ICD Brief 19.
21.11.2016. – 27.11.2016.
“Hackers gained access to sensitive information, including Social Security numbers, for 134,386 current and former U.S. sailors, the U.S. Navy said on Wednesday. It said a laptop used by a Hewlett Packard Enterprise Services employee working on a U.S. Navy contract was hacked. Hewlett Packard informed the Navy of the breach on Oct. 27 and the affected sailors will be notified in the coming weeks, the Navy said.”
“According to comparethemarket.com research, more than £18.5 million is expected to be stolen from UK bank accounts over Black Friday and Cyber Monday amid the rush to take advantage of discount deals. The findings follow recent estimates that 4.5 million people have been forced to cancel credit and debit cards due to online fraud in the past year, further highlighting the cybersecurity issues faced by consumers, retailers and banks.”
“The day Donald Trump ascends from president-elect to commander in chief, he will assume control over U.S. intelligence agencies and some of the most advanced surveillance systems in the world. That realisation has launched a wave of interest in personal cybersecurity, the likes of which tech experts and activists said they have never before seen.”
“The heads of the Pentagon and the U.S. intelligence community have recommended to President Barack Obama that the director of the National Security Agency, Admiral Michael Rogers, be removed from his position, sources familiar with the matter said on Saturday. The recommendation by Defense Secretary Ash Carter and Director of National Intelligence James Clapper, first reported by The Washington Post, was delivered to the White House last month.”
“The Department of Homeland Security (DHS) held a two-day hiring event “aimed at filling mission-critical positions to protect our Nation’s cyberspace” in July. According to a new blog post, that event garnered “over 14,000 applicants and over 2,000 walk-ins” and culminated with more than 800 candidate interviews and “close to 150 tentative job offers.” Angela Bailey, chief human capital officer for the DHS, said in a blog post that the DHS “set out to dispel certain myths regarding cybersecurity hiring,” including the ideas that there is a cybersecurity skills shortage and that organizations cannot hire people “on the spot.””
“The Department of Homeland Security’s (DHS) Office of Cybersecurity and Communications (CS&C) announced it had awarded CSRA a contract for $52 million on Nov. 21. Under this single-award contract, which covers a four-year period, CSRA will improve the security of the country’s cyber and communications infrastructure and provide technical support to CS&C. The company will also help CS&C in creating strategies and policies related to cyber risks.”
In the joint statement, the Asean ministers reiterated their commitment to pursue policy and regulatory dialogue and development partners, and the industry towards increasing commercial activities and investments.
“As well as smart bombs from the sky, Australia is targeting Islamic State in cyberspace and that’s making a difference, Prime Minister Malcolm Turnbull says.
Mr Turnbull said these same capabilities had an important military application, including support of coalition operations against Islamic State, who he referred to as Daesh, in Iraq and Syria.”
“China is calling for stricter restrictions on the internet in the wake of terrorism and the increasing circulation of fake news stories on social media sites, which allegedly played a role in helping Republican Donald Trump win the presidential election in the U.S. China’s vision of a more secure cyberspace with rigid censorship comes at a time when the West is debating on the fake news surge and if smartphone companies should cooperate with federal agents to help them gain access to private information in phones belonging to suspected criminals.”
Lusaka, Thursday, November 24, 2016: A high level cyber-security training and awareness workshop for senior policy makers and experts has been conducted in Burundi. Its aim is to equip them with the skills to produce effective cyber security strategies, policies, legislation and institutions.
“The Czech law on cyber security may also apply to the administrators and operators of the information systems in the energy industry and transport under the amendment that the Czech government supported yesterday, its press section has said. The regulation, which is based on a European directive, is another step to improve the state’s preparedness for the threat of cyber attacks, PM Bohuslav Sobotka said in a press release.”
“The internet connection of the European Union’s legislative body, the European Commission (EC), was disrupted for “several hours” on 24 November (Thursday) after a “large-scale” cyberattack was directed against its computer networks. The attack, which reportedly started in mid-afternoon, allegedly left staffers unable to work throughout the day. By the evening, as the online assault subsided, the Commission’s IT experts sent an email to those impacted blaming the outages on a “denial of service.””
