free site builder

Austerbury Cyber Almanac 2018

The Course syllabus includes the following: 


  • Modern Phishing and Hacking techniques.
  • OSINT - map out your company's Internet profile
  • Network Vulnerability assessment
  • Application Vulnerability assessment
  • Windows Security
  • Linux Security 
  • Secure Configuration reviews
  • Hardening systems
  • Architectural patterns for advanced network defence  
  • Malware injection
  • Windows Exploitation
  • Web Application Exploitation  
  • Cyber Assessment Methodologies
  • Exam

F.A.Q.


The Hacker Bootcamp Course is delivered over four days and is designed to certify you as a technical hacker aligned to a CHECK team member. It will teach you the basics of penetration testing and give you enough knowledge to assess a corporate network as well as breaching the perimeter of a corporate.


The course is designed to bootstrap your knowledge and offer an insight into modern hacking and defense techniques.






Certification


The course will contain practicals as well as a final exam. You will be assessed throughout the course for your ability to perform a detailed security audit upon a network.


You must achieve an overall pass score of at least 70% 


Tooling


NEDForum recommends you use Kali Linux, VM or Native as well as having a Windows system available.


Cyber 
Almanac 2018

Summer update


September 2018


U.S charges North Korean Gov hacker  with conspiracy to Conduct Multiple Cyber Attacks and Intrusions.


N Korea hacker 박진혁; a/k/a Jin Hyok Park and Pak Jin Hek,was charged for his involvement in a conspiracy to conduct multiple destructive cyberattacks around the world resulting in damage on a global scale.


Park is a member of a government hacking the “Lazarus Group,” and worked for a North Korean government front company, Chosun Expo Joint Venture (a/k/a Korea Expo Joint Venture or “KEJV”), to support the DPRK government’s malicious cyber actions. 


His activities include the creation of the malware used in the 2017 WannaCry 2.0 global ransomware attack; the 2016 theft of $81 million from Bangladesh Bank; the 2014 attack on Sony Pictures Entertainment (SPE); and numerous other attacks or intrusions on the entertainment, financial services, defense, technology, and virtual currency industries, academia, and electric utilities. 


Lazarus group came to the forefront during the last Olympics. Spear-phishing is a common modus operandi of the group, who continue to operate today, specifically targeted defense contractors, including those working on the F-35 Lightning programme.


https://www.justice.gov


August 2018


F-35 Lightning UK designed LIFT system attracks hackers


In an concerted effort to acquire secrets relating to the F-35 Lightning II, foreign governments are targeting British service personnel and suppliers through social medial, including Linkedin, facebook and Tinder.


In a clumsy and ultimately unsuccessful honeytrap, an RAF airwoman was targeted via Tinder. Her account was hacked and an attempt made to illicit information from another serving member of the RAF via Tinder. 


An RAF spokesman said: "No F-35 secrets have been stolen, nevertheless, this incident serves to highlight the risk of social engineering and online reconnaissance against to HM Forces."


Ex Rolls Royce engineer "lifted" by police.


Meanwhile a former Rolls Royce combustion technologist was arrested under the Official Secrets Act as part of an ongoing investigation into the potential leaking of sensitive information relating to the F-35 Lightning II. The engineer arrested is a specialist in combustion physics (squashing stuff and making it explode). The F-35 uses Rolls-Royce LiftSystem, forming part of the the Integrated Lift Fan Propulsion System (ILFPS).


Pratt & Whitney engine supplier to the F-35 has also been targeted in the past with Contractor Mozaffar Khazaee, 59, arrested he tried shipping engine blueprints of the plane to the Islamic Republic of Iran. In early June 2018 Kevin Mallory a former CIA case officer, was found guilty of espionage and lying to the FBI about his contacts with Chinese intelligence.


Cryptocurrency scams 


Action Fraud say that over the summer, cryptocurrency scams have led to a loss of more than 2 million pounds within the UK


The UK’s national fraud and cyber crime reporting centre, Action Fraud, has warned people of the very real threat posed by cryptocurrency investment scams, after £2 million worth has been stolen since June.


Particularly prevalent tactics have been cold-calling and social media-based, ‘get rich quick’ schemes. In response many law enforcement personnel are receiving training specific to cryptocurrency use.


Singaporean PM one of 1.5 million patients whose health records were accessed by cyber attack


A breach of SingHealth, Singapore’s biggest healthcare group, has meant that 1.5 million patients’ personal details and medication dispensation records have been compromised. Amongst them are the records of current Singaporean Prime Minister, Lee Hsien Loong. The Prime Minister has publicly stated that nothing in his records is surprising or cause for concern.



The Department of Homeland Security announces that US-based utility control rooms were infiltrated by Russia-sponsored hackers


This plays into concerns that have been raging since a 2015 power outage in Western Ukraine, which was attributed to Russian interference. According to one analyst the recent attacks, which took place between 2016 and 2017, had potential to cause blackouts across the US, and have already affected hundreds of people. Despite this, experts say that there is no immediate threat of Russia causing widespread disruption across the states, as the hackers are primarily focussed on data gathering rather than public inconvenience.


UK's National Police Chief’s Council will have a huge impact on the structure of the police force as early as 2022.


According to Richard Berry, National Police Chief’s Council lead for communications data, the UK police force may need to invest heavily in research and technology if they are to efficiently tackle the rising threat of cybercrime.








Russia Hacking


Leader of a notorious hacking group is released from Russian prison


Vladimir Anikeyev (#LEWIS), head of ‘Shaltai-Boltai’ hacking crew has been released from prison two months early. Vladimir’s original court hearing was held behind closed doors. His lenient two year sentence was widely regarded as compensation for his cooperation with the authorities. Shaltai-Boltai’s particular skills lay in hacking government emails and collecting kompromat (compromising material).


