, this paper explores practices of unification presently manifesting on the Korean Peninsula. National identity on both sides of the peninsula is usually linked with ethnic homogeneity, the ultimate idea of Koreanness present in both Koreas and throughout Korean history. Ethnic homogeneity is linked with nationalism, and while it is evoked as the rationale for unification it has not had that result, and did not prevent the ideological nationalism that divided the ethnos in the Korean War.1 The construction of ethnic homogeneity evokes the idea that all Koreans are one brethren (dongpo)—an image of one large, genetically related extended family. However, fissures in this ideal highlight the strength of genetic family ties.2 Moving from the powerful and abstract construct of ethnic homogeneity as bearing the promise for unification, this chapter instead considers family unity, facilitated by the quotidian and ubiquitous tools of mobile phones and money, as a force with a demonstrated record showing “acts of unification” on the peninsula.
    [Show full text]
  • View Final Report (PDF)
    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • Congressional Record United States Th of America PROCEEDINGS and DEBATES of the 116 CONGRESS, FIRST SESSION
    E PL UR UM IB N U U S Congressional Record United States th of America PROCEEDINGS AND DEBATES OF THE 116 CONGRESS, FIRST SESSION Vol. 165 WASHINGTON, THURSDAY, MARCH 14, 2019 No. 46 House of Representatives The House met at 9 a.m. and was Pursuant to clause 1, rule I, the Jour- Mr. HARDER of California. Mr. called to order by the Speaker pro tem- nal stands approved. Speaker, this week, the administration pore (Mr. CARBAJAL). Mr. HARDER of California. Mr. released its proposed budget, and I am f Speaker, pursuant to clause 1, rule I, I here to share what those budget cuts demand a vote on agreeing to the actually mean for the farmers in my DESIGNATION OF THE SPEAKER Speaker’s approval of the Journal. home, California’s Central Valley. PRO TEMPORE The SPEAKER pro tempore. The Imagine you are an almond farmer in The SPEAKER pro tempore laid be- question is on the Speaker’s approval the Central Valley. Maybe your farm fore the House the following commu- of the Journal. has been a part of the family for mul- nication from the Speaker: The question was taken; and the tiple generations. Over the past 5 WASHINGTON, DC, Speaker pro tempore announced that years, you have seen your net farm in- March 14, 2019. the ayes appeared to have it. come has dropped by half, the largest I hereby appoint the Honorable SALUD O. Mr. HARDER of California. Mr. drop since the Great Depression. CARBAJAL to act as Speaker pro tempore on Speaker, I object to the vote on the Then you wake up this week and hear this day.
    [Show full text]
  • Cornell International Affairs Review
    ISSN 2156-0536 C ORNELL I NTERNAT I ONAL A ffA I RS R E vi EW VOLUME V | ISSUE I | FALL 2011 When Should the US Intervene? The Cornell International Affairs Review is a student-run organization aiming to provide an Criteria for Intervention in Weak Countries international, intergenerational, and interdisciplinary approach to foreign affairs. Robert Keohane, Professor of International Affairs Woodrow Wilson School of Public and International Affairs, Princeton University Letter from Tunisia Founded in 2006, the CIAR is proud to provide the Cornell community with a semesterly Elyès Jouini, Professor and Vice-President, Université Paris-Dauphine review, bringing together views from students, professors, and policymakers on the current Former Minister for the Economic and Social Reforms, Tunisian Transition Government events shaping our world. Empowering Women in the Chinese Capitalist Factory System Sara Akl, University of Virginia, 2013 It is our firm belief that true knowledge stems not just from textbooks and lectures but from The Problems with American Exceptionalism engaging with others. Thus, the CIAR strongly emphasizes cooperation and dialogue amongst Timothy Borjian, University of California, Berkeley, 2012 all our members, both on Cornell’s campus and beyond. The Evolution of Revolution: Social Media in the Modern Middle East and its Policy Implications Taylor Bossung, Indiana University, 2012 Brazil’s China Challenge Carlos Sucre, MA Candidate, George Washington University Information Technology and Control in the DPRK Robert Duffley, Georgetown University, 2013 The Illusion of US Isolationism Eugenio Lilli, King’s College, London, Postgraduate Researcher, Teaching Fellow at the Defense Studies Department, UK Joint Services Command and Staff College Militarization of Aid and its Implications for Colombia Ian King, U.S.
