UNCLASSIFIED. Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI. June 15th, 2015

Transcription

1 UNCLASSIFIED Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI June 15th, 2015 This document was prepared by The Institute for National Security Studies (INSS) Israel and The Cyber Security Forum Initiative (CSFI) USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial, and private sector officials to aid in the identification and development of appropriate actions, priorities, and followon measures. This product may contain US person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient's intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for "fair use" as permitted under Title 17, Section 107 of the United States Code ("The Copyright Law"). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified at: CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report. 1

2 ISRAEL Israel targeted by Iranian worldwide cyber operation After recently being accused of having performed a cyber-espionage operation against the Iranian nuclear talks in Geneva, it has been discovered that Israel was targeted by a large scale cyber-attack from Iran. The Israeli cyber security company called ClearSky has recently discovered a worldwide Iranian cyber operation targeting several countries across the Middle East. Several targets, including the finance minister of one of the Middle East countries, Qatar s embassy in the UK, journalists, and human rights organizations, have been targeted by the hackers. Furthermore, according to the security researcher of ClearSky, The campaign includes several different attacks with the aim of taking over the target s computer or gain access to their account. We estimate that this access is used for espionage or other nationstate interests. Based on the first information of the investigation, the hackers seem to have used spear phishing techniques, which allowed them to gather users credentials and thus hack around 40 targets in Israel and 500 in total. In Israel, the targets included retired high ranking officers, academic researchers, and security consultants. Iran already performed such an attack campaign in 2014 with the Gholee operation that used social engineering techniques. Since 2010, Iran is one of the most active country in planning offensive cyber operations. Like the Gholee operation, it is strongly possible that this offensive cyber-attack was planned and financed by the Iranian state and not just an independent hacking group. For a few years already, Iran is a well-known country to support hacking groups in order to perform offensive cyber operations against their enemies. USA Cyberattack on computers at U.S. Office of Personnel Management The Obama administration announced on June 4 what appeared to be one of the largest breaches of federal employees data, involving 4.1 million government workers (2.1 million current federal civilian employees and 2 million retired or former employees) in an intrusion that officials said apparently originated in China. The compromised data was held by the Office of Personnel Management, which handles government security clearances and federal employee records. Information on officials as senior as Cabinet secretaries may have been breached. The President s and Vice President s data were not, officials said. China has dismissed the hacking allegations, with a Foreign Ministry spokesman last week calling them irresponsible and unscientific. The breach is the third major foreign intrusion into an important federal computer system in the past year. Congress passes NSA surveillance reform The US Senate has passed the USA Freedom Act that curtails the federal government s sweeping surveillance of American phone records. Senators voted to pass the bill achieved over the opposition of the Senate majority leader and a few hours later, President Barack Obama signed the legislation after saying he would work expeditiously to ensure our national security professionals again have the full set of vital tools they need to continue protecting the country. The passage of the USA Freedom Act paves the way for telecom companies to assume responsibility of the 2

3 controversial phone records collection program, while also allowing the government to restart surveillance operations but with new restrictions for NSA and FBI domestic spying authorities. RUSSIA Russian Defense Ministry: Russian computer war games - a question of national importance Adviser to the Minister of Defense of the Russian Federation, Andrei Ilnitsky, said on the air of Russian news service that the creation of Russia s own computer war games is a fundamental task. The adviser considers it as a matter of national importance what is put into the minds of the younger generation. Ilnitsky said that in 2008, the US Army budget allocated US$200 million for the development and implementation of computer games of military subjects. The major consumer and producer of the product was the Pentagon. Creation of Russian computer war theme games is the most important ideological question - this is the battlefield of the future, added Ilnitsky. ARAB COUNTRIES ISIS affiliated hackers taking more important role in warfare Law enforcement officials are trying to keep their eyes open in the face of cyberterrorism, hence the huge amount of efforts invested in monitoring terror organization s using cyber warfare. However, as hard as it is to monitor a known organization, it is twice as hard doing so to what is best known as lone wolves who are acting on behalf of the terror organization but have no prior public affiliation. The security company FireEye maintains that lone cyber wolves pose a different threat than that of ISIS. For example, they act without any direct guidelines from the officers in the organization and sometimes without any operational logic. ISIS-sympathizing hackers, though without any official guidance from the organization itself, are becoming more hazardous, and cyberattacks are taking a more important role in ISIS war doctrine. Cyberattack targeted Iran nuclear talk s venues A computer virus was used to hack into venues linked to international talks on Iran's nuclear program, Russian computer Security Company Kaspersky Lab said. The company said they investigated the cyber-intrusion after detecting the Duqu 2.0 malware in its own systems in early spring this year, which they said was designed to spy on their technology and internal processes. The Wall Street Journal said the virus was widely believed to be used by Israeli spies. Other victims have been found in Western countries, as well as in countries in the Middle East and Asia. Most notably, some of the new infections are linked to the events and venues related to the negotiations with Iran about a nuclear deal. An israeli deputy minister dismissed as baseless the reports that Israel may have had a connection to the computer virus. CHINA and APAC 3