Shaltai-Boltai also hacked Russian Prime Minister Dmitry Medvedev's Twitter account (big mistake).


FSB's Sergey Mikhailov and his deputy Dmitry Dokuchaev #Forb were arrested last year on suspicion of links to the CIA. It is unclear as to their links to Shaltai-Boltai though Dmitry Dokuchaev would have undoubtly know of Vladimir Anikeyev and his associates in the small Moscow hacking scene.

 


UK Security professionals more likely to take a walk on the grey side.


So-called ‘Grey hats’ (working both as cyber criminals and cyber security professionals’ are most common in the UK, according to Osterman Research. In the UK around 1 in every 13 cybersecurity professionals admits to dabbling in some form of cyber crime, compared with around 1 in 22 elsewhere in the world. Reasons given included to simply earning more money.




Microsoft thwart  Russian hacking attempts on 2018 midterm elections.


A Microsoft executive has confirmed public suspicion of Russian interference in the US’ 2018 midterms, saying that the company had so far thwarted three attempts to interfere with congressional campaigns. The attempts are thought to be the work of the hacking group ‘Fancy Bear’, a group linked to the Russian military intelligence agency, who have recently been blamed for the 2016 election hacks. It’s not yet clear which mid-term campaigns have been targeted by the attacks.



The FBI publishes it’s ‘Cyber’s most wanted’ page


The FBI has published a list of 41 suspects on it’s ‘Cyber’s Most Wanted’ page, thought to comprise some of the most skilled hackers in the world. The individuals have played significant roles in some of the most lucrative cyber crimes seen on an international scale. Amongst them is a man believed to have hacked millions of social media profiles, a group that targeted US nuclear power, an individual who stole and shared unaired episodes of HBO’s Game of Thrones, and prominent individuals in the Syrian Electronic Army (SEA).



Business Traveller warns of dangers of free airport wifi


An article in the Business Traveller has advised caution when signing in to the free wifi commonly offered at airports, after an increase in malware has been seen in portable devices used within select US airports. San Diego International Airport is thought to hold the highest risk for travellers, with many east-coast international airports also posing a risk. Security experts advise that simply logging in and accepting the terms and conditions, could prompt malware installation on your device. However, having security software installed on the device you’re using could cut your risk quite dramatically.


Japan produces a new cybersecurity strategy in preparation for the 2020 Tokyo Olympic Games.


A five-stage index will be implemented, so that cyberattacks can be easily classified in terms of severity. This is intended to help people tackle the threat that a cyberattack might pose. The index will take into account the size of the attack (in terms of how many people or systems are affected), the predicted recovery period, and immediate impact to people e.g. injury or forced evacuation.


The government’s plan relies heavily on coordination between government agencies, the Olympic organising committee, municipalities and business operators.


If the strategy is approved, it will serve as a cybersecurity guideline for Japan for the next three years.







British Airways Hack

American Express are feeling the knock-on effects of the BA hack and are warning customers (see picture) to be vigilant.

I've provided testing resource for BA in a previous life and my thoughts go out to the team at BA who do take security seriously. Clearly, something has gone wrong and BA have released an app without testing it, or the testing company who performed the assessment of the website were not up to scratch. 

Having worked on a number of breaches at KPMG and DEFCOM, the average post hack remediation will run into £1-2 million, plus 2-3 CISO office scalps. But like most of us, we need a disaster to happen before we address the underlying issue.

What can you do to minimize the risk of your site being hacked? Start with this basic list, most of the tools mentioned are free or low cost.

Test Early & test often
Use tools in the CI, such as ZAP called from Jenkins
Give OAT testers a copy of Burp Suite Pro, it's worth the low cost.
Never ever let a PM decide the scope of a test.

Chinese Crackdown

Chinese officials arrest hackers  involved in hacking PUBG



July 2018


President Putin urges closer international cybersecurity cooperation


At the end of last week, Russian President Vladimir Putin spoke at a Moscow-based cybersecurity conference, calling for closer international cooperation in preventing and dealing with cyber attacks.Putin didn’t comment on allegations that Russian hackers, sponsored by the government, interfered in the 2016 US presidential election. But he did say that the number of cyber-attacks targeting Russia in the first quarter of 2018 was up by a third, compared to last year.


UK specialist cyber crime court to be established in London


Lord Chancellor David Gauke has announced that from 2025 London will host a flagship court of cybercrime, in response to the increasing risk attacks are posing for businesses and individuals. The purpose-built court will be based on the site of Fleetbank House near Blackfriars



Fake TxT's target Argos


Over the weekend, the National Fraud and Cyber Crime Reporting Centre issued a warning over fake Argos text messages being sent to customers. The texts claimed that customers were owed a refund, but only linked to phishing websites intended to harvest personal information.



Chinese hacker target Australia's National University


Officials have reportedly confirmed that the recent cyber attacks on the Australian National University’s computer systems are from China, according to the Sydney Morning Herald. A statement from the university has said that they have been ‘working in partnership with Australian government agencies for several months to minimise the impact of this threat’. The university have also stated that information available on the attack suggests that no staff, student or research information has been taken, and that counter-measures are underway.


https://www.bloomberg.com/news/articles/2018-07-07/australian-university-combats-hack-of-computers-blamed-on-china 



Crypto Heists set to top $1.5 Billion


US cybersecurity firm Ciphertrace has said that $761 million cryptocurrency exchanges have been stolen within the first six months of 2018; a total that is around three-fold of that stolen over the entirety of 2017.


Ciphertrace predict that if this trend continues, the overall amount could ride to $1.5 billion by the end of the year.



