Cyber wrap
Posted By
Zoe Hawkins and Michael Chi
on February 22, 2017 @ 12:31
Russia’s been ruffling feathers across Europe again this week, with Ukraine
accusing the Russian government of using a new virus to target its critical infrastructure as part of Russia’s
ongoing cyber sabotage campaign against the country. Ukraine’s security service chief of staff
claimed that Russia’s Federal Security Service collaborated with corporate entities and criminal hackers on this effort, exemplifying the blurred lines between state and non-state activity in cyberspace. Further west, France is becoming increasingly concerned that Russia is meddling in its upcoming presidential election. Leading pro-Europe candidate Emmanuel Macron
experienced a wave of cyber incidents against his campaign website and email servers
earlier this month. Responding to the allegations, French Foreign Minister Jean-Marc Ayrault
declared that France would consider retaliatory measures if necessary, ‘because no foreign state can choose the future president of the Republic’. Similar concerns over the integrity of political campaigns have been voiced in
Germany and
the Netherlands.
Microsoft President Brad Smith recently
encouraged the international community to establish a ‘digital Geneva Convention’, as a way of
establishing international rules to protect civilians from nation-state activities in cyberspace. Smith’s provocative suggestion, delivered during his address to the RSA Conference in San Francisco (also attended by the inflatable
#cyberroo), is a continuation of Microsoft efforts to advance the debate around international cyber norms. The company proposed a
normative framework in 2014 and then followed up with a range of
implementation measures in 2016. Microsoft’s proposal of a digital Geneva Convention fits into a broader international debate over whether secure access to the Internet should be considered a
human right.
Cyber cooperation continues in the Asia–Pacific with Japan
announcing plans to provide cyber defence training to some lucky ASEAN countries. The
Japan International Cooperation Agency has
selected NEC Corporation as the official capacity building provider for Cambodia, Indonesia, Laos, Myanmar, the Philippines and Vietnam. The training, to take place in Japan over the next three years,
will include lectures on the regional threat landscape, cutting-edge facility tours and cyber incident response drills that simulate attacks on government organisations. The project is expected to commence immediately, and is a promising example of public–private sector collaboration on cyber capacity building.
Austrade
launched its
Cyber Security Industry Capability Report this week. The government report, written in partnership with corporate representatives, showcases the competitive advantages of the Australian cybersecurity industry including its skilled workforce, government support, robust R&D, software development, consultancy and education. A
joint media release from Minister for Trade, Tourism and Investment Steven Ciobo and Minister Assisting the Prime Minister for Cyber Security Dan Tehan explains that ‘these strengths demonstrate Australia’s global leadership in cutting-edge IT services.’ Check out the full sales pitch
here.
It hasn’t been a great week in cyber for those in uniform. The Nigeria Security and Civil Defence Corps reportedly
lost control of their website, which now features a fake recruitment campaign and job postings from the hackers, putting
thousands of hopeful job seekers at risk. Similarly hopeful young servicemen in the Israeli Defense Forces have been targeted by
ViperRAT. The campaign compromised Android devices through a social engineering campaign whereby attractive women on social media ask soldiers to install a specific app for more “discreet” messaging. The Trojan is then used to lift files from the compromised devices. Cybersecurity firm Lookout
found that 97% of those files were encrypted images taken on the device's camera and other analysts have
suggested that the attack is state-sponsored in nature.
Some timely reports and research efforts this week have revealed troubles for cyber workforces, public hygiene and industry investment. The
Global Information Security Workforce Study, which surveyed over 19,000 cybersecurity professionals around the world, projects that 1.8 million cyber security jobs will go unfilled by 2020, 20% higher than the
2015 forecast. Singapore's Cyber Security Agency has found there’s '
room for improvement' in the country’s public cyber hygiene, based on a survey of 2000 people. Risky practices persist amongst Singaporean citizens: nearly half fail to conduct virus scans on files and devices, and 6 in 10
respondents reporting having connected to open, non-password protected non-familiar public Wi-Fi networks, exposing them to
man-in-the-middle attacks. Symantec also released its
Cybersecurity Report, finding that the healthcare industry continues to
lag behind in their cybersecurity practices and expenditures, despite a sharp spike in cyberattacks on such organisations in the last year.