“Cybercriminals have hacked ATMs in more than a dozen countries in Europe this year using software that forces the machines to spit out cash, according to Russian cybersecurity firm Group IB. This type of attack, known as “jackpotting”, is part of hackers’ shifting focus from stealing card numbers and online banking details towards a more lucrative method that gives them access to both ATMs and electronic payments.”
“Five EU countries said they want the European Commission to propose legislation that would make it easier for police to crack through encryption technology. Croatia, Italy, Latvia, Poland and Hungary all want an EU law to be created to help their law enforcement authorities access encrypted information and share data with investigators in other countries. Poland and Latvia want EU legislation to focus on making it easier to access data stored remotely in clouds, which are often operated by companies based in other EU countries or outside the 28-member bloc.”
“Russian aircraft carrier Admiral Kuznetsov has recently arrived at the shores of Syria accompanied by its companion vessels. The ships are in the area as a deterrent measure, but also in order to collect intelligence via electronic means. As a response, the Israeli Navy has upgraded its cyber warfare capabilities, placing special crews onto its missile boats.”
“Against a backdrop of increasingly complex cyber threats, senior officials from NATO and the European Union (EU) met today (25 November 2016) to discuss the next practical steps in NATO-EU cooperation on cyber defence. “NATO and the EU are working more closely in this area than ever – sharing information between cyber crisis response teams, exchanging best practices, policy updates and working together on training, education and exercises,”said Ambassador Sorin Ducaru, NATO’s Assistant Secretary General for Emerging Security Challenges.”
Thailand’s military government, which has cracked down on online dissent since seizing power in 2014, is pushing ahead with cyber security bills that rights groups say could mean more extensive online monitoring, raising concerns over privacy protection.
An anti-money laundering body in the Philippines has filed charges against five officials of RCBC bank and a former treasurer who “willfully ignored” suspicious activity that led to tens of millions of dollars vanishing after a heist on Bangladesh’s central bank.
“People’s reliance on the internet in their everyday lives is such that good cybersecurity is not only about what individuals and organisations do to protect themselves, but what governments must do to ensure that national critical infrastructure is well protected. Ben Gummer, the minister for the Cabinet Office, has highlighted the growing vulnerability of public services to cyber attack, and the chancellor, Philip Hammond, has committed £1.9bn over five years to bolster cybersecurity defences. The chancellor’s announcement, a re-announcement of the same figure by his predecessor George Osborne, is dwarfed by the amount of spending the US has earmarked – in 2017 alone, it plans to spend 10 times the UK sum.”
“UK businesses are failing to protect themselves against the threat of cyber attacks and data breaches because of a lack of IT resource, according to research by business service provider Office Depot. A survey of 500 IT managers at large UK enterprises revealed that 74% do not think their company is doing enough to ensure cyber security and data protection, and 81% said they would benefit from having more time and resources to address these risks.”
“Bletchley Park will once again serve as a cryptographic hub in the UK. Plans are afoot to create a new “National College of Cyber Security” in G-Block, a building which is currently in a state of disrepair. It’s scheduled to open in 2018 and will serve as a specialised six-form college, teaching teenagers the fundamentals of encryption and computer science. As the Guardian reports, the centre will take up to 500 students at any one time and offer free tuition, funding its efforts through venture capital, corporate sponsorship and possibly state funding instead. It’s envisioned as a boarding school, however, a day tuition option will also be available.”
Richard Stiennon in Wireless Week
“There have presumably been some heated discussions between Verizon executives and their counterparts at Yahoo since confirmation of one of the largest ever data breaches. But it’s not just the offer price impact, congressional scrutiny, and reputational damage that Verizon needs to worry about. This kind of data breach and the corresponding slow disclosure pose enormous risks to companies that offer online portals to their customers’ accounts (which, by now, is pretty much any major company).”