South Korea & China  corporate on hacker clampdown 


Tencent Holdings Ltd., PUBG’s distributor in China has worked with Chinese authorities in a major crack down on Game hacking. Atotal of 141 hackers have now been arrested in China, in connection with the PUBG hacking first reported in January. The software used by the hackers contained a trojan virus that stole PUBG players’ data. Bluehole, the company behind PUBG, has been releasing several versions of anti-cheat software over the past few months to try and contain the issue. Despite this, the game’s active player base has dropped- even after selling 30 million copies in February.


PlayerUnknown's Battlegrounds is an online multiplayer battle royale game developed and published by PUBG Corporation, a subsidiary of South Korean video game company Bluehole.



Huawei vie for Australian 5G network


Huawei Cyber chief has said that the company will work with Australia on a world-leading internet security centre if it is allowed to build the next 5G wireless network. There have been concerns raised over Huawei’s founder’s links to the Chinese military, but representatives have argued that Huawei is amongst the most audited and reviewed companies in the world- therefore, should be one of the most transparent, in terms of its operations.









UAE & Russia cooperate


Russia and the UAE have agreed to cooperate in energy and cybersecurity


The Russian Minister of Industry and Trade, Denis Manturov, has said that Russia and the United Arab Emirates have identified priorities for their working group on industry, investments and innovations. Notably, this includes digital development, telecommunication, artificial intelligence and 3D printing as applied to construction work. It’s also reported that Russia have given permission to the UAE to develop the Russian industrial zone in Egypt. The new industrial zone aims to establish an eased tax regime for Russian resident companies.



BAE Cyber community


BAE Systems has launched a new industry forum and lobbying group called ‘The Intelligence Network’, in the hopes of tackling growing rates of cybercrime targeting UK businesses. Contributions to the group will also come from Vodafone, think-tank RUSI, startup accelerator CyLon, and others. The group is calling for more transparency on how businesses are handling the threat of cybercrime.


https://content.baesystems.com/theintelligencenetwork/uk



Top Scottish Universities pool resources 


Edinburgh Napier University and Glasgow’s Censis have partnered in a cybersecurity drive. Scottish experts in Cybersecurity are heading an innovative new project to help ensure that internet-enabled devices are secure. The project is set to last 12 months and it’s hoped to contribute to improving the security of the ever-expanding Internet of Things (IoT). Lead academic on the project, Professor Bill Buchanan, says that ‘the biggest thing holding back the development of the IoT is security’.



https://www.scotsman.com/business/companies/tech/edinburgh-napier-and-glasgow-s-censis-partner-in-cybersecurity-drive-1-4765948 


Cambodia seek help with elections 


US cybersecurity firm FireEye has accused a Chinese espionage group (TEMP.Periscope) of assisting in targeting at least one opposition figure by impersonating a human rights group. FireEye also maintain that Cambodia’s National Election Commission has been compromised. Officials at the Chinese embassy in Cambodia and the Chinese Foreign Ministry were unable to be reached by phone or email, for comment on the research.



EU beef up ENISA &  cross-border Cyber Audits


The European Parliament’s Industry Committee (ITRE) voted overwhelmingly in favor of affording the EU cybersecurity agency ENISA more power, and a greater budget. ENISA comprises a team of 84 and has a budget of around £9.7 million per year, making it one of the EU’s smallest cybersecurity agencies. It’s hoped that the proposed changes would enable ENISA to regularly audit critical cross-border infrastructure. ITRE also passed proposals for an EU-wide cybersecurity labeling scheme, in the hope that a ‘traffic-light system’ (similar to that used in food labeling) would help to develop cross-border standards in IT security. This said, the current proposals only apply to critical infrastructure; anything else is voluntary.





Brexit white paper proposes cyber data sharing


Brexit deal White Paper asks EU to keep sharing cyber security and data with the UK


The White Paper relaying the UK government’s proposed Brexit deal has highlighted British intelligence chiefs’ hopes for continued cyber security and data sharing, following the UK’s predicted departure from the EU in March 2019. There are worries that failure to share such data could threaten security both in the UK and the EU.



Estonia sees no letup in Cyber attacks


The Estonian Information System Authority (RIA) has reported nearly 8,000 cyber-security related incidents in the first half of 2018.

This is about 1,500 more incidents than had occurred by this time last year, however the severity of such incidents seems to have declined significantly since last year- this year’s attacks have generally been assigned a lower priority than those in the first half of 2017. It’s also worth noting that the increase could be due to better detection techniques, rather than more attacks.







Fresh sanctions for Russia's Cyber Army

 




July 2018


US Deputy attorney genera indicts 12 Russians for hacking DNC emails during the 2016 election


Grand jury indictments against the 12 alleged Russian intelligence officials were announced by Rod Rosenstein, the deputy US attorney general, at a press conference in Washington.


Deputy attorney general Rod Rosenstein  said “The internet allows foreign adversaries to attack America in new and unexpected ways,”


June 2018


"The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russia's offensive cyber capabilities," Treasury Secretary Steven Mnuchin said .



Russia in the spotlight again as UK and US name and shame GRU.


https://www.ncsc.gov.uk/alerts/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-devices


Flemming calls on Q for box of cyber tricks


The director of the UK surveillance agency GCHQ, Jeremy Fleming, has said that he anticipates a long-running confrontation with Russia following their nerve-agent attack on a spy in the UK.


Fleming spoke confidently about how GCHQ are developing their toolkit not only for cyber-attack protection, but also for cyber-offensive purposes.