4 North Korea Defector says North Korea's hacker army capable of 'destroying cities' A North Korean defector who worked as a university professor in the country has said in an interview with the BBC that North Korea now has over 6,000 hackers. Professor Kim Heung-Kwang taught science at a university in North Korea for 20 years, but he defected in 2004 and fled the country. Speaking to the BBC, Kim estimated that up to 20% of North Korea s military spending goes toward Bureau 121, the army unit believed to focus on hacking. India Cyber terrorism a threat to border security Defence Minister Manohar Parrikar on Sunday said that cyber terrorism posed a major threat to the country s security. Parrikar made the comments at a conference on challenges and solutions regarding border safety issues in Jaipur. Cyber attack, or cyber terrorism, poses a threat to border security. Now this border is not imaginary. You do not know where it starts from, but it can, if it gets converted into warfare," he said. He added that India would not tolerate any act or event that risked its security. LATIN AMERICA Financial transfers are the largest cybercrime targets in South America Banking transfers are the most common target. The Brazilian Banking Federation (Febraban) reports, Cybercrime causes 95% of losses for Brazilian banks. In fact, cybercrime is a very series issue all over the Americas. A press release by an American data security company named Vormetric quoted a study on cybercrime by the Latin American and Caribbean Internet Addresses Registry. The study concluded that phishing alone affects about 2,500 regional banks and accounts for 93 billion dollars in annual losses. EUROPE Germany increasingly targeted by cyber attacks On June 13th, it was reported that Germany was targeted by a cyber-attack. Indeed, the German authorities have uncovered a malware on the parliamentary office computer belonging to Chancellor Angela Merkel. According to the German cyber security authorities, the attack has been traced to a link containing at least two s but for now there are no more details about who is behind the attack. According to a German newspaper the Welt, parliamentarians have been left unaware of the intrusions for about three weeks. Giving an interview to the newspaper, the German Defence Minister, Ursula von der Leyen, declared that ' cyber-attacks were one of the biggest challenges for international security, citing the enormous damage that they can cause to the economy. For the past few years, cyber-attacks targeting Germany have significantly increased. At the end of 2014, attackers used spear-phishing and social engineering techniques in order to gain access to a German steel plant network, from which they found a way to the organization s production network. Germany may have a lack of cyber security policy when it comes to their critical national infrastructure. Germany may be 4

5 inspired by the UK where cyber security is a field of constant growth and where the government has defined cyber defense as one their top security priority. AFRICA Several African states sign cyber-security deal Uganda, Kenya, and South Sudan are among several African states to have signed a new deal on cyber security to protect multi-million-dollar oil and transport projects. Presidents Yoweri Museveni of Uganda, Paul Kagame of Rwanda, and Uhuru Kenyatta of Kenya signed a memorandum of understanding on cyber security at the 10th Northern Corridor Integration Summit in the Ugandan capital, Kampala, on Saturday. South Sudanese leader Salva Kiir and Pierre Nkurunziza of Burundi were represented by ministers. 5