Today’s cyber wrap comes to you from Tokyo where members of the ICPC team are soaking up the warm weather and engaging the Japanese Institute of International Affairs on their thoughts on cyber dynamics in the region.
On Japan, Tokyo Metropolitan Police Department, one of the largest police forces in the world, revealed in a report this week that 30 agencies within Prime Minister Abe’s Government had fallen victim to cyber attacks. Most of the attacks utilised phishing emails, with many of them successfully hooking a catch. One agency’s compromised computer was hit with an onslaught of 400,000 remote access attempts within an 18-month period. Officials haven’t commented on what data, if any, was compromised, but have linked many of the attacks to Chinese language malware and, in some cases, Chinese servers.
According to a survey by BT Security, Australian businesses have another kettle of fish to worry about. Six out of every ten businesses reported that their systems had been downed by DDos attacks in the past year. Sixty-three percent were hit multiple times, much higher than the 41% global average. BT reported that DDos attacks remained a favourite tool of hactivists and issue-motivated groups. But they’re also being increasingly used as a distraction technique by higher-level criminal organisations that want to confuse IT departments and gain access to networks with sensitive data in the ensuing chaos.
It was also a bad week for American and European energy companies. The industrial control systems of hundreds of companies across both continents were compromised by the ‘Energetic Bear’ malware (paywalled). Discovered much earlier this year as an espionage tool, Symantec has found this newer version of the virus possesses much more advanced capabilities. Once downloaded inadvertently onto the control system during routine updates, it has the capability to allow remote access to the physical control systems. It has spread through companies in Spain, the US, France, Italy and Germany. Using similar techniques to the Tokyo police, Symantec were able to link the malware to Eastern Europe, revealing that the timestamps and text within the virus’s code were in Cyrillic language script (ie Russian).
NATO must be eyeing the growing level of attacks emanating from Russia with concern, as the treaty organisation has this week updated its cyber defence policy document. The significant update states that NATO now equates a major state-conducted cyber attack with that of an attack carried out using conventional weapons. The collective defence clause, Article 5, will now apply to cyberspace with an attack against one member nation seen as ‘an attack against them all’. This new policy would allow member nations to retaliate, both online and with physical force.
Jamie Shea, deputy assistant secretary general for emerging security challenges, told ZDNet:
We don’t say in exactly which circumstances or what the threshold of the attack has to be to trigger a collective NATO response and we don’t say what that collective NATO response should be.
This will be decided by allies on a case-by-case basis, but we established a principle that at a certain level of intensity of damage, malicious intention, a cyber attack could be treated as the equivalent of an armed attack.
Jessica Woodall is an analyst in ASPI’s International Cyber Policy Centre.