This statement was strengthened by Fleming’s claim that GCHQ have already been using cyber-offensive tools to combat ISIS online. This is a rare admission of intelligence agencies on their ability to mount cyber-attacks against other countries, but Fleming justified this, saying that it will ‘show the Kremlin that illegal acts have consequences’.



The NCSC director of communications, Nicola Hudson, has said that in order to combat the cybersecurity threat, such diverse fields as psychology, law and linguistics must work alongside computer sciences; she argues that this diversity will make experts more effective and open-minded in approaching current and emergent security threats.


https://www.ncsc.gov.uk/news/nicola-hudson-opens-cyberuk-2018-practice


Telegraph Top Tips


The Telegraph recently published some basic guidance for small businesses to protect themselves against cyberattacks. A lot of the advice is surprisingly simple, including making sure that systems and software are upgraded to the latest version, and providing cybersecurity training to all staff (this prevents ‘weak links’ within the workforce, and thereby reduces weaknesses that can be targeted by criminals). They also emphasise the importance of having a crisis plan in place, to make sure that if things do go wrong, the return to normality is as efficient as possible.


https://www.telegraph.co.uk/business/cybersecurity-for-small-business/online-security-tips/ 








Britian under attack


The UK faced 34 significant attacks during the last quarter of 2017


A report has been published by the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), examining the incidence and type of cyber activity that has impacted UK businesses over the course of 2017, so that future threats might be met head-on. Particular emphasis has been placed on the importance of reporting cyber attacks early, and the need for industry collaboration in order for prevention to be effective. It’s predicted that the number of cyber incidents will continue to increase into 2018, especially as cryptocurrency and the internet of things become more interconnected with our everyday lives. However, the report stresses that basic cyber security measures still remain at the heart of fighting such threats.


The report recorded a 91% increase in total ransom attempts between the first and third quarters of last year. The authors went on to point out that ransomware is being made even more dangerous by the anonymity that increasingly-popular cryptocurrencies provide. 


Furthermore, the report states that fake news spread via malicious websites and social media is having a considerable impact on UK business, in terms of both financial and reputational costs. Whilst the report acknowledges that fake news is not strictly a cyber threat, it is often used as a tool that can cause reputational damage to a business, and also affect share prices and sales. Social media is regarded as particularly dangerous in this sense, because its content is unregulated.


For businesses to protect themselves against such threats as were faced throughout 2017, the NCSC have written guidance that can be found on their website.


The report emphasises that small businesses are just as much at risk as larger ones, and that good security practices are essential for current and future threat prevention and handling. It’s noted that even contractors’ and third-party suppliers’ security needs to be in good shape in order to protect a business; as the authors put it, ‘attackers will target the most vulnerable part of the supply chain to reach their intended victim’.


The full report can be accessed here:


https://www.ncsc.gov.uk/cyberthreat




ATM Malware increasing

2018 is the year of change for privacy and cybersecurity. Across the world cyber regs are being tightened up, fines hiked up and all whilst industry struggles to employ and retain qualified staff.


ATM Malware on the rise


The European Association for Secure Transactions (EAST) have published a report suggesting that western and central Europe are being targeted by ATM malware attacks. They say that during 2017 this type of attack increased by 231% on the previous year. 






Spring Update

Other news




USA Election hacking


There is still a great deal of concern in the US especially, over election-hacking. Homeland Security recently visited Southwest Florida to look at safeguards for the upcoming midterms.


http://www.nbc-2.com/story/37935948/homeland-security-visits-swfl-to-guard-against-online-hacking-in-midterm-elections 


Global telco's club togeather to combat cyber crime


As cyber security concerns grow internationally, a group of prominent telecommunications ‘(telco’) companies have come together to create the Global Telco Security Alliance. The Alliance will be the first global telco cyber security partnership, and will have more than 1.2 billion customers worldwide. It’s hoped that the alliance will allow better collaboration between some 6000 cyber security professionals to help combat cyber crime.


“The Security Alliance will help all its members to deliver disruptive innovation to secure our customers’ digital lives,” said Pedro Pablo Pérez, VP Security at Telefónica











Ransomware Rules


Verizon’s 2018 Data Breach Investigations Report (DBIR) has revealed that ransomware was the most prevalent form of malware used in attacks that took place throughout 2017. The overall incidence of ransomware use doubled compared to the levels seen in 2016, and it’s estimated that 39% of last year’s malware-related breaches involved some sort of ransomware.


https://www.verizonenterprise.com/verizon-insights-lab/dbir/


In light of this, it’s been reported that Office 365 is to get ransomware protection as part of its next upgrade. Specifically, the upgrade will make it easier for data to be recovered from ransomware attacks targeting files held on OneDrive. To make use of this feature, however, you do need to subscribe to Microsoft’s Office365 service.


Vevo's account hacked


Last week Vevo’s Youtube account was hacked, leading to the videos of many famous musical artists being tampered with and in some cases, removed entirely. Although most content has now returned to the site, those targeted included videos by Adele, Selena Gomez, Drake, Katy Perry and Taylor Swift. The attack is said to be contained now, although it’s not yet clear where the breach originated or why.












Russia's Red Team
named


U.S.A & UK Feb 2018 NotPetya & Ukraine


Both the UK's Foreign Office as well as the US Department of Justice have alleged that the NotPetya cyber attack of June 2017 was enacted by the Russian Military.


"The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds."


This joint public attribution is intended to demonstrate that the UK and its allies are united against the malicious cyber activity, and will hold those responsible for them, accountable. 


On Friday Rob Joyce, White House Cyber Czar said that the US will impose costs on Russia for their acts of cyber aggression, on the international stage. Whitehouse Source: "This was also a reckless and indiscriminate cyber-attack that will be met with international consequences."