    [Show full text]
  • Digital Trenches
    Martyn Williams H R N K Attack Mirae Wi-Fi Family Medicine Healthy Food Korean Basics Handbook Medicinal Recipes Picture Memory I Can Be My Travel Weather 2.0 Matching Competition Gifted Too Companion ! Agricultural Stone Magnolia Escpe from Mount Baekdu Weather Remover ERRORTelevision the Labyrinth Series 1.25 Foreign apps not permitted. Report to your nearest inminban leader. Business Number Practical App Store E-Bookstore Apps Tower Beauty Skills 2.0 Chosun Great Chosun Global News KCNA Battle of Cuisine Dictionary of Wisdom Terms DIGITAL TRENCHES North Korea’s Information Counter-Offensive DIGITAL TRENCHES North Korea’s Information Counter-Offensive Copyright © 2019 Committee for Human Rights in North Korea Printed in the United States of America All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior permission of the Committee for Human Rights in North Korea, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. Committee for Human Rights in North Korea 1001 Connecticut Avenue, NW, Suite 435 Washington, DC 20036 P: (202) 499-7970 www.hrnk.org Print ISBN: 978-0-9995358-7-5 Digital ISBN: 978-0-9995358-8-2 Library of Congress Control Number: 2019919723 Cover translations by Julie Kim, HRNK Research Intern. BOARD OF DIRECTORS Gordon Flake, Co-Chair Katrina Lantos Swett, Co-Chair John Despres,
    [Show full text]
  • The Cyber Threat to UK Business 2016/2017 Report Page 1
    The cyber threat to UK business 2016/2017 Report Page 1 Contents Foreword (Ciaran Martin - NCSC) ..................................................................................................................................... 2 Foreword (Donald Toon - NCA) ........................................................................................................................................ 3 Executive summary ........................................................................................................................................................... 4 What is the threat? ........................................................................................................................................................... 5 The year in review: pivotal incidents of 2016 ................................................................................................................ 10 Horizon scanning: future threats .................................................................................................................................... 13 Fighting back: what can business do? ............................................................................................................................ 15 Case studies illustrating UK LEA and industry joint protect work ................................................................................. 19 Debate: can we stop the Internet from being used for crime? .................................................................................... 20 Page 2 The
    [Show full text]
  • Make Technology Great Again
    Make Technology Great Again Michał „rysiek” Woźniak [email protected] Everything is Broken – Quinn Norton https://medium.com/message/everything-is-broken-81e5f33a24e1 "Malicious Word Doc Uses ActiveX To Infect" https://www.vmray.com/blog/malicious-word-doc-uses-activex-infect/ "Word Malware: OLE Exploited in Zero-Day Attack" https://www.vadesecure.com/en/word-doc-malware/ "Dynamic Data Exchange was frst introduced in 1987 with the release of Windows 2.0” https://en.wikipedia.org/wiki/Dynamic_Data_Exchange "As part of the December 2017 Patch Tuesday, Microsoft has shipped an Ofce update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware.” https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word- to-prevent-further-malware-attacks/ "Dynamic Data Exchange was frst introduced in 1987 with the release of Windows 2.0” https://en.wikipedia.org/wiki/Dynamic_Data_Exchange "As part of the December 2017 Patch Tuesday, Microsoft has shipped an Ofce update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware.” https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word- to-prevent-further-malware-attacks/ "Microsoft Ofce macro malware targets Macs" https://blog.malwarebytes.com/cybercrime/2017/02/microsoft-ofce-macro- malware-targets-macs/ "Beware PowerSniff Malware uses Word macros and PowerShell scripts" https://www.grahamcluley.com/beware-powersnif-malware/
    [Show full text]
  • Information Assurance Situation in Switzerland and Internationally
    Federal Strategy Unit for IT FSUIT Federal Intelligence Service FIS Reporting and Analysis Centre for Information Assurance MELANI www.melani.admin.ch Information Assurance Situation in Switzerland and Internationally Semi-annual report 2009/II (July – December) MELANI – Semi-annual report 2009/II Information Assurance – Situation in Switzerland and Internationally Contents 1 Focus Areas of Issue 2009/II .........................................................................................3 2 Introduction.....................................................................................................................4 3 Current National ICT Infrastructure Situation ..............................................................5 33.1.1 FDFA targeted by malware.................................................................................5 33.2.2 Website defacements after adoption of minaret ban initiative ............................5 33.3.3 DDoS attacks against Swisscom and Swisscom clients ....................................6 33.4.4 Fraud with fake domain registrations..................................................................7 33.5.5 Purported free offers against viruses, scareware, rogueware and ransomware 8 33.6.6 New top level domains (TLD) and high security zones in the Internet .............10 33.7.7 Revision of provisions implementing the Telecommunications Act ..................10 33.8.8 Skype wiretap published as source code .........................................................11 4 Current International ICT
    [Show full text]
  • North Dakota Homeland Security Anti-Terrorism Summary
    UNCLASSIFIED NORTH DAKOTA HOMELAND SECURITY ANTI-TERRORISM SUMMARY The North Dakota Open Source Anti-Terrorism Summary is a product of the North Dakota State and Local Intelligence Center (NDSLIC). It provides open source news articles and information on terrorism, crime, and potential destructive or damaging acts of nature or unintentional acts. Articles are placed in the Anti-Terrorism Summary to provide situational awareness for local law enforcement, first responders, government officials, and private/public infrastructure owners. UNCLASSIFIED UNCLASSIFIED NDSLIC Disclaimer The Anti-Terrorism Summary is a non-commercial publication intended to educate and inform. Further reproduction or redistribution is subject to original copyright restrictions. NDSLIC provides no warranty of ownership of the copyright, or accuracy with respect to the original source material. QUICK LINKS North Dakota Energy Regional Food and Agriculture National Government Sector (including Schools and Universities) International Information Technology and Banking and Finance Industry Telecommunications Chemical and Hazardous Materials National Monuments and Icons Sector Postal and Shipping Commercial Facilities Public Health Communications Sector Transportation Critical Manufacturing Water and Dams Defense Industrial Base Sector North Dakota Homeland Security Emergency Services Contacts UNCLASSIFIED UNCLASSIFIED North Dakota Three wildfires scorch parts of western North Dakota. While North Dakota has, for the most part, escaped the large-scale wildfires garnering national headlines and burning the landscapes of neighboring South Dakota and Montana, three fires have caused havoc in the western part of the State. The Bureau of Indian Affairs reported September 21 that the Little Swallow fire had grown to consume 6,000 acres and was just 40 percent contained. Northwest of Dickinson, visitors to Bennett Campground on the Dakota Prairie Grasslands were evacuated after the Trail Side fire broke out.
    [Show full text]