Zoe Hawkins is an analyst in ASPI’s International Cyber Policy Centre and Michael Chi is the CSC intern at ASPI. Image courtesy of Pixabay user MALCOLUMBUS.
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/cyber-wrap-152/
[1] accusing: http://www.ibtimes.co.uk/ukraine-accuses-russia-cyberwar-amid-new-attacks-its-power-grid-1606987
[2] ongoing cyber sabotage campaign: https://www.technologyreview.com/s/603262/ukraines-power-grid-gets-hacked-again-a-worrying-sign-for-infrastructure-attacks/
[3] claimed: http://www.reuters.com/article/us-ukraine-crisis-cyber-idUSKBN15U2CN
[4] experienced: http://www.france24.com/en/20170219-france-condemns-cyberattacks-targeting-presidential-candidate-macron-points-russia
[5] earlier this month: http://europe.newsweek.com/french-foreign-minister-condemns-russia-over-interference-vote-558722?rm=eu
[6] declared: http://www.reuters.com/article/us-france-election-cyber-idUSKBN15U22U
[7] Germany: http://www.politico.eu/article/russian-influence-german-election-hacking-cyberattack-news-merkel-putin/
[8] the Netherlands: http://nltimes.nl/2017/01/12/upcoming-dutch-elections-risk-russian-hacking-propaganda-foreign-min
[9] encouraged: https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention/#sm.00005evepg16x9enfu92p7egdpiqc
[10] establishing international rules: https://techcrunch.com/2017/02/14/microsoft-calls-for-establishment-of-a-digital-geneva-convention/
[11] #cyberroo: https://twitter.com/search?q=%23cyberroo&src=typd
[12] normative framework: https://blogs.microsoft.com/microsoftsecure/2014/12/03/proposed-cybersecurity-norms/
[13] implementation measures: https://blogs.microsoft.com/microsoftsecure/2016/02/08/cybersecurity-norms-from-concept-to-implementation/
[14] human right: http://theconversation.com/should-cybersecurity-be-a-human-right-72342
[15] announcing: http://www.nec.com/en/press/201702/global_20170217_03.html
[16] Japan International Cooperation Agency: https://www.jica.go.jp/english/index.html
[17] selected: https://securitybrief.asia/story/nec-provide-cybersecurity-defence-training-asean-region/
[18] will include: https://sg.finance.yahoo.com/news/nec-cyber-attack-defense-training-034500658.html
[19] launched: https://securitybrief.com.au/story/govt-showcases-australias-cybersecurity-strengths-world/
[20] joint media release: http://trademinister.gov.au/releases/Pages/2017/sc_mr_170215.aspx
[21] here: http://www.austrade.gov.au/International/Buy/Australian-industry-capabilities/ict
[22] lost control: http://sunnewsonline.com/alarm-fraudsters-hack-nscdcs-website/
[23] thousands: http://www.dailytrust.com.ng/news/general/recruitment-beware-of-fraudsters-our-website-has-been-hacked-nscdc/185681.html
[24] ViperRAT: https://www.helpnetsecurity.com/2017/02/20/idf-android-spyware/
[25] found: https://blog.lookout.com/blog/2017/02/16/viperrat-mobile-apt/
[26] suggested: https://www.scmagazineuk.com/state-sponsored-hackers-turn-to-android-malware-to-spy-on-israeli-soldiers/article/639128/
[27] Global Information Security Workforce Study: https://iamcybersafe.org/research_millennials/
[28] 2015: https://www.isc2.org/isc2-announces-u.s.-federal-government-findings-of-world%E2%80%99s-largest-information-security-workforce-study/default.aspx
[29] room for improvement: https://www.csa.gov.sg/news/press-releases/csa-releases-key-findings-from-first-cybersecurity-public-awareness-survey
[30] respondents: http://www.straitstimes.com/singapore/6-in-10-connect-to-unprotected-wi-fi-networks-cyber-security-agency
[31] man-in-the-middle: https://community.norton.com/en/blogs/norton-protection-blog/what-man-middle-attack
[32] Cybersecurity Report: http://www.himssconference.org/session/himss-analytics-operationalizing-cybersecurity-healthcare-research-findings-2017-it-security-risk
[33] lag: http://www.healthcareitnews.com/news/symantec-cybersecurity-study-healthcare-getting-better-much-too-slowly