U.S.A Feb 2018 Elections & Russian


Fake news has been used to push political agendas, confuse opponents and destabilise countries long before the digital age. But its effective use in today's electronic world and unregulated social media has wrong-footed politicians, corporates and the intelligence communities alike. 


Some 4 years after a specific aktivnye meropriyatiya & dezinformatsiya team* began their campaign to counter the perceived threat of NATO incursion into the Black Sea and Baltics, deputy Attorney General Rod Rosenstein announced indictments against 13 Russian nationals and 3 Russian entities for meddling in US affairs.  


The US President also issued a warning to those who seek to disrupt US elections.


"We cannot allow those seeking to sow confusion, discord, and rancour to be successful..."We must unite as Americans to protect the integrity of our democracy and our elections."


https://www.whitehouse.gov/briefings-statements/statement-press-secretary-regarding-russia-indictments/


Kremlin sources have confirmed they did not pay for a Big Red #BrexitBus 


*Active Measures and Disinformation





Mirai Botnet grows

Japan CERT reported on the continued spread of MARI malware, infecting broadband routers from Logitec Corp vulnerable to CVE-2014-8351. Whilst Logitec has fixed the issue over three years ago, end users are usually unaware their routers have been compromised, let alone how to upgrade firmware!

Once infected the devices become part of an ever-growing botnet. Malware targets port 52869/TCP on the target devices.

Figure A: Source Japan CERT, TSUBAME . Show Scans that appear to be related to Mirai variant infections 

Source: Incident Handling Quarterly Report

https://www.jpcert.or.jp/english/ir/report.html




UK NEWS


U.S.A & UK Feb 2018 NotPetya & Ukraine


Both the UK's Foreign Office as well as the US Department of Justice have alledged that the NotPetya cyber attack of June 2017 was enacted by the Russian Military.


"The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds."


This joint public attribution is intended to demonstrate that the UK and its allies are united against the malicious cyber activity, and will hold those responsible for them, accountable. 


On Friday Rob Joyce, White House Cyber Czar, said that the US will impose costs on Russia for their acts of cyber aggression, on the international stage. Whitehouse Source: "This was also a reckless and indiscriminate cyber-attack that will be met with international consequences."





U.S.A Feb 2018 Elections & Russian


Fake news has been used to push political agendas, confuse opponents and destabilise countries long before the digital age. But its effective use in today's electronic world and unregulated social media has wrong-footed politicians, corporates and the intelligence communities alike. 


Some 4 years after a specific aktivnye meropriyatiya & dezinformatsiya team* began their campaign to counter the preceived threat of NATO incursion into the Black Sea and Baltics, deputy Attorney General Rod Rosenstein announced indictments against 13 Russian nationals and 3 Russian entities for meddling in US affairs.  


The US president also issued a warning to those who seek to disrupt US elections.


"We cannot allow those seeking to sow confusion, discord, and rancour to be successful..."We must unite as Americans to protect the integrity of our democracy and our elections."


Kremlin sources have confirmed they did not pay for a Big Red Bus during the #Brexit campaign.


*Active Measures and Disinformation








Aktivnye Meropriyatiya & Dezinformatsiya 

Russia's Red Team identified by US and UK as interfering in the apparatus of foreign states.


U.S.A & UK Feb 2018 NotPetya & Ukraine


Both the UK's Foreign Office as well as the US Department of Justice have alledged that the NotPetya cyber attack of June 2017 was enacted by the Russian Military.


"The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds."


This joint public attribution is intended to demonstrate that the UK and its allies are united against the malicious cyber activity, and will hold those responsible for them, accountable. 


On Friday Rob Joyce, White House Cyber Czar, said that the US will impose costs on Russia for their acts of cyber aggression, on the international stage. Whitehouse Source: "This was also a reckless and indiscriminate cyber-attack that will be met with international consequences."





U.S.A Feb 2018 Elections & Russian


Fake news has been used to push political agendas, confuse opponents and destabilise countries long before the digital age. But its effective use in today's electronic world and unregulated social media has wrong-footed politicians, corporates and the intelligence communities alike. 


Some 4 years after a specific aktivnye meropriyatiya & dezinformatsiya team* began their campaign to counter the preceived threat of NATO incursion into the Black Sea and Baltics, deputy Attorney General Rod Rosenstein announced indictments against 13 Russian nationals and 3 Russian entities for meddling in US affairs.  


The US president also issued a warning to those who seek to disrupt US elections.


"We cannot allow those seeking to sow confusion, discord, and rancour to be successful..."We must unite as Americans to protect the integrity of our democracy and our elections."


Kremlin sources have confirmed they did not pay for a Big Red Bus during the #Brexit campaign.


*Active Measures and Disinformation








Team Lazarus seeks Gold at Olympics

 


Olympics sees Lazarus resurrected


North Korean Red team go in search of much-needed gold during the Olympics. HaoBao, resumes Lazarus’ previous activity but now targets Bitcoin users and global financials. When victims open malicious documents attached to the phishing emails, the malware scans for Bitcoin activity and then deploys an remote access trpjan.


Write-up, Sigs and IOC can be found in this good article from McAfee


https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/


India, Feb 2018, Biometric data


Following the addition of 'Right to Privacy' as the seventh Fundamental Right in the Indian Constitution last August, there is considerable debate over how exactly that will be implemented regards to Aadhaar, the biometric identification system.


Aadhaar passes collected biometric data onto government agency UIDAI, but the real potential for misuse is by those whom the data is wrongly passed onto. For example, many third-party apps are now requesting data from the Aadhaar database, and it's become apparent this week that any of the database's administrators can give anyone in the world full access, often for a fee. There are also questions over the security of the official Aadhaar app,







Australia, Feb 2018, Death by Hacking


The Sydney Morning Herald published an eye-catching article this week, headlined 'death by hacking is no longer a far-fetched idea'. Benn Grubb, author of the piece, pointed out that unintentional technology glitches have already caused deaths, for example when an autopilot error led to the death of a Tesla driver in 2016. The author also noted the 2015 release of hacked personal information from dating site Ashley Maddison, which reportedly led to the suicide of some of those whose data had been compromised. Grubb proposes that our desire for internet connectivity in every device we own is leaving huge security flaws behind.  


http://www.smh.com.au/technology/technology-news/death-by-hacking-is-no-longer-a-far-fetched-idea-20180209-p4yzte.html





The Year of the Regulator

By Martin Jordan, 28 Jan 2018

2018 Jordan's Cyber & Privacy
Almanac


2018 is the year of change for privacy and cybersecurity. Across the world cyber regs are being tightened up, fines hiked up and all whilst industry struggles to employ and retain qualified staff.


U.S.A 15 Februrary  2018


New York financial regulator Department of Financial Services’ ushered in DFS 23 NYCRR 500 in an attempt to crack down on institutions who, quite frankly have been playing with Cyber in name only.


Covered Entities (banks to you and me) are required to submit the first certification of compliance under the new regs by February 15, 2018

.


Covered entities must conduct Penetration Testing at least annually, in addition to bi-annual vulnerability assessments.“ they are a crucial component of a cybersecurity program”




They must report significant yet unsuccessful cyber attacks.


The Department anticipates that most unsuccessful attacks will not be reportable, but seeks the reporting of those unsuccessful attacks that, in the considered judgment of the Covered Entity, are sufficiently serious to raise a concern. The regulator has also let it be known that failure to detect suspected breaches is not an option.


DFS strongly encourages all financial institutions, including New York branches of out-of-state domestic banks, to adopt cybersecurity protections consistent with the safeguards and protections of 23 NYCRR Part 500.


Elsewhere in the U.S.A, Broadband providers in the US are now subject to the jurisdiction of the Federal Trade Commission (FTC), meaning that complaints regarding data privacy and internet services/ applications will be lodged with them. 


U.S.A telco 2018 It’s expected that the debate on net neutrality legislation will continue in the US Congress over the coming year. it is rumoured that both Netflix and Amazon are seeking to acquire Telcos in an attempt to ring-fence the last mile, ensuring movies and streaming services achieve optimum bandwidth. 


UK FCA 2018 outlook


FCA Chairman, John Griffith-Jones warned that cyber-resilience was a key risk area for the financial services industry and it will be a focus of the regulator during 2018.


To manage cyber threats the FCA move the dialogue onto:


* getting the basics right could prevent 85% of breaches

* moving to a secure culture – take staff on a journey to change their mindsets

* measuring culture

* use other drivers beyond the boardroom, such as institutional investors

* sharing information

* building capability


it was also good of JGJ make reference to CBEST and Red teaming, a field in which the UK excels and already exports skills to other countries.


UK- GDPR - Despite #Brexit approaching in 2019, the GDPR is being adopted by the UK by the end of May 2018. A data protection bill is expected to be enacted within the next few months, however, there are still issues concerning post-Brexit UK-EU data transfer. In particular, there is concern about press freedom, and debates on where power over this should lie will likely continue over the coming year.


UK 2018 Insurance


Cybersecurity insurers will create a more definitive actuarial model of risk insurance. Insurers will refuse to pay out for the increasing breaches that are caused by ineffective security practices.



Russia & China tighten up regs

Eastern View point


CHINA 2018 Year to the DOG.


China- China’s Cybersecurity Law came into effect on June 1, 2017, with full enforcement coming in during 2018. All non-approved anonymous VPN providers will be terminated 1 March. The Chinese government aligns itself with global cybersecurity standards, calling the financial sector as critical information infrastructure (CII).


Whilst breaches of the law can incur fines of up to $150,000 USD, corporates would be ill-advised to flout the law and take a hit of a modest fine, as is usual in the west. Over the past few years the Chinese government, like their US counterparts, have shown an appetite for custodial sentences for those breaking corporate regulations.


China continues to prosecute those who break the law on anonymous internet browsing, imposing a 5-year sentence on Wu Xiangyang, who was also fined £56.800. He ran a service allowing clients to access sites which would others have been blocked by state regulators. He is thought to have sold the service to 8,000 foreign clients in China, details of which will no doubt be in the hands of the regulator. 


Deadline for non-compliant VPN providers to comply is on the 1 March 2018. The maximum penalty for violating the Cybersecurity Law is set to increase to one million yuan, and individual responsibility in adherence to the law is emphasised.


Apple has removed VPN software from it’s App Store in response.


This is part of China’s presidents drive to achieve  ‘Internet sovereignty”. The Ministry of Industry and Information Technology are leading the charge in enacting President Xi Jinping’s policy.




2018 Regulatory Bear market in Russia 


New requirements for Russian companies to de-anonymise internet-based messaging services will mean that applications which do not comply with the new legislation (No. 152-FZ) will be blocked.


Law enforcement agencies will be granted greater powers this during 2018, in that they will be permitted to request companies to provide individual user details, and will be able to access a database of biometric data used by financial institutions.  NAUFOR sees biometric data as an important facet in market regulation and are at teh forefront of this technology.


http://www.naufor.ru/default.eng.asp


Three cyber-security and internet laws approved by the Russian government have come into use over the past two months. These laws are individually referred to as the ‘CDI law’, the ‘VPN law’ and the ‘IM law’.


Federal Law No. 187-FZ / ‘The CDI law’


The CDI law requires individuals with access to ‘Critical Data Infrastructure’ within sectors such as healthcare, science, transport, communications, energy or finance to report any cyber-security incident to the dedicated federal agency. These individuals may also be required to report to more specific organisations; for example, in case of an incident within a sector of the financial markets, the Central Bank of the Russian Federation would also need to be informed. 

Once a cyber-incident is reported, the individual must then cooperate with the agency/ organisation in investigating and resolving the incident. On a related note, the CDI law also requires that organisations with access to such sensitive data are assessed in terms of ‘importance’, whether that be social, political, economic, environmental or legal importance. This will help the dedicated agency to assess the cause, motives and preventative measures to be put in place regarding cybersecurity incidents.


Federal Law No. 276-FZ / ‘The VPN law’


The VPN (Virtual Private Network) law essentially tightens security on accessing certain data resources and data and telecommunications networks, from within Russia. Specifically, owners of such resources and networks are prohibited from aiding others to access these restricted sites. The use of VPN technology is not itself prohibited, but owners and host providers of the technology are subject to its obligations. The operators of internet search engines that publish advertisements for Russian customers are also affected by the VPN law. In order to ensure compliance with the VPN law, the Federal Agency for Communications, Information Technology and Mass Media (‘Roskomnadzor’) will compile a federal state database of restricted data resources and networks. 


Federal Law No. 241-FZ / ‘The IM law’


The IM (Instant Messaging) law forbids the anonymous use of instant messaging services and requires instant messenger service providers to identify IM users by their mobile phone number, through an agreement with mobile operators. The IM law also has some implications for data sharing. Russian authorities can request that messages containing classified information are blocked, IM providers must permit their users to reject messages from other users, the privacy of service users’ messages must be maintained, and messages within the IM service must otherwise comply with Russian law.




India & SE ASIA 2018 Roundup




Philippines


The Philippines- Early March will see the deadline for the second phase of the Philippine Data Privacy Act of 2012, meaning that personal information will be subject to more rigid privacy regulation.


As the world’s second-largest business process outsourcing destination, the Philippines is likely to be affected by the GDPR, this legislation prepares the way for harmonisation of EU regs with local laws.


The government and private sectors are working on how best to comply with the requirements of the law, which is intended to benefit the general public first and foremost.


Similar to Australia, the Philippines is adopting the APEC Cross-Border Privacy Rules, which should facilitate cross-border information sharing among privacy enforcement authorities.





Aussie Rules


In Australia, a mandatory data breach notification scheme will come into effect in late February 2018, which requires the reporting of data breaches that possess a “significant” threat to those affected. It’s thought that this will intensify the focus on cybersecurity, and increase activity in the cyber insurance market. Additionally, a mandate on comprehensive credit monitoring is expected in 2018, and Australian businesses will need to assess how GDPR and APEC cross-border privacy rules are going to affect their activity internationally.







Singapore 


Proposed new cyber legislation in Singapore again like other regulators classify Financial services as Critical infrastructure. The proposed legislation tightens up privacy regulations and removes a lot of ambiguity in exciting legislation.
. 


Any breach of the proposed law can lead to fines of up to $100,000 or in extreme cases, up to 10 years imprisonment.
.


Banks will lose their cherished customer confidentially with the Cyber Security Agency being allowed to access any computer system relevant to an investigation. 


Mandatory breach notification will be a key focus of the new Cybersecurity Law, and a more general focus on Cybersecurity is likely. 



New Zealand


The government are under increasing pressure from the Office of the Privacy Commissioner (OPC) to produce effective privacy law reform, lest New Zealand be ‘left behind’ in effectively putting control over personal information into law



Japan


It’s expected that an agreement between Japan and the EU will be reached before implementation of the GDPR, so that certain types of data can be transferred whilst complying with GDPR legislation. A significant goal of this is that, from May, medical data will be able to be shared so that international drug-development research can continue.


India 


A law on Data Privacy for India is yet to be resolved, following a request for feedback from the public on draft legislation developed at the end of 2017. The chairman of the committee responsible for the law has said that he expects the law to be in force by the end of 2018, however there is some debate as to whether or not this is achievable. India are also dealing with the constitutional challenge posed by Aadhaar, the biometric-based identification system. Whilst the database project was originally intended to help the poor (through ensuring subsidies etc. went to the right people), the government has steadily introduced many more compulsory aspects to this database, such as linking with bank accounts. It is hoped that legal interference will provide some guidance as to how the new law should protect information held by the Aadhaar database, and/or databases that are linked to Aadhaar information.



EU GDPR

Including the UK



EU Overview


Finally! GDPR and NIS will come into effect during May this year, leading some to call 2018 a milestone year in data protection.


Guidance from the WP29/ EDPB and national supervisory authorities shall continue, and national legislative initiatives are likely to supplement the GDPR.


Developments in E-privacy reform should also be resolved this year. With the Network and Information Security Directive placing an onus on infrastructure providers to notify regulators upon a breach. The Member States must convert the Directive into national law by 9 May 2018, and apply their national measures from 10 May 2018. 


Poland


Poland and the UK entered into a joint agreement to deter, mitigate and attribute cyber attacks from foreign states and their proxies. The agreement will focus on those who seek to interfere in the democratic processes of states. The UK will seek to improve the capability of partners in Eastern Europe and the Western Balkans with cyber capacity building programmes, this programme kicks off during 2018. Apologies I was bored with GDPR, this is a lot sexier.


European Court of Human Rights


This EU ruling is worth mention, it slipped through the European Courts just before Christmas and it could have a bearing on the widespread use of CCTV in the UK as the Government of Montenegro lost their case.


28 November 2017 STRASBOURG, European Court of Human Rights

Case Antović and Mirković v. Montenegro


Judges decided against a university and the government for the use of CCTV in lecture halls. The case was brought by a university professor who alleges it infringed his human right to privacy.


I. ALLEGED VIOLATION OF ARTICLE 8 OF THE CONVENTION


35. The applicants complained under Article 8 of the Convention that the alleged unlawful installation and use of video surveillance equipment in the university auditoriums where they held classes had violated their right to respect for their private life. The relevant Article reads as follows:


“1. Everyone has the right to respect for his private and family life, his home and his correspondence.


2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”


36. The Government contested that argument.


The Government lost the case


See the attached link for the ruling, 


http://www.bailii.org/eu/cases/ECHR/2017/1068.html

.






Italy 


Similar to many EU countries, Italy has passed a national implementation law regarding the GDPR that, like its French equivalent, will merge existing national law with that of the GDPR. 


The Netherlands


Similar to many other European countries, the Dutch national law implementing the GDPR has been submitted to parliament and should come into effect in May. It is similar in nature to the German implementation law. 



France


Draft legislation No. 490, proposed in December 2017, will come into effect at the end of May 2018. It is intended to have several key outcomes. In terms of GDPR implementation, the law states an intention to maintain current French legislation but to remove any aspects that may contradict the GDPR. France’s National Data Protection Authority (CNIL) will be granted additional powers in terms of carrying out checks and inspections, and will also be allowed to request temporary suspension of data transfer under certain circumstances. After such a request, the French Supreme Court and the EU’s Court of Justice will need to make a decision on its validity.


Germany


Germany’s EU Data Protection Adaptation and Implementation Act will come into effect at the end of May 2018, and a second act of the same nature is currently being developed. These acts serve to align the Federal Data Protection Act and laws concerning law enforcement and the intelligence service, with new EU data protection standards. Such alignment is also to be performed more locally, both geographically-speaking and within specific domains. The upcoming ePrivacy Regulation may mean that implementation or interpretation of relevant national legislation be adjusted.




Middle East


Turkey


April 2018 will see the deadline for fulfilling compliance with the Data Protection Law, and the Data Protection authority will continue its work on legislation to regulate anonymisation, erasure, deletion and storage of personal data.


Amendments have been made to the Regulation on the Protection of Health Data in hopes of resolving its more controversial aspects. The potential use of consent forms for all data processing activities is under discussion, as are matters concerning international data transfer. The coming year should see less ambiguity to such privacy laws and to the impact of the GDPR on Turkey.



Israel


May 2018 will see a huge emphasis on privacy compliance and awareness. The GDPR legislation will inevitably affect Israel’s industry dependent upon data-driven and web-based services, and new Israeli information security regulations will need to be adjusted to. Under the new regulations breach notification will be enforced, which is likely to impact Israeli businesses.  Guidelines and enforcement activities from the Protection of Privacy Authority are anticipated, it is hoped that the review on data transfer between the EU and Israel will be resolved, and the transfer of data between Israel and the U.S.A. is to be examined by the Justice Department. 



Marcher advances in SE ASIA

Marcher advances on Android


The trojan targeting Banks is still alive and well after it's inception over 4 years ago. During the last quarter of 2017 and into 2018, Australia Cert watched the rise of Marcher malware, also known as ExoBoT. Marcher is a complex banking trojan which uses SMS and skin overlays to dupe clients into approving transfers. Given the prevalence of Andriod devices in SE Asia, it's perhaps no wonder that Marcher traffic is increasing at an alarming rate. The graph refers to IPs infected with Malware, broken down by malware type.

SFYLABS have an extensive write-up which can be found here.

https://clientsidedetection.com/marcher.html


Marcher Mitigation
.

User awareness;

Users will be duped into installing this malware on their phone by clicking on an email or SMS link. There is plenty of great free online awareness training out there, push it out to your staff. I personally think Barclays lead in this field and have a series of excellent videos on YouTube.

https://www.youtube.com/watch?v=k5eN0XQeWxU


Whitelist outbound connections

To mitigate the risk of any malware exfiltrating data from corporate devices, only permit connections to pre-approved websites. We’re creatures of habit, it’s not as daunting as it first sounds and your traffic can easily be categorised into; business partners, social media, news sites. Block all else. Your MDM solution should be able to control web traffic and if not, force all traffic via a VPN into your corporate network and out again into the Internet.


RESOLVE the ISSUE

Slightly off topic but learn to love DNS, Resolve and Bind, profile traffic leaving your device/network. If you have a connection to a site for which the DNS entry was only registered 2 hours ago then you are most likely a high-value target or seeing the start of the next mass malware campaign. Either way, use deterministic blocking using Host registration date as your starting point to decide which suspected hosts to the sinkhole, route to null or loopback. If you link this approach with Google's Safe Browsing program you can significantly reduce exposure. Don't forget to make use of localhost file entries to gazump DNS and sinkhole rouge destinations. I'm not sure on the latest Andriod if it's still possible to edit /system/etc/hosts file, but give it go.


PLAY STORE & CHROME


Only install apps from the Google Play Store. 

Use CHROME Browser, it goes without saying on Andriod but remind users only to use Chrome browser and not to install 3rd party browsers. The Google's Safe Browsing program tracks infected websites across the globe, warning users when malicious sites are detected. This may not stop Marcher, but will certainly mitigate a whole host of other threats.

Marcher removal guide.

Scan you Andriod device with the excellent and free Virus Total APP, see link below. If detected, Delete the suspected App and perform a hard reset of your phone. Also change your banking passwords via another device, if any significant malware was detected.

https://play.google.com/store/apps/details?id=com.funnycat.virustotal&hl=en


.

FOLLOW US